On Aug 20, 2010 at 10:18, Couprie Geoffroy <geoffroy.coup...@atosorigin.com> wrote: > Hello, > > I am testing TLS communication with Kamailio 3.0.2, and I encounter a strange > problem. My setup is like this: > > Client <-UDP-> Proxy server <- TLS with client certificate > authentication -> Authentication server > 192.168.24.1 192.168.24.128 > 192.168.24.129 > > The two servers are instance of Kamailio 3.0.2 > > When the client sends a REGISTER, the proxy retransmits the message to the > authentication server, which sends back a 401 Unauthorized. But it seems the > proxy closes the TLS connexion right after forwarding the REGISTER, and > doesn't receive the 401 message. The TLS handshake is OK, and the client > certificate is required (I didn't add the verification part yet). The > REGISTER message goes through TLS, and is received by the authentication > server. Then, the proxy sends a TLS alert (Close-notify), and after that > message, the authentication server sends back the 401, and the proxy ignores > that message. > > Could it be caused by a timeout? Is there a way to keep the TLS connection > opened?
It looks like a bug. Could you try the attached patch and report back if it fixes the problem? > > Here are the relevant files (I don't like to send mails of more than 100 > lines): > authentication server configuration: http://pastebin.com/QBmnNc4e > authentication server log: http://pastebin.com/uYdHDG5G > proxy server configuration: http://pastebin.com/8WPPJBtM > proxy server log: http://pastebin.com/JTwJSKtk > > I am just testing TLS, so I have tried to remove most of the irrelevant parts. Thanks, Andrei _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
