Re: [SR-Users] Setting up TLS between proxy and authentication server

Fri, 20 Aug 2010 03:35:37 -0700 

On Aug 20, 2010 at 12:32, Andrei Pelinescu-Onciul <and...@iptel.org> wrote:
> On Aug 20, 2010 at 10:18, Couprie Geoffroy <geoffroy.coup...@atosorigin.com> 
> wrote:
> > Hello,
> > 
> > I am testing TLS communication with Kamailio 3.0.2, and I encounter a 
> > strange problem. My setup is like this:
> > 
> > Client      <-UDP->  Proxy server <- TLS with client certificate 
> > authentication -> Authentication server
> > 192.168.24.1            192.168.24.128                                      
> >                                                      192.168.24.129
> > 
> > The two servers are instance of Kamailio 3.0.2
> > 
> > When the client sends a REGISTER, the proxy retransmits the message to the 
> > authentication server, which sends back a 401 Unauthorized. But it seems 
> > the proxy closes the TLS connexion right after forwarding the REGISTER, and 
> > doesn't receive the 401 message. The TLS handshake is OK, and the client 
> > certificate is required (I didn't add the verification part yet). The 
> > REGISTER message goes through TLS, and is received by the authentication 
> > server. Then, the proxy sends a TLS alert (Close-notify), and after that 
> > message, the authentication server sends back the 401, and the proxy 
> > ignores that message.
> > 
> > Could it be caused by a timeout? Is there a way to keep the TLS connection 
> > opened?
> 
> It looks like a bug.
> Could you try the attached patch and report back if it fixes the
> problem?

Sorry, forgot to actually attach it. Here it is.

Andrei

>From 513c21f67f88484dd12dd6adce6d6ddc7fb60c31 Mon Sep 17 00:00:00 2001
From: Andrei Pelinescu-Onciul <and...@iptel.org>
Date: Fri, 20 Aug 2010 12:22:56 +0200
Subject: [PATCH] tls: fix state change while waiting for lock return

tls_h_fix_read_conn() did not return the right thing if the state
changed while waiting for the lock (the fall-through return was
error instead of success).

Reported-by: Couprie Geoffroy  geoffroy couprie atosorigin com
---
 modules/tls/tls_server.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/modules/tls/tls_server.c b/modules/tls/tls_server.c
index 6d32af6..52b62e3 100644
--- a/modules/tls/tls_server.c
+++ b/modules/tls/tls_server.c
@@ -971,7 +971,7 @@ int tls_h_fix_read_conn(struct tcp_connection *c)
 	int ret;
 	struct tls_extra_data* tls_c;
 	
-	ret = -1;
+	ret = 1;
 	tls_c = 0;
 	if (unlikely(c->extra_data==0)){
 		lock_get(&c->write_lock);
-- 
1.7.2.1


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to