opensips TLS配置问题
最近在配置配置opensips,想用TLS对信息进行加密,可是却遇到了问题,客户端无法通过TLS方式登录到代理服务器,不过用UDP和TCP方式能成功登录。我的配置过程如下:
我选择在ubuntu上安装sip server。
下载opensips-1.4.3-tls_src.tar.gz源码包。并安装了openssl,openssl-dev,libssl(0.9.8),libssl-dev 。
修改opensips的makefile,用TLS=1方式编译安装。
之后我的opensips.cgf相关配置如下:
disable_tls = no
listen = tls:192.168.0.9:5061
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate = "/usr/local/opensips/etc/opensips/tls/user/user-cert.pem"
tls_private_key = "/usr/local/opensips/etc/opensips/tls/user/user-privkey.pem"
tls_ca_list = "/usr/local/opensips/etc/opensips/tls/user/user-calist.pem"
……
loadmodule "tlsops.so"
检查过,上面的路径都是对的
在opensipsctlrc文件中
SIP_DOMAIN=192.168.0.9
启动后,用支持TLS的客户端登录,无法登录。
在syslog文件中的相关记录如下:
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6285]: DBG:core:print_ip: tcpconn_new: new tcp connection to: 192.168.0.6
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6285]: DBG:core:tcpconn_new: on port 49957, type 3
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6285]: DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connection
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6285]: DBG:core:tls_tcpconn_init: looking up socket based TLS server domain [192.168.0.9:5061]
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6285]: DBG:core:tls_find_server_domain: virtual TLS server domain not found, Using default TLS server domain settings
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6285]: DBG:core:tls_tcpconn_init: found socket based TLS server domain [0.0.0.0:0]
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6285]: DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server)
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6285]: DBG:core:tcpconn_add: hashes: 997, 1
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6285]: DBG:core:handle_new_connect: new connection: 0xb556fc08 49 flags: 0002
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6285]: DBG:core:send2child: to tcp child 0 0(6278), 0xb556fc08
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6278]: DBG:core:handle_io: received n=4 con=0xb556fc08, fd=44
Apr 15 09:51:21 xuewei opensips/sbin/opensips[6278]: DBG:core:io_watch_add: io_watch_add(0x8164fa0, 44, 2, 0xb556fc08), fd_no=1
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: DBG:core:tls_update_fd: New fd is 44
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: DBG:core:tls_update_fd: New fd is 44
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: NOTICE:core:verify_callback: depth = 2
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: NOTICE:core:verify_callback: subject = /C=GB/O=Ascertia/CN=Ascertia Root CA
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: NOTICE:core:verify_callback: verify error:num=19:self signed certificate in certificate chain
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: NOTICE:core:verify_callback: error code is 19
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: NOTICE:core:verify_callback: Self signed certificate issue
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: NOTICE:core:verify_callback: verify return:0
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: ERROR:core:tls_accept: some error in SSL:
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: ERROR:core:tls_print_errstack: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: DBG:core:io_watch_del: io_watch_del (0x8164fa0, 44, -1, 0x10) fd_no=2 called
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: DBG:core:release_tcpconn: releasing con 0xb556fc08, state -2, fd=44, id=1
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6278]: DBG:core:release_tcpconn: extra_data 0xb557fd20
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6285]: DBG:core:handle_tcp_child: reader response= b556fc08, -2 from 0
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6285]: DBG:core:tcpconn_destroy: destroying connection 0xb556fc08, flags 0002
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6285]: DBG:core:tls_close: closing SSL connection
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6285]: DBG:core:tls_update_fd: New fd is 49
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6285]: DBG:core:tls_shutdown: shutdown successful
Apr 15 09:51:23 xuewei opensips/sbin/opensips[6285]: DBG:core:tls_tcpconn_clean: entered
不知道问题处在哪里?要使用TLS,请问我该如何设置呢?
请大家支招
[解决办法]
先自己顶一个
[解决办法]
我再帮你顶一个, 文章多久出来呀.期待呀!!!
