Hi Pekka,
Okay, I found why this was happening and fixed it locally. The problem was in
tport_by_addrinfo() function in libsofia-sip-ua/tport/tport.c. I changed two
lines that compare sub->tpaddr to sa, as shown below:
OLD: cmp = memcmp(sub->tpaddr, sa, ai->ai_addrlen);
NEW: cmp = memcmp(sub->tpaddr, sa, 24);
OLD: || memcmp(sub->tpaddr, sa, ai->ai_addrlen)) {
NEW: || memcmp(sub->tpaddr, sa, 24)) {
When using IPv6 and TLS, I found that the 25th byte of sub->tpaddr was 02,
while the 25th byte of sa was 00 (all other bytes matched). I'm not sure what
this 25th byte means. It might be that since the tpaddr structure is a union
of other things that perhaps something was not cleaned out? This solution
might not be applicable in the general case, but it does work for my phone
because I always only have one and only one TLS connection at a time.
If you recommend a different fix, please let me know.
Thanks,
Jerry
From: Jerry Richards
Sent: Friday, June 17, 2011 9:33 AM
To: 'Pekka Pessi'
Subject: FW: tls_connect() Invoked On Every Outbound INVITE
Hi Pekka,
The sofia-sip mailing list did not like my message below because it was bigger
than 256KB, so I attached the complete trace file here. Can you see why TLS
keeps re-negotiating/re-connecting with each call? I know SIP but I don't know
much of TLS.
Thanks and Best Regards,
Jerry
From: Jerry Richards
Sent: Friday, June 17, 2011 8:51 AM
To: 'sofia-sip-devel@lists.sourceforge.net'
Subject: RE: tls_connect() Invoked On Every Outbound INVITE
Hi Pekka,
I'm not sure I understand your comment. At registration time, the phone will
establish a TLS connection for SIP signaling. Please take a look at the trace
below (includes my added logs for each sofia-sip API call and sofia-sip debug
logs, starting with nua_create() thru registration thru two sequential calls).
You'll notice the TLS connection is re-negotiated/re-connected multiple times.
Can you see from this trace what nua_xxxx() calls I'm making might be wrong?
Thanks and Best Regards,
Jerry
--------------------------------------------------------------------------------
TRACE START:
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
TRACE END:
--------------------------------------------------------------------------------
Hi Jerry,
The tport_by_addrinfo() requires that the TLS connection was opened with same
canon name (in this case, [FD00::2A0:25FF:FE00:2ABD]) or that the subjects from
the certificate match your canon name (looks like your subject is 200.21.3.10).
Was the already open connection inbound?
--Pekka
From: Jerry Richards
Sent: Thursday, June 09, 2011 9:42 AM
To: 'sofia-sip-devel@lists.sourceforge.net'
Subject: tls_connect() Invoked On Every Outbound INVITE
Hello,
Anyone know why sofia-sip would re-establish a TLS connection for every
outbound INVITE? That's what I see happening. Logs are shown below, after
calling nua_invite() while a TLS connection was already establised (Note:
you'll probably see some extra logs I added to help debug this).
Thanks,
Jerry
--[452] nua: nua_invite: entering
--[453] nua(0xbb04a8): sent signal r_invite
--[458] nua(0xbb04a8): recv signal r_set_params
--[459] nua: nua_stack_set_params: entering
--[460] nua(0xbb04a8): event r_set_params 200 OK
--[461] nua: nua_application_event: entering
--[465] nua(0xbb04a8): recv signal r_set_params
--[466] nua: nua_stack_set_params: entering
--[467] nua(0xbb04a8): event r_set_params 200 OK
--[468] nua: nua_application_event: entering
--[472] nua(0xbb04a8): recv signal r_invite
--[473] nua: nua_stack_set_params: entering
--[474] nua(0xbb04a8): adding session usage
--[482] nta_leg_tcreate(0xbb2fd0)
--[483] [2]outgoing_create()
--[484] outgoing_create:
[1]route_url->us_url->url_host=[FD00::2A0:25FF:FE00:2ABD]
--[485] outgoing_create:
[2]route_url->us_url->url_host=[FD00::2A0:25FF:FE00:2ABD]
--[486] outgoing_create:
[3]route_url->us_url->url_host=[FD00::2A0:25FF:FE00:2ABD]
--[487] outgoing_create:
[4]route_url->us_url->url_host=[FD00::2A0:25FF:FE00:2ABD]
--[488] outgoing_create:
[5]route_url->us_url->url_host=[FD00::2A0:25FF:FE00:2ABD]
--[489] nta: selecting scheme sip
--[490] url->url_host=[FD00::2A0:25FF:FE00:2ABD]
--[491] us->us_url->url_host=[FD00::2A0:25FF:FE00:2ABD]
--[492] tport_tsend(0xba7390) tpn = */[FD00::2A0:25FF:FE00:2ABD]:5061
--[493] tport_resolve addrinfo = [fd00::2a0:25ff:fe00:2abd]:5061
--[494] tport_by_addrinfo(0xba7390): not found by name
*/[FD00::2A0:25FF:FE00:2ABD]:5061
--[495] tport_tls_connect: Entering...
--[496] tport_alloc_secondary(0xba7390): new secondary tport 0xbd29d0
--[497] tls_init_secondary: SSL_new(ctx=0xbaf2d8)
--[498] ...SSL_new() returned ssl=0xbbe820
--[499] tls_init_secondary: SSL_set_bio(ssl=0xbbe820, rbio=0xbb0198,
wbio=0xbb0198)
--[500] tls_init_secondary: SSL_set_connect_state(ssl=0xbbe820)
--[501] tls_init_secondary: SSL_set_mode(ssl=0xbbe820,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
--[502] [IPv4]tport_base_connect(TCP): bind(s=29, len=16, sin_fam=2,
sin_port=50451=0xc513, sin_addr=0x0)
--[503] [IPV6]tport_base_connect(TCP): bind(s=29, len=16, sa_fam=2,
sin6_port=50451=0xc513,
--[504] sin6_flowinfo=0, sin6_scope_id=2, sa_data=00 00 00 00 00 00 00 00 28
25 bd 00 43 25 bd 00
--[505] tport_tls_connect(0xbd29d0): bind(local-ip): Invalid argument
--[506] [IPv4]tport_base_connect(TCP): connect(s=29, len=28, sin_fam=10,
sin_port=50451=0xc513, sin_addr=0x0)
--[507] [IPV6]tport_base_connect(TCP): connect(s=29, len=28, sa_fam=10,
sin6_port=50451=0xc513,
--[508] sin6_flowinfo=0, sin6_scope_id=2, sa_data=fd 00 00 00 00 00 00 00 02
a0 25 ff fe 00 2a bd
--[509] tport_tls_connect(0xbd29d0): connecting to
tls/[fd00::2a0:25ff:fe00:2abd]:5061/sips
--[510] tport(0xbd29d0): reset timer
--[511] tport_queue(0xbd29d0): queueing 0xbaff08 for
tls/[fd00::2a0:25ff:fe00:2abd]:5061
--[512] nta: sent INVITE (13472340) to */[FD00::2A0:25FF:FE00:2ABD]:5061
--[513] tport_pend(0xbd29d0): pending 0xbaff08 for
tls/[fd00::2a0:25ff:fe00:2abd]:5061 (already 0)
--[514] nta: timer set to 32000 ms
--[515] nua(0xbb04a8): call state changed: init -> calling, sent offer
--[516] nua(0xbb04a8): event i_state INVITE sent
--[517] nua: nua_application_event: entering
--[530] tls_connect(0xbd29d0): events CONNECTING
--[531] tls_connect(0xbd29d0): events NEGOTIATING
--[532] tls_connect(0xbd29d0): events NEGOTIATING
--[533] SSL_get_peer_certificate(ssl=0xbbe820)
--[534] ...SSL_get_peer_certificate() returned cert=0xbbf3b8
--[535] SSL_get_verify_result(ssl=0xbbe820) returned 0 (success)
--[536] NeedCert: TRUE
--[537] NeedCRL: FALSE
--[538] NeedOCSP: FALSE
--[539] OCSP_URL:
--[540] tls_post_connection_check(0xbd29d0): Peer Certificate Subject 0:
200.21.3.10
--[541] goto X509_VERIFY_OK: NeedOCSP=FALSE
--[542] tport_send_event(0xbd29d0) - ready to send to
(tls/[fd00::2a0:25ff:fe00:2abd]:5061)
--
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Sofia-sip-devel mailing list
Sofia-sip-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
