-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! I saw that you use SSLv23, did you try to force TLSv1? That might be a solution... jeevan ravula wrote: > Hi Greg, I am sending my openser.cfg. Pls check it.I am able to > register( without tls) with polycom phones. > > Regards, jeevan > > ---------- Forwarded message ---------- From: Gregoire > <[EMAIL PROTECTED]> Date: Oct 16, 2006 4:24 PM Subject: Re: [Users] > Registration of Polycom SoundPointIP phone with OpenSER To: jeevan > ravula <[EMAIL PROTECTED]> Cc: [email protected] > > Hi! Could you send your configuration file? Have you check your log > on the server? If you disable TLS, does it work? > > Regards > > Greg > > jeevan ravula wrote: >>> Hi Gregoire, Thank you for your help.My certificate has >>> validity period of 1 year.I have some interesting observations >>> to share >>> >>> from what you said the clock wasn't the same for openser and >>> polycom phone.Ihave set the clock of both openser and polycom >>> phone to same. >>> >>> The polycom phone got registered to openser. >>> >>> Now I tried communicating b/w two polycom phones via >>> openser(with TLS support).The call gets established >>> randomly.Initially it was only in one direction but once >>> managed to establish in other direction. >>> >>> But once the phone gets registered to openser proxy,the time >>> clock aspect is getting irrelavant.Because each time I boot >>> from boot server the clock time changes to default settings but >>> still manages to register with openser. >>> >>> Even though both the polycom phones(soundpointIp 430) are >>> register.I am unable to establish communication b/w them.The >>> calling party call doesn't get forwarded to the callee.I am >>> unable to understand the reason.Can you explain me if possible? >>> >>> >>> Thanks, Jeevan. >>> >>> >>> >>> >>> On 10/15/06, Gregoire <[EMAIL PROTECTED]> wrote: >>>> >>>> Hi! Have you check the validity of the certificate? When it >>>> begins, when it ends?Are the clock from Openser and the >>>> client the same or are they different from any hours?What >>>> ssldump give you as output? >>>> >>>> Regards >>>> >>>> Greg jeevan ravula wrote: >>>> >>>>> Hi all, >>>>> >>>>> I am using Polycom SoundPointIP phone as User Agent.I want >>>>> to >>>> register >>>>> Polycom phone with OpenSER(with TLS support) server.Can >>>>> anybody help me out in this regard? >>>>> >>>>> I have generated my rootCA and given to polycom phone.The >>>>> polycom phone does not accept certificate from openser >>>>> server side.It shows bad certificate. >>>>> >>>>> anybody who has used polycom phone earlier can help me out >>>>> in this matter.I shall be greatful to them >>>>> >>>>> Regards, Jeevan. >>>>> >>>>> > ------------------------------------------------------------------------ > >>>>> >>>>> >>>> >>>>> >>>>> _______________________________________________ Users >>>>> mailing list [email protected] >>>>> http://openser.org/cgi-bin/mailman/listinfo/users >>>>> >>>>> >>>> >>>> >>> > > > ---------------------------------------------------------------------- > > > # # $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $ # > # simple quick-start config script # > > # ----------- global configuration parameters > ------------------------ > > debug=3 # debug level (cmd line: -dddddddddd) fork=yes > log_stderror=yes # (cmd line: -E) > > /* Uncomment these lines to enter debugging mode #fork=no > #log_stderror=yes */ > > check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) > rev_dns=no # (cmd. line: -R) listen = 172.21.67.46 # Add by > Mohit on 7 Sep port=5060 children=4 fifo="/tmp/openser_fifo" > > # # uncomment the following lines for TLS support disable_tls = 0 > listen = tls:172.21.67.46:5061 tls_verify = 1 > tls_require_certificate = 0 tls_method =SSLv23 #TLSv1 > tls_certificate = > "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-cert.pem" > tls_private_key = > "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-privkey.pem" > tls_ca_list = > "/usr/local/src/openser-1.0.1/sip-server/tls/tools/server/user-calist.pem" > tls_handshake_timeout=119 tls_ciphers_list= > "ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:KRB5-RC4-MD5:KRB5-DES-CBC3-MD5:KRB5-RC4-SHA:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:ADH-DES-CBC3-SHA:ADH-RC4-MD5:DES-CBC3-MD5:RC2-CBC-MD5:RC4-MD5:NULL-SHA:NULL-MD5" > #"NULL-SHA:NULL-MD5:AES256-SHA:AES128-SHA" tls_send_timeout=121 # > ------------------ module loading > ---------------------------------- > > # Uncomment this if you want to use SQL database #loadmodule > "/usr/local/lib/openser/modules/mysql.so" > > loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule > "/usr/local/lib/openser/modules/tm.so" loadmodule > "/usr/local/lib/openser/modules/rr.so" loadmodule > "/usr/local/lib/openser/modules/maxfwd.so" loadmodule > "/usr/local/lib/openser/modules/usrloc.so" loadmodule > "/usr/local/lib/openser/modules/registrar.so" loadmodule > "/usr/local/lib/openser/modules/textops.so" > > # Uncomment this if you want digest authentication # mysql.so must > be loaded ! #loadmodule "/usr/local/lib/openser/modules/auth.so" > #loadmodule "/usr/local/lib/openser/modules/auth_db.so" > > # ----------------- setting module-specific parameters > --------------- > > # -- usrloc params -- > > modparam("usrloc", "db_mode", 0) > > # Uncomment this if you want to use SQL database # for persistent > storage and comment the previous line #modparam("usrloc", > "db_mode", 2) > > # -- auth params -- # Uncomment if you are using auth module # > #modparam("auth_db", "calculate_ha1", yes) # # If you set > "calculate_ha1" parameter to yes (which true in this config), # > uncomment also the following parameter) # #modparam("auth_db", > "password_column", "password") > > # -- rr params -- # add value to ;lr param to make some broken UAs > happy #modparam("rr", "enable_full_lr", 1) > > # ------------------------- request routing logic > ------------------- > > # main routing logic > > route{ > > # initial sanity checks -- messages with # max_forwards==0, or > excessively long requests if (!mf_process_maxfwd_header("10")) { > sl_send_reply("483","Too Many Hops"); exit; }; > > if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); > exit; }; > > # we record-route all messages -- to make sure that # subsequent > messages will go through our proxy; that's # particularly good if > upstream and downstream entities # use different transport protocol > if (!method=="REGISTER") record_route(); > > # subsequent messages withing a dialog should take the # path > determined by record-routing if (loose_route()) { # mark routing > logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); }; > > > if (!uri==myself) { # mark routing logic in request > append_hf("P-hint: outbound\r\n"); # if you have some interdomain > connections via TLS #if(uri=~"@tls_domain1.net") { # > t_relay_to_tls("IP_domain1","port_domain1"); # exit; #} else > if(uri=~"@tls_domain2.net") { # > t_relay_to_tls("IP_domain2","port_domain2"); # exit; #} > route(1); }; > > # if the request is for other domain use UsrLoc # (in case, it does > not work, use the following command # with proper names and > addresses in it) if (uri==myself) { > > if (method=="REGISTER") { > > # Uncomment this if you want to use digest authentication #if > (!www_authorize("openser.org", "subscriber")) { > #www_challenge("openser.org", "0"); #exit; #}; > > save("location"); exit; }; > > lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound > alias\r\n"); route(1); }; > > # native SIP destinations are handled using our USRLOC DB if > (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; > append_hf("P-hint: usrloc applied\r\n"); }; > > route(1); } > > > route[1] { # send it out now; use stateful forwarding as it works > reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; > exit; } > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFM4l5I8gmGeMTr0sRAhiwAJ4jEjVdIqllX0si+2I2P58O6jeAZgCfRC4C MQrEK8DCS25Xn31UrPeZdy8= =7Tjp -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/users
