TLS connection failed after be established

2010-10-20
2013-05-09
  • pablo bressan
    pablo bressan
    2010-10-20

    Hello
             I'm using opensips 1.6.3 with TLS support over Centos 5.3.
    Everything looks fine, but after that the TLS session is established the opensips tears down the session with the follow error log.
    Oct 20 16:33:30  ERROR:core:_tls_read: SYSCALL error -> (0) <Success>
    Oct 20 16:33:30  ERROR:core:_tls_read: something wrong in SSL: 5
    Oct 20 16:33:30  ERROR:core:tcp_read_req: failed to read

    a full version of the logs

    Oct 20 16:32:58  DBG:core:tls_accept: TLS handshake successful
    Oct 20 16:32:58  DBG:core:tls_accept: new connection from xxxx.xxxx.xxxx.xxxx:57432 using TLSv1/SSLv3 AES256-SHA 256
    Oct 20 16:32:58  DBG:core:tls_accept: local socket: yyyy.yyyy.yyyy.yyyy:5061
    Oct 20 16:32:58  DBG:core:tls_update_fd: New fd is 10
    Oct 20 16:32:58  DBG:core:tls_update_fd: New fd is 10
    Oct 20 16:32:58  DBG:core:_tls_read: 516 bytes read
    Oct 20 16:32:58  DBG:core:tcp_read_req: content-length= 0
    Oct 20 16:32:58  DBG:core:parse_msg: SIP Request:

    Oct 20 16:33:30  ERROR:core:_tls_read: SYSCALL error -> (0) <Success>
    Oct 20 16:33:30  ERROR:core:_tls_read: something wrong in SSL: 5
    Oct 20 16:33:30  ERROR:core:tcp_read_req: failed to read

    I'm usin SIPp to send a REGISTER message and the opensips respond with a 200 OK and then happen the issue

    I tried this with different version of openssl (1.0.0/0.9.8m/0.9.7m) and happens the same

    The certificates are fine
    Here is my configuration

    disable_tls = no
    listen = tls:yyyy.yyyy.yyyy.yyyy:5061
    tls_verify_server = 0
    tls_verify_client = 1
    tls_require_client_certificate = 1
    tls_certificate = "/usr/app/iwf//etc/opensips/tls/centro/centro-server6-certificate.pem"
    tls_private_key = "/usr/app/iwf//etc/opensips/tls/centro/centro-server6-privkey.pem"
    tls_ca_list = "/usr/app/iwf//etc/opensips/tls/centro/centro-ca-certificate.pem"
    tls_handshake_timeout=119
    tls_send_timeout=121
    tcp_connection_lifetime=3600
    tcp_poll_method=select
    tcp_accept_aliases = 1

    Please if I'm missing something or this is a known issue and you have a workaround I'll appreciate your help.

    regards