FreeSWITCH

AlphaSSL commercial wildcard certificate testing for TLS and SRTP

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: None
  • Component/s: mod_sofia
  • Labels:
    None
  • Environment:
    Debian Squeeze
  • Platform:
    Linux x86_64/gcc
  • Uname:
    Linux sylar.vm.bytemark.co.uk 2.6.32.33-kvm-i386-20111128-dirty #5 SMP Mon Nov 28 20:23:39 GMT 2011 i686 GNU/Linux
  • CPU Info:
    Hide
    sylar:/opt/freeswitch/conf/ssl# cat /proc/cpuinfo
    processor : 0
    vendor_id : AuthenticAMD
    cpu family : 6
    model : 2
    model name : QEMU Virtual CPU version 0.12.5
    stepping : 3
    cpu MHz : 2311.704
    cache size : 512 KB
    fdiv_bug : no
    hlt_bug : no
    f00f_bug : no
    coma_bug : no
    fpu : yes
    fpu_exception : yes
    cpuid level : 4
    wp : yes
    flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm up pni cx16 popcnt hypervisor lahf_lm abm sse4a
    bogomips : 4623.40
    clflush size : 64
    cache_alignment : 64
    address sizes : 40 bits physical, 48 bits virtual
    power management:
    Show
    sylar:/opt/freeswitch/conf/ssl# cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 6 model : 2 model name : QEMU Virtual CPU version 0.12.5 stepping : 3 cpu MHz : 2311.704 cache size : 512 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 4 wp : yes flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm up pni cx16 popcnt hypervisor lahf_lm abm sse4a bogomips : 4623.40 clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management:
  • FreeSWITCH GIT Revision:
    FreeSWITCH Version 1.1.beta1 (git-7a147e4 2012-04-25 17-14-55 -0500)
  • Reproduced with GIT HEAD?:
    Yes
  • lsb_release:
    Hide
    istributor ID: Debian
    Description: Debian GNU/Linux 6.0.4 (squeeze)
    Release: 6.0.4
    Codename: squeeze
    Show
    istributor ID: Debian Description: Debian GNU/Linux 6.0.4 (squeeze) Release: 6.0.4 Codename: squeeze

Description

This is agent.pem split up:


sylar:/opt/freeswitch/conf/ssl# openssl x509 -noout -modulus -in crt.crt | openssl md5
91076da3c3f9eb84bebc3d4d37f3e0d3

sylar:/opt/freeswitch/conf/ssl# openssl rsa -noout -modulus -in key.key | openssl md5
91076da3c3f9eb84bebc3d4d37f3e0d3

This proves the public and private keys match.

This is what FS on tport 9 shows:

tport_bind_server(0x8aa5270) to */80.68.88.123:5060/sip
tport_bind_server(0x8aa5270): calling tport_listen for udp
tport_alloc_primary(0x8aa5270): new primary tport 0x8aa5a80
tport_listen(0x8aa5a80): listening at udp/80.68.88.123:5060/sip
tport_bind_server(0x8aa5270): calling tport_listen for tcp
tport_alloc_primary(0x8aa5270): new primary tport 0x8bb6540
tport_listen(0x8bb6540): listening at tcp/80.68.88.123:5060/sip
nta: bound to (80.68.88.123:5060;transport=*)
nta: agent_init_via: SIP/2.0/udp 80.68.88.123 (sip)
nta: agent_init_via: SIP/2.0/tcp 80.68.88.123 (sip)
nta: Via fields initialized
nta: Contact header created
tport_listen(0x8aa7ab0): listening at tcp/[::1]:5060/sip
nta: bound to ([::1]:5060;transport=*)
nta: agent_init_via: SIP/2.0/udp [::1] (sip)
nta: agent_init_via: SIP/2.0/tcp [::1] (sip)
tport_bind_server(0x8aa5270) to tls/80.68.88.123:5061/sips
tport_bind_server(0x8aa5270): calling tport_listen for tls
nta: Via fields initialized
nta: Contact header created
tport_bind_server(0x8e1e8a8) to tls/[::1]:5061/sips
tport_alloc_primary(0x8aa5270): new primary tport 0x8bb7b08
tport_bind_server(0x8e1e8a8): calling tport_listen for tls
tport_tls_init_master(0x8bb7b08): tls key = /opt/freeswitch/conf/ssl/agent.pem
tls_init_context: invalid local certificate: /opt/freeswitch/conf/ssl/agent.pem
tport_alloc_primary(0x8e1e8a8): new primary tport 0x8ea0090
tport_tls_init_master(0x8ea0090): tls key = /opt/freeswitch/conf/ssl/agent.pem
tls_init_context: invalid local certificate: /opt/freeswitch/conf/ssl/agent.pem
tls_init_context: invalid private key: /opt/freeswitch/conf/ssl/agent.pem
tls_init_context: private key does not match the certificate public key
tls_init_context: error loading CA list: cafile.pem
tport_listen(0x8e1e8a8): tls_init_master(pf=10 tls/[::1]:5061): Input/output error
nta: bind([::1]:5061;transport=tls): Input/output error
nua: initializing SIP stack failed
nua: nua_stack_deinit: entering
sres_sofia_update(0x8b14860, -1, -1)
sres_sofia_update((nil), -1, -1)
tport_destroy(0x8e1e8a8)
su_epoll_port_deinit(0x8a4eb80) called
2012-04-26 20:31:07.572509 [ERR] sofia.c:1940 Error Creating SIP UA for profile: internal-ipv6
tls_init_context: invalid private key: /opt/freeswitch/conf/ssl/agent.pem
tls_init_context: private key does not match the certificate public key
tls_init_context: error loading CA list: cafile.pem
tport_listen(0x8aa5270): tls_init_master(pf=2 tls/[80.68.88.123]:5061): Input/output error
nta: bind(80.68.88.123:5061;transport=tls): Input/output error
nua: initializing SIP stack failed
nua: nua_stack_deinit: entering
sres_sofia_update(0x8c10030, -1, -1)
sres_sofia_update((nil), -1, -1)
tport_destroy(0x8aa5270)
su_epoll_port_deinit(0x8a4ed90) called
2012-04-26 20:31:07.572509 [ERR] sofia.c:1940 Error Creating SIP UA for profile: internal
nta_agent_create: initialized timer
nta_agent_create: initialized resolver
tport_create(): 0x8aa5a80


This is a AlphaSSL Commercial Wildcard certificate.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Gavin Henry added a comment -
Some confusion in the docs http://wiki.freeswitch.org/wiki/SIP_TLS#Step_3_-_Sofia_Profile_Configuration mentioned cacert.pem and cafile.pem. Profile loads with cafile.pem OK now, but TLS errors.
Show
Gavin Henry added a comment - Some confusion in the docs http://wiki.freeswitch.org/wiki/SIP_TLS#Step_3_-_Sofia_Profile_Configuration mentioned cacert.pem and cafile.pem. Profile loads with cafile.pem OK now, but TLS errors.
Hide
Permalink
Auto Admin added a comment -
Due to a long period of inactivity (13 or more days), this issue is due to be automatically close within 24 hours.
If this issue is not actually resolved, please reopen it and add appropriate comments to help developers fix the issue.

Thanks,
  Jira Admin
Show
Auto Admin added a comment - Due to a long period of inactivity (13 or more days), this issue is due to be automatically close within 24 hours. If this issue is not actually resolved, please reopen it and add appropriate comments to help developers fix the issue. Thanks,   Jira Admin
Hide
Permalink
Auto Admin added a comment -
Since there has been no change to the status of this issue, it is being closed for inactivity

Thanks,
  Jira Admin


FreeSWITCH Support Contracts and Consulting Services available!

Contact us:
Email: consulting@freeswitch.org
Web: http://www.freeswitch.org
Phone: +1-918-420-9266
Tollfree: +1-877-742-2583
Fax: +1-918-420-9267
iNum: +883 5100 1420 9266


Come To ClueCon in August to learn more about FreeSWITCH and Internet Telephony!
http://www.cluecon.com

Show
Auto Admin added a comment - Since there has been no change to the status of this issue, it is being closed for inactivity Thanks,   Jira Admin FreeSWITCH Support Contracts and Consulting Services available! Contact us: Email: consulting@freeswitch.org Web: http://www.freeswitch.org Phone: +1-918-420-9266 Tollfree: +1-877-742-2583 Fax: +1-918-420-9267 iNum: +883 5100 1420 9266 Come To ClueCon in August to learn more about FreeSWITCH and Internet Telephony! http://www.cluecon.com

People

  • Assignee:
    Anthony Minessale II
    Reporter:
    Gavin Henry
Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: