[asterisk-bugs] [Asterisk 0015894]: SIP register via tls causes lock on sip reload
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Sep 21 17:14:37 CDT 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=15894
======================================================================
Reported By: dvossel
Assigned To: dvossel
======================================================================
Project: Asterisk
Issue ID: 15894
Category: Channels/chan_sip/TCP-TLS
Reproducibility: always
Severity: major
Priority: normal
Status: assigned
Asterisk Version: SVN
JIRA:
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 218430
Request Review:
======================================================================
Date Submitted: 2009-09-14 17:47 CDT
Last Modified: 2009-09-21 17:14 CDT
======================================================================
Summary: SIP register via tls causes lock on sip reload
Description:
I ran into this problem because of another issue Asterisk has with TLS.
register => tls://user:1234@mydomain
Given the register line above in sip.conf, I'd expect the register request
to be send via port 5061. Instead it defaults to port 5060 which is
incorrect for TLS.
----------------------------------------------------------------
*CLI> sip show registry
Host dnsmgr Username Refresh State
Reg.Time
mydomain:5060 N user 120 Request Sent
----------------------------------------------------------------
Now here's the odd part. I decided to go into my sip.conf and explicitly
set the register line to have a port, and when I issued a sip reload
everything locked up, even the CLI. I was able to reproduce the steps and
got the same results everytime.
It seems that this is somehow caused by the receiving end binding to port
5061 and me sending the registration using port 5060. If I bind the
receiving end to 5060 this works even though that is not the correct port
for tls. I tried another test where I pointed the register at a fake
domain, but nothing locked up.
======================================================================
----------------------------------------------------------------------
(0111103) dvossel (administrator) - 2009-09-21 17:14
https://issues.asterisk.org/view.php?id=15894#c111103
----------------------------------------------------------------------
I know what is causing this now... Here's the situation. Box1 has tls
disabled and tcp enabled. Box2 is trying to register via tls to Box1. Box1
one accepts the connection as TCP not TLS, and Box2 blocks forever at
SSL_connect waiting for the TLS handshake to complete.
Issue History
Date Modified Username Field Change
======================================================================
2009-09-21 17:14 dvossel Note Added: 0111103
======================================================================
More information about the asterisk-bugs
mailing list