[asterisk-bugs] [JIRA] (ASTERISK-22750) SIP TLS calls stop working after a period of no SIP TLS calls to a destination

Dwayne Hubbard (JIRA) noreply at issues.asterisk.org
Wed Oct 23 15:06:03 CDT 2013 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=211169#comment-211169 ] 

Dwayne Hubbard edited comment on ASTERISK-22750 at 10/23/13 3:05 PM:
---------------------------------------------------------------------

Change the _sip_tcp_helper_thread timeout period from -1 to 10 seconds so the tcptls session does not become stale after a period of inactivity.

This (dw-asterisk-1.8.23.1-sip-tls.patch) is not a proper fix because, as pointed out by Mark Michelson on IRC, "In general, if you're having to check refcounts in order to know how to proceed, things are being done in a suboptimal way."

This patch at least provides a work around until the proper solution is available.
                
      was (Author: dwayne):
    Change the _sip_tcp_helper_thread timeout period from -1 to 10 seconds so the tcptls session does not become stale after a period of inactivity.

This is not a proper fix because, as pointed out by Mark Michelson on IRC, "In general, if you're having to check refcounts in order to know how to proceed, things are being done in a suboptimal way."

This patch at least provides a work around until the proper solution is available.
                  
> SIP TLS calls stop working after a period of no SIP TLS calls to a destination
> ------------------------------------------------------------------------------
>
>                 Key: ASTERISK-22750
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22750
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/TCP-TLS
>    Affects Versions: SVN, 1.8.23.1
>         Environment: Asterisk 1.8.23.1
> CentOS 6.4 x86_64
> SIP TLS / SRTP
>            Reporter: Dwayne Hubbard
>         Attachments: dw-asterisk-1.8.23.1-sip-tls.patch
>
>
> SIP TLS/SRTP calls to a SIP TLS destination will setup a tcptls connection to the SIP TLS destination which is viewable using Asterisk CLI 'sip show tcp'.  Calls to a SIP TLS destination will work until there is a period (~30 minutes) of no activity to the SIP TLS destination at which point the tcptls _sip_tcp_helper_thread function will become blocked in the ast_poll() function with a timeout of -1.  Once this happens, SIP TLS calls to the SIP TLS destination will not succeed until one of the following occurs:
>   1)  Asterisk Restarted
>   2)  The chan_sip.so module is reloaded
>   3)  A SSL_shutdown failed: 5 ERROR occurs
> The patch provided change the _sip_tcp_helper_thread function timeout to 10 seconds.  If the ast_poll() function returns 0 (timeout) AND the tcptls AO2 reference count is greater than 2, then continue will be called to return to the ast_poll() function for another timeout period.  If the ast_poll() function returns 0 (timeout) AND the tcptls AO2 reference count is 2 (or less), then the tcptls session will be destroyed.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list