[asterisk-bugs] [JIRA] (ASTERISK-27001) PJSIP TLS connection not stable

Ian Gilmour (JIRA) noreply at issues.asterisk.org
Tue May 16 06:05:57 CDT 2017 

Ian Gilmour created ASTERISK-27001:
--------------------------------------

             Summary: PJSIP TLS connection not stable
                 Key: ASTERISK-27001
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27001
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: pjproject/pjsip
    Affects Versions: 13.15.0
         Environment: centos 6.8(64-bit)
            Reporter: Ian Gilmour


Hi,

I have a development Asterisk 13.15.0 test setup (uses the bundled pjsip-2.6).

On startup Asterisk registers 1 Asterisk users with a remote OpenSIPS server, over TLS, using the PJSIP stack. As part of the test this Asterisk PJSIP user is reregistered with OpenSIPS Server every couple of mins.

All outgoing/incoming pjsip call media is encrypted using SRTP and via an external RTPPROXY running alongside the external OpenSIPS Server.

Asterisk is additionally configured to use PJSIP on 127.0.0.1:5060 to allow calls from a locally run SIPp process. All SIPp calls are TCP+RTP.

I use SIPp to run multiple concurrent loopback calls (calls vary in
duration) through Asterisk to the OpenSIPS server and back to an echo() service running on the same Asterisk).
i.e.
{noformat}
  SIPp <-TCP/RTP-> Asterisk <-TLS/SRTP->
      OpenSIPS server (+ rtpproxy) <-TLS/SRTP-> Asterisk (echo service).
{noformat}

With no calls running the PJSIP TLS connection stays up and I see it reregistering the user every ~2mins.

When I start to run the SIPp test I start seeing the PJSIP stack having TLS issues - closing the current TCP port as a result, in this state outgoing SIPp calls obviously start failing. 

A few seconds later Asterisk (PJSIP) opens a new port, reregistering with the OpenSIPS server, and the calls continue.

If I switch Asterisk to use the chan_sip stack rather than the PJSIP stack for the TLS connection to the OpenSIPS server the connection stays up with no call failures.

I patched a couple of PJSIP files to help me see what's going on and I have played with the PJSIP TLS code. I can improve the reliability of the connection by ignoring a specific error condition (see the code within #if EXPERIMENTAL...#endif in the attached patch).




--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list