[asterisk-bugs] [JIRA] (ASTERISK-28798) [patch] chan_sip: TCP/TLS client without server.
Alexander Traud (JIRA)
noreply at issues.asterisk.org
Fri Jun 26 02:58:25 CDT 2020
[ https://issues.asterisk.org/jira/browse/ASTERISK-28798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=251255#comment-251255 ]
Alexander Traud commented on ASTERISK-28798:
--------------------------------------------
Digium has a hard to understand (or at least an unexplained) policy when it comes to issue tracking. The core developers match a change to an issue and that is a 1:1 relationship because they have some scripts which create the change logs automatically. Consequently, they get horrified when an already fixed issue report gets reopened. Semantically, in the world of Jira, this is exactly the correct report to raise your issue.
To say it short, thanks for reporting. I see the issue in your case. You are using not the default but a custom port for TLS. Therefore, you did not face this issue (although there is still an issue, I come back later to that). Please, do me a favor and test with {{tcpenable=yes}}. With that as well, the error message vanishes, does it?
> [patch] chan_sip: TCP/TLS client without server.
> ------------------------------------------------
>
> Key: ASTERISK-28798
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28798
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/TCP-TLS
> Affects Versions: 13.32.0, 16.9.0, 17.3.0
> Reporter: Alexander Traud
> Assignee: Alexander Traud
> Severity: Minor
> Labels: patch
> Target Release: 13.33.0, 16.10.0, 17.4.0
>
> Attachments: client_without_server.patch
>
>
> The channel driver {{chan_sip}} can be configured for various SIP transports like UDP, TCP, and TLS. Because it is a back-to-back user agent (B2BUA), it can be configured as client and/or server. For example, when you add just
> {code}register => tcp://user:secret@host{code}
> to the {{\[general\]}} context in the configuration file {{sip.conf}} (just that, nothing else; the file is empty), a client connection to a remote VoIP/SIP server like a PSTN service is established. However in the SIP-REGISTER message, the headers Via and Contact do not contain the local IP address but the value {{(null)}}. Such a value is rejected by a remote party normally.
> Currently, the source code expects that the local server also has TCP enabled. Consequently, for a client connect you have to write at least:
> {code}tcpenable=yes
> register => tcp://user:secret@host{code}
> In case of TLS, something like
> {code}
> tlscapath=/etc/ssl/certs/
> register => tls://user:secret@host
> {code}should be sufficient. However, that gives the same, the value {{(null)}} in the SIP-REGISTER for the Via and Contact headers. Again, the TLS server must be enabled locally which requires a public certificate with private key:
> {code}
> tlsenable=yes
> tlscertfile=asterisk.pem
> tlscapath=/etc/ssl/certs/
> register => tls://user:secret@host
> {code}Consequently, I have to create a (server) certificate locally, do create a remote TLS client connection successfully. This is counter-intuitive. The situation is even worse because there is no log message and the SIP-REGISTER is sent with wrong information. Only at debug level 3, one can see that the local bind address is null.
> The cause for this is the function {{ast_sip_ouraddrfor(.)}} which does not check whether the {{local_address}} is null. See the attached patch.
> However, there are two more places in code which do not check for null:
> 1. function {{get_address_family_filter(.)}}
> 2. {{p->socket.port}} in function {{transmit_register(.)}}
> I have no idea what to do with those.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list