| Summary: | ASTERISK-26004: res_pjsip: The transport/method parameter is ignored | ||
| Reporter: | George Joseph (gjoseph) | Labels: | |
| Date Opened: | 2016-05-07 14:33:17 | Date Closed: | 2016-07-01 10:17:13 |
| Priority: | Minor | Regression? | |
| Status: | Closed/Complete | Components: | Resources/res_pjsip |
| Versions: | SVN 13.8.2 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ( 0) Panasonic_TLS_issue_WORKING.pcap ( 1) Panasonic_TLS_Issue.pcap | |
| Description: | Setting the transport method parameter is ignored. The SSL socket is always negotiated as TLS.
| ||
| Comments: | By: Ross Beer (rossbeer) 2016-05-17 05:24:01.796-0500 This change has caused some phones such as the Panasonic KX-HDV230 being able to connect via TLS. The Asteisk CLI shows the following, suggesting that the negotiation is not working as expected: NOTICE[30648]: res_pjsip_transport_management.c:130 idle_sched_cb: Shutting down transport 'TLS to <IP ADDRESS>:11441' since no request was received in 32000 seconds The TLS transport is currently configured in the following way: [transport-tls] type=transport protocol=tls bind=0.0.0.0:5061 tos=cs3 cert_file=/etc/asterisk/keys/asterisk.crt priv_key_file=/etc/asterisk/keys/asterisk.key method=tlsv1 Removing the fixed 'method' does not make any difference. By: George Joseph (gjoseph) 2016-05-17 07:43:05.832-0500 Can you do a wireshark trace of the initial negotiation so we can see what's going on? Also, can you test the phone to see if it really isn't working before the timeout? With method=tls, it should behave exactly as it did before since this was always the default. By: Ross Beer (rossbeer) 2016-05-17 08:53:30.692-0500 The attached is the negotiation between the Panasonic and Asterisk. The phone keeps saying 'Register', if moved back to 13.8 it registers without issue using TLS. By: Ross Beer (rossbeer) 2016-05-18 09:56:08.007-0500 I can confirm removing the new line resolves the issue 'new_state->tls.proto = 0;', I will post a wireshark of the working TLS negotiation. By: George Joseph (gjoseph) 2016-07-01 09:44:49.228-0500 Is this still an issue? I kinda lost track. By: Ross Beer (rossbeer) 2016-07-01 10:16:22.312-0500 This was resolved by an alternate patch. Please close the issue. | ||