Uploaded image for project: 'FreeSWITCH'
  1. FreeSWITCH
  2. FS-5719

TLS negotiation failing with Elliptic curved keys

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 1.5
    • Fix Version/s: None
    • Component/s: mod_sofia
    • Labels:
      None
    • Environment:
      CentOS release 6.4 (Final)
    • CPU Architecture:
      x86
    • Kernel:
      Linux
    • uname:
      Linux localhost.localdomain 2.6.32-358.14.1.el6.x86_64 #1 SMP Tue Jul 16 23:51:20 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
    • Userland:
      GNU/Linux
    • lsb_release:
      Hide
      LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0
      -amd64:printing-4.0-noarch
      Distributor ID: CentOS
      Description: CentOS release 6.4 (Final)
      Release: 6.4
      Codename: Final
      Show
      LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0 -amd64:printing-4.0-noarch Distributor ID: CentOS Description: CentOS release 6.4 (Final) Release: 6.4 Codename: Final
    • Compiler:
      gcc
    • Compiler Version:
      gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC)
    • FreeSWITCH GIT Revision:
      FreeSWITCH Version 1.5.5b+git~20130821T120817Z~c09dec0de1 (git c09dec0 2013-08-21 12:08:17Z)
    • GIT Master Revision hash::
      FreeSWITCH Version 1.5.5b+git~20130821T120817Z~c09dec0de1 (git c09dec0 2013-08-21 12:08:17Z)
    • Target Version:
      1.5

      Description

      TLS negotiation works with default script of gentls_cert.
      But it fails when modified to create Elliptic curved based keys. Modified scripts is attached .


      Following logs are seen on tport.
      tport.c:2749 tport_wakeup_pri() tport_wakeup_pri(0x7f174c007500): events IN
      tport.c:869 tport_alloc_secondary() tport_alloc_secondary(0x7f174c007500): new secondary tport 0x7f174c0ae6b0
      tport_type_tls.c:607 tport_tls_accept() tport_tls_accept(0x7f174c0ae6b0): new connection from tls/192.168.1.34:51773/sips
      tport_tls.c:873 tls_connect() tls_connect(0x7f174c0ae6b0): events NEGOTIATING
      tport_tls.c:962 tls_connect() tls_connect(0x7f174c0ae6b0): TLS setup failed (error:00000001:lib(0):func(0):reason(1))
      tport.c:2096 tport_close() tport_close(0x7f174c0ae6b0): tls/192.168.1.34:51773/sips

        Attachments

        1. agent.pem
          0.9 kB
        2. cafile.pem
          0.5 kB
        3. gentls_cert.patch
          1.0 kB
        4. gentls_cert-modified
          5 kB
        5. openssl_debugger
          3 kB

          Issue Links

            Activity

              People

              • Assignee:
                anthm Anthony Minessale II
                Reporter:
                mehroz Mehroz Ashraf
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: