Bug#684646: fails to receive BYE over TLS
Daniel Pocock
daniel at pocock.com.au
Sun Aug 12 12:44:18 UTC 2012
Package: asterisk
Version: 1:1.8.8.1-1digium1~squeeze
Severity: important
I've marked this important because Asterisk allows calls to continue
even after the user hangs up.
I am using v1.8.8. I've also tried to use 1.8.13 (the version in
wheezy) to see if that resolves the problem, but 1.8.13 has more severe
problems that prevent testing of the same TLS environment:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683956
Basically, the user agents are Polycom phones, connecting to Asterisk
using TLS. A sample peer config is below.
The phones can connect and register. The phones can send an SIP INVITE
and start a call. However, when the phone is hung up, Asterisk doesn't
receive the BYE
If I stop the Asterisk process and start the `repro' SIP proxy on the
same IP address and port, using the same server certificate, the phones
connect to the proxy using TLS and work in the correct manner.
Therefore, I don't believe the phones are at fault. I've also verified
the same problem making calls from Lumicall.
Also, it all works as expected if I configure the phones for UDP instead
of TLS.
There are various problems in the Asterisk Jira bug system regarding TLS
and TCP connections not staying active to receive subsequent messages
during a session.
Workaround:
- using repro or Kamailio SIP proxy to handle TLS clients, and relay the
SIP messages to Asterisk over UDP. Only suitable if SIP packets are
below the MTU (when SRTP and ICE are used, the SIP message length can
exceed 1500 bytes)
http://packages.debian.org/search?keywords=repro
More information about the Pkg-voip-maintainers
mailing list