PJSIP TLS connect()错误:文件结束(PJ_EEOF)[code = 70016]

时间:2017-02-12 00:01:24

标签: ios ssl pjsip

尝试使用我的Asterisk服务器注册我的iOS项目时出现此EOF错误。没有TLS,一切正常。所以我现在正在完成启用TLS的过程。我重新编译了PJSIP库并配置了Asterisk服务器。我相信这一切都是正确的。我可以看到通过端口5161以加密形式发生的流量,因此看起来也是正确的。

1)我很好奇的是什么可能导致这个错误?它可能是我生成的证书吗?基于我在wireshark上看到加密流量但在Asterisk pjsip记录器中看不到加密流量这一事实让我觉得它是证书吗?

2)第二个问题是如何为主机名未知的客户创建证书(即,当他们在蜂窝网络或不同的WIFI网络上漫游时,他们的IP显然会发生变化)。当我根据Asterisk教程(https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial)创建它们时,它需要-C参数的值来指定客户端主机名。这也将被认为是动态的。

这是日志输出(个人信息[已删除])...

15:26:15.857 os_core_unix.c !pjlib 2.6 for POSIX initialized
15:26:15.858 sip_endpoint.c  .Creating endpoint instance...
15:26:15.859          pjlib  .select() I/O Queue created (0x11e809228)
15:26:15.859 sip_endpoint.c  .Module "mod-msg-print" registered
15:26:15.859 sip_transport.  .Transport manager created.
15:26:15.859   pjsua_core.c  .PJSUA state changed: NULL --> CREATED
15:26:15.859 sip_endpoint.c  .Module "mod-pjsua-log" registered
15:26:15.859 sip_endpoint.c  .Module "mod-tsx-layer" registered
15:26:15.859 sip_endpoint.c  .Module "mod-stateful-util" registered
15:26:15.859 sip_endpoint.c  .Module "mod-ua" registered
15:26:15.859 sip_endpoint.c  .Module "mod-100rel" registered
15:26:15.859 sip_endpoint.c  .Module "mod-pjsua" registered
15:26:15.860 sip_endpoint.c  .Module "mod-invite" registered
15:26:15.888 coreaudio_dev.  .. dev_id 0: iPhone IO device  (in=1, out=1) 8000Hz
15:26:15.888 coreaudio_dev.  ..core audio initialized
15:26:15.888          pjlib  ..select() I/O Queue created (0x11e16fc28)
15:26:15.888  speex_codec.c  ..Adjusting quality to 5 for uwb
15:26:15.889   conference.c  ..Creating conference bridge with 12 ports
15:26:15.889   Master/sound  ..Using delay buffer with WSOLA.
15:26:15.907 sip_endpoint.c  .Module "mod-evsub" registered
15:26:15.907 sip_endpoint.c  .Module "mod-presence" registered
15:26:15.907        evsub.c  .Event pkg "presence" registered by mod-presence
15:26:15.907 sip_endpoint.c  .Module "mod-mwi" registered
15:26:15.907        evsub.c  .Event pkg "message-summary" registered by mod-mwi
15:26:15.907 sip_endpoint.c  .Module "mod-refer" registered
15:26:15.907        evsub.c  .Event pkg "refer" registered by mod-refer
15:26:15.907 sip_endpoint.c  .Module "mod-pjsua-pres" registered
15:26:15.907 sip_endpoint.c  .Module "mod-pjsua-im" registered
15:26:15.907 sip_endpoint.c  .Module "mod-pjsua-options" registered
15:26:15.908   pjsua_core.c  .1 SIP worker threads created
15:26:15.908   pjsua_core.c  .pjsua version 2.6 for iOS-10.2.1/arm-iPad6,7/iOS-SDK initialized
15:26:15.908   pjsua_core.c  .PJSUA state changed: CREATED --> INIT
15:26:15.910     tlstp:5161  SIP TLS listener is ready for incoming connections at 10.200.154.118:5161
15:26:15.910   pjsua_core.c  PJSUA state changed: INIT --> STARTING
15:26:15.910 sip_endpoint.c  .Module "mod-unsolicited-mwi" registered
15:26:15.910   pjsua_core.c  .PJSUA state changed: STARTING --> RUNNING
15:26:15.910    pjsua_acc.c  Adding account: id=sip:[REDACTED]@[REDACTED]
15:26:15.910    pjsua_acc.c  .Account sip:[REDACTED]@[REDACTED] added with id 0
15:26:15.910    pjsua_acc.c  .Acc 0: setting registration..
15:26:15.912 tlsc0x11e18882  ..TLS client transport created
15:26:15.912 tlsc0x11e18882  ..TLS transport 10.200.154.118:58635 is connecting to [REDACTED]:5161...
15:26:15.912    pjsua_acc.c  ..Contact for acc 0 updated: <sip:[REDACTED]@10.200.154.118:58635;transport=TLS;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-00009c3fe9b2>"
15:26:15.912       endpoint  ..Request msg REGISTER/cseq=10712 (tdta0x11e950400) created.
15:26:15.913 tsx0x11e9524a8  ...Transaction created for Request msg REGISTER/cseq=10713 (tdta0x11e950400)
15:26:15.913 tsx0x11e9524a8  ..Sending Request msg REGISTER/cseq=10713 (tdta0x11e950400) in state Null
15:26:15.913  sip_resolve.c  ...Target '[REDACTED]:5161' type=TLS resolved to '[REDACTED]:5161' type=TLS (TLS transport)
15:26:15.913   pjsua_core.c  ...TX 730 bytes Request msg REGISTER/cseq=10713 (tdta0x11e950400) to TLS [REDACTED]:5161:
REGISTER sip:[REDACTED]:5161;transport=tls SIP/2.0

Via: SIP/2.0/TLS 10.200.154.118:58635;rport;branch=z9hG4bKPjYEl90guBh1gvKz2dDJZlgxzyy7AzLMpx;alias

Max-Forwards: 70

From: <sip:[REDACTED]@[REDACTED]>;tag=V6bPvLX5S0jBnpssQQBhG1W2xhXz01gj

To: <sip:[REDACTED]@[REDACTED]>

Call-ID: 5h.iiZFsYAX2vtMCNx.ZmH9NsicZoQEX

CSeq: 10713 REGISTER

User-Agent: [REDACTED]

Supported: outbound, path

Contact: <sip:[REDACTED]@10.200.154.118:58635;transport=TLS;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-00009c3fe9b2>"

Expires: 300

Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS

Content-Length:  0




--end msg--
15:26:15.914 tsx0x11e9524a8  ...State changed from Null to Calling, event=TX_MSG
15:26:15.914    pjsua_acc.c  ..Acc 0: Registration sent
15:26:16.001 tlsc0x11e18882 !TLS connect() error: End of file (PJ_EEOF) [code=70016]
15:26:16.001 tsx0x11e9524a8  Failed to send Request msg REGISTER/cseq=10713 (tdta0x11e950400)! err=70016 (End of file (PJ_EEOF))
15:26:16.001 tsx0x11e9524a8  State changed from Calling to Terminated, event=TRANSPORT_ERROR
15:26:16.001    pjsua_acc.c  ..SIP registration failed, status=503 (End of file (PJ_EEOF))
15:26:16.001    pjsua_acc.c  ..Scheduling re-registration retry for acc 0 in 2 seconds..
15:26:16.001 PJSIPInterface  ..AccountID 0 reg_state=503
15:26:16.001 tlsc0x11e18882  TLS send() error, sent=-70016
15:26:16.001    pjsua_acc.c  Disconnected notification for transport tlsc0x11e188828
15:26:16.001 tsx0x11e9524a8  Timeout timer event
15:26:16.001 tsx0x11e9524a8  .State changed from Terminated to Destroyed, event=TIMER
15:26:16.001 tdta0x11e95040  ..Destroying txdata Request msg REGISTER/cseq=10713 (tdta0x11e950400)
15:26:16.001 tsx0x11e9524a8  Transaction destroyed!
15:26:16.001 tlsc0x11e18882  TLS transport destroyed with reason 70016: End of file (PJ_EEOF)

这是我的iOS应用程序中的传输设置代码......

        pjsua_transport_config tlsTransportConfig;
        pjsua_transport_config_default(&tlsTransportConfig);
        tlsTransportConfig.port = 5161;

        tlsTransportConfig.tls_setting.ca_list_file = pj_str((char*)[[[NSBundle mainBundle] pathForResource:@"ca.crt" ofType:@"pem"] cStringUsingEncoding:NSUTF8StringEncoding]);

        tlsTransportConfig.tls_setting.cert_file = pj_str((char*)[[[NSBundle mainBundle] pathForResource:@"myapp.crt" ofType:@"pem"] cStringUsingEncoding:NSUTF8StringEncoding]);

        tlsTransportConfig.tls_setting.privkey_file = pj_str((char*)[[[NSBundle mainBundle] pathForResource:@"myapp.key" ofType:@"pem"] cStringUsingEncoding:NSUTF8StringEncoding]);

        tlsTransportConfig.tls_setting.password = pj_str("[REDACTED]");
        tlsTransportConfig.tls_setting.verify_client = PJ_TRUE;
        tlsTransportConfig.tls_setting.verify_server = PJ_TRUE;
        tlsTransportConfig.tls_setting.method = PJSIP_SSLV2_METHOD;

        status = pjsua_transport_create(PJSIP_TRANSPORT_TLS, &tlsTransportConfig, NULL);

2 个答案:

答案 0 :(得分:0)

如果有其他人遇到此问题。根据我关注的教程,我将tls方法设置为 PJSIP_SSLV2_METHOD ,如上面的代码所示。但是,当我将其更改为 PJSIP_TLSV1_METHOD 时,一切都开始工作了。这也需要在SSL方法的PJSIP设置中进行更改。

我不确定为什么SSLV2不起作用但tlsv1工作得很好。

答案 1 :(得分:0)

我认为这也可能与服务器端有关。如果您使用的服务器是Opensips,则可能是SIP消息过于分散,并且OpenSIPS关闭了连接以防止数据包碎片攻击,默认值为4。 更改服务器上的.cfg文件选项应该可以解决此问题

modparam(“ proto_tls”,“ tls_max_msg_chunks”,8)