尝试使用我的Asterisk服务器注册我的iOS项目时出现此EOF错误。没有TLS,一切正常。所以我现在正在完成启用TLS的过程。我重新编译了PJSIP库并配置了Asterisk服务器。我相信这一切都是正确的。我可以看到通过端口5161以加密形式发生的流量,因此看起来也是正确的。
1)我很好奇的是什么可能导致这个错误?它可能是我生成的证书吗?基于我在wireshark上看到加密流量但在Asterisk pjsip记录器中看不到加密流量这一事实让我觉得它是证书吗?
2)第二个问题是如何为主机名未知的客户创建证书(即,当他们在蜂窝网络或不同的WIFI网络上漫游时,他们的IP显然会发生变化)。当我根据Asterisk教程(https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial)创建它们时,它需要-C参数的值来指定客户端主机名。这也将被认为是动态的。
这是日志输出(个人信息[已删除])...
15:26:15.857 os_core_unix.c !pjlib 2.6 for POSIX initialized
15:26:15.858 sip_endpoint.c .Creating endpoint instance...
15:26:15.859 pjlib .select() I/O Queue created (0x11e809228)
15:26:15.859 sip_endpoint.c .Module "mod-msg-print" registered
15:26:15.859 sip_transport. .Transport manager created.
15:26:15.859 pjsua_core.c .PJSUA state changed: NULL --> CREATED
15:26:15.859 sip_endpoint.c .Module "mod-pjsua-log" registered
15:26:15.859 sip_endpoint.c .Module "mod-tsx-layer" registered
15:26:15.859 sip_endpoint.c .Module "mod-stateful-util" registered
15:26:15.859 sip_endpoint.c .Module "mod-ua" registered
15:26:15.859 sip_endpoint.c .Module "mod-100rel" registered
15:26:15.859 sip_endpoint.c .Module "mod-pjsua" registered
15:26:15.860 sip_endpoint.c .Module "mod-invite" registered
15:26:15.888 coreaudio_dev. .. dev_id 0: iPhone IO device (in=1, out=1) 8000Hz
15:26:15.888 coreaudio_dev. ..core audio initialized
15:26:15.888 pjlib ..select() I/O Queue created (0x11e16fc28)
15:26:15.888 speex_codec.c ..Adjusting quality to 5 for uwb
15:26:15.889 conference.c ..Creating conference bridge with 12 ports
15:26:15.889 Master/sound ..Using delay buffer with WSOLA.
15:26:15.907 sip_endpoint.c .Module "mod-evsub" registered
15:26:15.907 sip_endpoint.c .Module "mod-presence" registered
15:26:15.907 evsub.c .Event pkg "presence" registered by mod-presence
15:26:15.907 sip_endpoint.c .Module "mod-mwi" registered
15:26:15.907 evsub.c .Event pkg "message-summary" registered by mod-mwi
15:26:15.907 sip_endpoint.c .Module "mod-refer" registered
15:26:15.907 evsub.c .Event pkg "refer" registered by mod-refer
15:26:15.907 sip_endpoint.c .Module "mod-pjsua-pres" registered
15:26:15.907 sip_endpoint.c .Module "mod-pjsua-im" registered
15:26:15.907 sip_endpoint.c .Module "mod-pjsua-options" registered
15:26:15.908 pjsua_core.c .1 SIP worker threads created
15:26:15.908 pjsua_core.c .pjsua version 2.6 for iOS-10.2.1/arm-iPad6,7/iOS-SDK initialized
15:26:15.908 pjsua_core.c .PJSUA state changed: CREATED --> INIT
15:26:15.910 tlstp:5161 SIP TLS listener is ready for incoming connections at 10.200.154.118:5161
15:26:15.910 pjsua_core.c PJSUA state changed: INIT --> STARTING
15:26:15.910 sip_endpoint.c .Module "mod-unsolicited-mwi" registered
15:26:15.910 pjsua_core.c .PJSUA state changed: STARTING --> RUNNING
15:26:15.910 pjsua_acc.c Adding account: id=sip:[REDACTED]@[REDACTED]
15:26:15.910 pjsua_acc.c .Account sip:[REDACTED]@[REDACTED] added with id 0
15:26:15.910 pjsua_acc.c .Acc 0: setting registration..
15:26:15.912 tlsc0x11e18882 ..TLS client transport created
15:26:15.912 tlsc0x11e18882 ..TLS transport 10.200.154.118:58635 is connecting to [REDACTED]:5161...
15:26:15.912 pjsua_acc.c ..Contact for acc 0 updated: <sip:[REDACTED]@10.200.154.118:58635;transport=TLS;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-00009c3fe9b2>"
15:26:15.912 endpoint ..Request msg REGISTER/cseq=10712 (tdta0x11e950400) created.
15:26:15.913 tsx0x11e9524a8 ...Transaction created for Request msg REGISTER/cseq=10713 (tdta0x11e950400)
15:26:15.913 tsx0x11e9524a8 ..Sending Request msg REGISTER/cseq=10713 (tdta0x11e950400) in state Null
15:26:15.913 sip_resolve.c ...Target '[REDACTED]:5161' type=TLS resolved to '[REDACTED]:5161' type=TLS (TLS transport)
15:26:15.913 pjsua_core.c ...TX 730 bytes Request msg REGISTER/cseq=10713 (tdta0x11e950400) to TLS [REDACTED]:5161:
REGISTER sip:[REDACTED]:5161;transport=tls SIP/2.0
Via: SIP/2.0/TLS 10.200.154.118:58635;rport;branch=z9hG4bKPjYEl90guBh1gvKz2dDJZlgxzyy7AzLMpx;alias
Max-Forwards: 70
From: <sip:[REDACTED]@[REDACTED]>;tag=V6bPvLX5S0jBnpssQQBhG1W2xhXz01gj
To: <sip:[REDACTED]@[REDACTED]>
Call-ID: 5h.iiZFsYAX2vtMCNx.ZmH9NsicZoQEX
CSeq: 10713 REGISTER
User-Agent: [REDACTED]
Supported: outbound, path
Contact: <sip:[REDACTED]@10.200.154.118:58635;transport=TLS;ob>;reg-id=1;+sip.instance="<urn:uuid:00000000-0000-0000-0000-00009c3fe9b2>"
Expires: 300
Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
Content-Length: 0
--end msg--
15:26:15.914 tsx0x11e9524a8 ...State changed from Null to Calling, event=TX_MSG
15:26:15.914 pjsua_acc.c ..Acc 0: Registration sent
15:26:16.001 tlsc0x11e18882 !TLS connect() error: End of file (PJ_EEOF) [code=70016]
15:26:16.001 tsx0x11e9524a8 Failed to send Request msg REGISTER/cseq=10713 (tdta0x11e950400)! err=70016 (End of file (PJ_EEOF))
15:26:16.001 tsx0x11e9524a8 State changed from Calling to Terminated, event=TRANSPORT_ERROR
15:26:16.001 pjsua_acc.c ..SIP registration failed, status=503 (End of file (PJ_EEOF))
15:26:16.001 pjsua_acc.c ..Scheduling re-registration retry for acc 0 in 2 seconds..
15:26:16.001 PJSIPInterface ..AccountID 0 reg_state=503
15:26:16.001 tlsc0x11e18882 TLS send() error, sent=-70016
15:26:16.001 pjsua_acc.c Disconnected notification for transport tlsc0x11e188828
15:26:16.001 tsx0x11e9524a8 Timeout timer event
15:26:16.001 tsx0x11e9524a8 .State changed from Terminated to Destroyed, event=TIMER
15:26:16.001 tdta0x11e95040 ..Destroying txdata Request msg REGISTER/cseq=10713 (tdta0x11e950400)
15:26:16.001 tsx0x11e9524a8 Transaction destroyed!
15:26:16.001 tlsc0x11e18882 TLS transport destroyed with reason 70016: End of file (PJ_EEOF)
这是我的iOS应用程序中的传输设置代码......
pjsua_transport_config tlsTransportConfig;
pjsua_transport_config_default(&tlsTransportConfig);
tlsTransportConfig.port = 5161;
tlsTransportConfig.tls_setting.ca_list_file = pj_str((char*)[[[NSBundle mainBundle] pathForResource:@"ca.crt" ofType:@"pem"] cStringUsingEncoding:NSUTF8StringEncoding]);
tlsTransportConfig.tls_setting.cert_file = pj_str((char*)[[[NSBundle mainBundle] pathForResource:@"myapp.crt" ofType:@"pem"] cStringUsingEncoding:NSUTF8StringEncoding]);
tlsTransportConfig.tls_setting.privkey_file = pj_str((char*)[[[NSBundle mainBundle] pathForResource:@"myapp.key" ofType:@"pem"] cStringUsingEncoding:NSUTF8StringEncoding]);
tlsTransportConfig.tls_setting.password = pj_str("[REDACTED]");
tlsTransportConfig.tls_setting.verify_client = PJ_TRUE;
tlsTransportConfig.tls_setting.verify_server = PJ_TRUE;
tlsTransportConfig.tls_setting.method = PJSIP_SSLV2_METHOD;
status = pjsua_transport_create(PJSIP_TRANSPORT_TLS, &tlsTransportConfig, NULL);
答案 0 :(得分:0)
如果有其他人遇到此问题。根据我关注的教程,我将tls方法设置为 PJSIP_SSLV2_METHOD ,如上面的代码所示。但是,当我将其更改为 PJSIP_TLSV1_METHOD 时,一切都开始工作了。这也需要在SSL方法的PJSIP设置中进行更改。
我不确定为什么SSLV2不起作用但tlsv1工作得很好。
答案 1 :(得分:0)
我认为这也可能与服务器端有关。如果您使用的服务器是Opensips,则可能是SIP消息过于分散,并且OpenSIPS关闭了连接以防止数据包碎片攻击,默认值为4。 更改服务器上的.cfg文件选项应该可以解决此问题
modparam(“ proto_tls”,“ tls_max_msg_chunks”,8)