Configure TLS for Opensips

Opensips (www.opensips.org) is an well-know open source SIP server which supports TLS.

1. Compile opensips and configuration.

    There are many material can be referred over the web site about the compile & installation. Here just ex

    give a little bit expation about certifictes used by opensips and it's clients.

    rootCA: cacert.pem

    It's a self-signed root CA, was used to signe certificates. Opensips hold this rootCA, if SSL_VERIFY_PEER

    is enabled or the client enabled SSL_VERIFY_SERVER, then the rootCA should also install to client.

 

2. Symbian VoIP clients connect to opensips over TLS.

    The rootCA generated by opensips is txt mode, Symbian use DER (binary mode) certificate. So, if the

    cacert.pem will be used on Symbian device, addation work to convert .pem to .cer should to do by

    openssl x509 -in cacert.pem -out cacert.cer -outform DER

 

3. MiniSIP connect to opensips over TLS

    MiniSIP 0.7 hard code to use SSLv23_client_method as the version of SSL, however, opensips use

    newer SSL version TLSv1_method. To make MiniSIP works with opensips over TLS, just change the SSL

    version was used in MiniSIP by modify such code:

 

    TLSSocket::TLSSocket( IPAddress &addr, int32_t port, void * &ssl_ctx,
        MRef<certificate *> cert, MRef<ca_db *> cert_db )

    {
        type = SOCKET_TYPE_TLS;
        const unsigned char * sid_ctx = (const unsigned char *)"Minisip TLS";
        SSLeay_add_ssl_algorithms();
        SSL_METHOD *meth = TLSv1_client_method();   //SSLv23_client_method();

        ...

    }