No TLS transport on iOS ?

[perwx3]

Hello all,

I have stumbled on yet another network connection issue on iOS with baresip. It seems that on iOS Baresip fails to bind the TLS socket. For example if checking 'SIP Debug' in menu on Android i get UDP, TCP and TLS transports. On iOS I'm getting only UDP and TCP. When I try to register an UA using TLS I get a error printout from Baresip saying something like: SIP register failed - transport not available.

Any suggestions on how to debug this and find the problem?

Br, Per Enstedt - wx3 telecom

[alfredh]

if you want support for SIP over TLS, you must cross compile OpenSSL for iOS and make sure that libre is built with this flag:

USE_OPENSSL=yes

[perwx3]

Ah, yes. Me stupid.... :)

Actually there are two USE_OPENSSL flags in baresip-ios/mk/contrib.mk to enable.. LIBRE_BUILD_FLAGS and BARESIP_BUILD_FLAGS. Rebuilt and TLS works fine now.

Thank you very much for Baresip and all your support, Alfred!

Br, Per Enstedt - wx3 telecom

[mathipalm]

@perwx3, how did you cross compile openssl?

[perwx3]

Hi!

I used this project: https://github.com/x2on/OpenSSL-for-iPhone

[mathipalm]

@perwx3 I tried that too, but I still get openssl/sha.h' file not found am I missing some parts with linking or something or how do i make contrib know how to use openssl?

[perwx3]

You need to add some stuff to baresip-ios/mk/contrib.mk to make openssl include and link.

Add a symlink to the project from baresip-ios:

cd baresip-ios
ln -s 'path to the project' openssl

Edit mk/contrib.mk, add this somewhere before EXTRA_I386: OPENSSL := $(SOURCE_PATH)/openssl

Then you need to add a include row -I$(OPENSSL)/include \ in all EXTRA_CFLAGS segments

And also a link row -L$(OPENSSL)/lib \ in all EXTRA_LFLAGS segments

Save and try make contrib again

[mathipalm]

@perwx3 You sir are my hero:) I'm halfway there though, now i'm getting compile errors. Was that something you encountered as well?

src/tls/openssl/tls.c:293:23: error: implicit declaration of function 'X509_get_notBefore' is invalid
      in C99 [-Werror,-Wimplicit-function-declaration]
        if (!X509_gmtime_adj(X509_get_notBefore(cert), -3600*24*365) ||
                             ^
src/tls/openssl/tls.c:293:23: warning: this function declaration is not a prototype
      [-Wstrict-prototypes]
src/tls/openssl/tls.c:293:23: warning: incompatible integer to pointer conversion passing 'int' to
      parameter of type 'ASN1_TIME *' (aka 'struct asn1_string_st *') [-Wint-conversion]
        if (!X509_gmtime_adj(X509_get_notBefore(cert), -3600*24*365) ||
                             ^~~~~~~~~~~~~~~~~~~~~~~~
/Users/mathiaspalm/Downloads/baresip-ios-master/openssl/include/openssl/x509.h:479:39: note: passing
      argument to parameter 's' here
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
                                      ^
src/tls/openssl/tls.c:294:23: error: implicit declaration of function 'X509_get_notAfter' is invalid
      in C99 [-Werror,-Wimplicit-function-declaration]
            !X509_gmtime_adj(X509_get_notAfter(cert),   3600*24*365*10))
                             ^
src/tls/openssl/tls.c:294:23: warning: this function declaration is not a prototype
      [-Wstrict-prototypes]
src/tls/openssl/tls.c:294:23: warning: incompatible integer to pointer conversion passing 'int' to
      parameter of type 'ASN1_TIME *' (aka 'struct asn1_string_st *') [-Wint-conversion]
            !X509_gmtime_adj(X509_get_notAfter(cert),   3600*24*365*10))
                             ^~~~~~~~~~~~~~~~~~~~~~~
/Users/mathiaspalm/Downloads/baresip-ios-master/openssl/include/openssl/x509.h:479:39: note: passing
      argument to parameter 's' here
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);```

[perwx3]

No compile errors that I can remember, i'll check tomorrow. Which openssl version are you using?

[mathipalm]

It seems to default to 1.0.2l but l tried 1.1.0f I think, not exactly sure how to change versions with no luck either. I also tried using clang instead of gcc but I got the same errors

[perwx3]

I'm compiling baresip/libre 0.5.4 and OpenSSL 1.0.2l for iOS with no errors. I diffed my tls.c with latest libre version and there are some small changes but nothing regarding X509_get_notAfter. Soo... I'm out of suggestions.

[mathipalm]

Hmm. Have you tried with the latest version of baresip/libre?