Dear friends,
Since last few days i am working on Kamailio with TLS support. I had followed each and every steps in installation docs...created certificates as well.
Then i started testing the server with TLS on using SIPP. First i didnt added any certificate to SIPP, and Registration wasnt happening... When i added a certificate and key to SIPP....it started working fine....i was been able to test Registrations Successfully.
Then i started working with one open source soft phone supporting TLS named mumble. IT Supports. Now i hadnt added any certificate to Mumblem.
In my settings of kamailio i have set clietn_verify = 0 and require_client_certificate = 0. So without certificate as well i should be able to Authenticate my self successfully. Instead it gives following error in kamailio log:
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:print_ip: tcpconn_new: new tcp connection to: 172.16.16.218 Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_new: on port 58125, type 3 Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connection Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_tcpconn_init: looking up socket based TLS server domain [172.16.16.218:5091] Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_find_server_domain: socket based TLS server domain found Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_tcpconn_init: found socket based TLS server domain [172.16.16.218:5091] Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server) Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_add: hashes: 929, 1 Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:handle_new_connect: new connection: 0x7fd6f4a58208 23 flags: 0002 Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:send2child: to tcp child 0 0(3296), 0x7fd6f4a58208 Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:handle_io: received n=8 con=0x7fd6f4a58208, fd=18 Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_add: io_watch_add(0x73a0a0, 18, 2, 0x7fd6f4a58208), fd_no=1 Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:tls_update_fd: New fd is 18 Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: ERROR:core:tls_accept: SSL_accept failed: SSL_ERROR_SSL Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_del: io_watch_del (0x73a0a0, 18, -1, 0x10) fd_no=2 called Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn: releasing con 0x7fd6f4a58208, state -2, fd=18, id=1 Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn: extra_data 0x7fd6f4a683a0 Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:handle_tcp_child: reader response= 7fd6f4a58208, -2 from 0 Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_destroy: destroying connection 0x7fd6f4a58208, flags 0002 Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_close: closing SSL connection Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_update_fd: New fd is 23 Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_shutdown: shutdown successful Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_tcpconn_clean: Cleanup function entered Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:print_ip: tcpconn_new: new tcp connection to: 172.16.16.218 Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_new: on port 58126, type 3 Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connection Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_tcpconn_init: looking up socket based TLS server domain [172.16.16.218:5091] Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_find_server_domain: socket based TLS server domain found Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_tcpconn_init: found socket based TLS server domain [172.16.16.218:5091] Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server) Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_add: hashes: 930, 2 Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:handle_new_connect: new connection: 0x7fd6f4a58208 23 flags: 0002 Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:send2child: to tcp child 0 0(3296), 0x7fd6f4a58208 Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:handle_io: received n=8 con=0x7fd6f4a58208, fd=18 Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_add: io_watch_add(0x73a0a0, 18, 2, 0x7fd6f4a58208), fd_no=1 Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:tls_update_fd: New fd is 18 Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: ERROR:core:tls_accept: SSL_accept failed: SSL_ERROR_SSL Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_del: io_watch_del (0x73a0a0, 18, -1, 0x10) fd_no=2 called Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn: releasing con 0x7fd6f4a58208, state -2, fd=18, id=2 Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn: extra_data 0x7fd6f4a683a0 Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:handle_tcp_child: reader response= 7fd6f4a58208, -2 from 0 Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_destroy: destroying connection 0x7fd6f4a58208, flags 0002 Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_close: closing SSL connection Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_update_fd: New fd is 23 Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_shutdown: shutdown successful Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_tcpconn_clean: Cleanup function entered
And in Mumble soft phone log it gives me following Error:
[9:50 AM] Welcome to Mumble. [9:50 AM] Server connection failed: Error during SSL handshake: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure. [9:51 AM] Reconnecting. [9:51 AM] Server connection failed: Error during SSL handshake: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure. [9:51 AM] Reconnecting. [9:51 AM] Server connection failed: Error during SSL handshake: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure. [9:51 AM] Reconnecting. [9:51 AM] Server connection failed: Error during SSL handshake: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure.
Can any one suggest what could be the problem? My Server works great with SIPP with TLS....so i dont think theres any config related error and i have set client_require_certificate = 0 thats for sure....
In real life scenario, hard or soft phones wont have certificates...so they should be able to connect to server and authenticate/Authorize themselves if server has valid certificate.But its not happening. So i need help from experienced guys....