Dear Klaus The certificate verification I have disabled.
Facing a new problem. When there is a connection reset, that time Kamailio is crashing. During crash, I get below logs. Any idea why it is crashing and how can I avoid it.
*oot@B2BUA:/usr/local/src/scripts# 9(9557) : <core> [mem/q_malloc.c:431]: BUG: qm_free: bad pointer (nil) (out of memory block!) - aborting 0(9548) ALERT: <core> [main.c:742]: child process 9557 exited by a signal 6 0(9548) ALERT: <core> [main.c:745]: core was generated 0(9548) INFO: <core> [main.c:757]: INFO: terminating due to SIGCHLD 6(9554) INFO: <core> [main.c:808]: INFO: signal 15 received 8(9556) INFO: <core> [main.c:808]: INFO: signal 15 received 4(9552) INFO: <core> [main.c:808]: INFO: signal 15 received 5(9553) INFO: <core> [main.c:808]: INFO: signal 15 received 3(9551) INFO: <core> [main.c:808]: INFO: signal 15 received 7(9555) INFO: <core> [main.c:808]: INFO: signal 15 received 1(9549) INFO: <core> [main.c:808]: INFO: signal 15 received 2(9550) INFO: <core> [main.c:808]: INFO: signal 15 received 0(9548) : <core> [mem/q_malloc.c:431]: BUG: qm_free: bad pointer (nil) (out of memory block!) - aborting
THANKS kamal * On Thu, Oct 25, 2012 at 7:43 PM, Klaus Darilion < klaus.mailinglists@pernau.at> wrote:
Hi Kamal!
Are you familiar with SSL/TLS and certificates? With TLS the trust between TLS server and TLS client is usually via a trusted certification authority (CA). For example, if the intermediate proxy uses a certificate which is issued by CA FOOBAR-XYZ, the you have to configure Kamailio to accept certificates singed by FOOBAR-XYZ. This is done by copying the public root certificate of FOOBAR-XYZ to the Kamailio server and configure Kamailio to use the FOOBAR-XYZ certificate as trusted CA. Of course then you automatically also trust all others certificates issued by FOOBAR-XYZ.
To configure the trusted CAs use: http://kamailio.org/docs/**modules/3.3.x/modules/tls.**html#ca_listhttp://kamailio.org/docs/modules/3.3.x/modules/tls.html#ca_list
You could also disable the certificate validation with: http://kamailio.org/docs/**modules/3.3.x/modules/tls.** html#verify_certificatehttp://kamailio.org/docs/modules/3.3.x/modules/tls.html#verify_certificate
But of course this reduces TLS benefits to encryption-only.
regards Klaus
On 22.10.2012 13:53, Kamal Palei wrote:
Dear All I have modified kamailio,cfg and compiled all the modules with TLS enabled, and able to bring up the kamailio proxy properly.
Kamailio proxy will receive the REGISTER message from endpoints in UDP , and want to send this REGISTER message to another intermediate proxy in TLS. For this purpose, I have added few lines in kamailio.cfg file as below.
I have created the certificates, private keys as explained by README file in kamailio-3.1.5/modules/tls/ path.
if(is_method("REGISTER")) { t_relay_to("tls:115.114.48.75:**443<http://115.114.48.75:443>exit(); }Looks like this is taking effect. When Kamailio receives REGISTER message it is trying to do handshake with intermediate proxy. I used wireshark to see the handshake messages.
- From Kamailio proxy, a TCP SYNC message is going to intermediate proxy.
- intermediate proxy sends SYNC + ACK
- Kamailio sends CLIENT HELLO
- intermediate proxy sends SERVER HELLO, CERTIFICATE and SERVER HELLO
DONE 5. The Kamailio sends ALERT (Level: Fatal, Description: Unknown CA) ---> IS something going wrong here.............. 6. Then Kamailio sends FIN + ACK
Can somebody please let me know why the certificate verification fails (I get this log in console). How can I put a work around to avoid certification verification failure.
Best Regards kamal
______________________________**_________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**usershttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users