Re: [SR-Users] Configuring TLS and WSS with Kamailio

18 Oct 2014


      ok. I have made some changes. rather than getting the TLS configaration from a file I added this lines: 
#!ifdef WITH_TLS# ----- tls params -----
modparam("tls", "private_key", "/etc/certs/sip.192.168.146.133/key.pem")modparam("tls", "certificate", "/etc/certs/sip.192.168.146.133/cert.pem")modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem")
now, Im getting different logs which looks good.  Getting positive results from openssl test,
openssl s_client -connect 192.168.146.133:5061 -tls1CONNECTED(00000003)^C
But when I try to connect using my webRTC client or even from web-browsers im getting timed out. I think im  close .. please help me fixing this issue.
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>: require_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>: cipher_list='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>: verify_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client certificate required and no checks performedOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>: require_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>: cipher_list='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>: verify_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY present invalid certificateOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop:  using epoll_lt io watch method (config)
From: dodul@live.com
To: ben@langfeld.me; sr-users@lists.sip-router.org
Date: Sat, 18 Oct 2014 05:08:20 +0600
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
I dint find any in my installation directory. probably it doesn't come with standard installation unless you explicitly mention for it... not sure though
Date: Fri, 17 Oct 2014 19:56:50 -0300
From: ben@langfeld.co.uk
To: sr-users@lists.sip-router.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Out of curiosity, why don't you use the pre-built packaged binaries instead of building from source?
On 17 October 2014 19:53, Kamrul Khan dodul@live.com wrote:
Hi,
Im trying to connect my WebRTC clietn
to kamailio via WSS. I successfully connected it via WS but having
trouble connecting it via WSS. My first issue is I get error messages
while i try to compile TLS module(console log in the end of the
document). But, still it creates tls.so file. So i copied the tls.so
to my kamailio modules directory and then updated my kamailio
configuration as below:
#!define WITH_TLS
.
.listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif
Now, according to this mailing
list,http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html
: “when
tls module is installed, a self signed pair of certificate-private
key is generated in /usr/local/etc/kamailio”
In
my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
to create my certificate and key. And updated my tsl.cfg, this is how
my tsl.cfg looks like:
[server:192.168.146.133:5061]
method
= TLSv1
verify_certificate
= no
require_certificate
= no
private_key
= /etc/certs/sip.192.168.146.133/key.pem
certificate
= /etc/certs/sip.192.168.146.133/cert.pem
ca_list
= /etc/certs/demoCA/cert.pem
[client:192.168.146.133:5061]
verify_certificate
= yes
require_certificate
= yes
Then I restarted my kamailio server.
And i get the following errors in my kamailio log:
Im not sure what wrong im doing. Please
help me:
Oct 17 15:44:50 ubuntu kamailio: INFO:
tls [tls_init.c:385]: init_tls_compression(): tls: init_tls:
disabling compression...
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [socket_info.c:1397]: fix_hostname(): WARNING:
fix_hostname: could not rev. resolve 192.168.146.133
Oct 17 15:44:50 ubuntu kamailio:
message repeated 2 times: [ WARNING: <core>
[socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO:
<core> [tcp_main.c:4836]: init_tcp(): init_tcp: using epoll_lt
as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [daemonize.c:352]: daemonize(): pid file
contains old pid, replacing pid
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: usrloc
[hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:197]: pres_db_init(): xcap_auth_status function is disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: tls
[tls_init.c:668]: tls_check_sockets(): TLSs<192.168.146.133:5061>:
No listening socket found
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: <core>
[sr_module.c:970]: init_mod(): init_mod(): Error while initializing
module tls (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: : tls
[tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number:  30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR:
<core> [daemonize.c:307]: daemonize(): Main process exited
before writing to pipe
tls module compile log
xxx@ubuntu:/usr/local/src/kamailio-4.1/kamailio$
sudo make -C modules/tls
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Leaving directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC
(gcc) [M tls.so]            
tls_bio.o
CC
(gcc) [M tls.so]            
tls_cfg.o
CC
(gcc) [M tls.so]            
tls_config.o
CC
(gcc) [M tls.so]            
tls_ct_wrq.o
CC
(gcc) [M tls.so]            
tls_domain.o
In
file included from tls_domain.c:39:0:
tls_domain.c:
In function âload_certâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_domain.c:506:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_cert:");
^
tls_domain.c:
In function âload_ca_listâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_domain.c:536:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_domain.c:543:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_domain.c:
In function âload_crlâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_domain.c:575:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_crl:");
^
tls_domain.c:
In function âload_private_keyâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_domain.c:990:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_domain.c:998:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_domain.c:1005:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
CC
(gcc) [M tls.so]            
tls_dump_vf.o
CC
(gcc) [M tls.so]            
tls_init.o
CC
(gcc) [M tls.so]            
tls_locking.o
CC
(gcc) [M tls.so]            
tls_mod.o
CC
(gcc) [M tls.so]            
tls_rpc.o
CC
(gcc) [M tls.so]            
tls_select.o
CC
(gcc) [M tls.so]            
tls_server.o
In
file included from tls_server.c:52:0:
tls_server.c:
In function âtls_complete_initâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_server.c:192:3:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("Failed
to create SSL or BIO structure:");
^
tls_server.c:
In function âtls_shutdownâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_server.c:521:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("SSL
error:");
^
tls_server.c:
In function âtls_encode_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_server.c:798:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_server.c:832:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_server.c:
In function âtls_read_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_server.c:1186:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;            
\
^
tls_server.c:1220:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
CC
(gcc) [M tls.so]            
tls_util.o
CC
(gcc) [M tls.so]            
tls_verify.o
LD
(gcc) [M tls.so]            
tls.so
make:
Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [SR-Users] Configuring TLS and WSS with Kamailio