Hello Daniel:
Trying it, accessing via Browser here is the log, similarities with the access via SIPML5, no errors, no warnings (at least as far as I can see):
DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 123.123.123.123 DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port 58654, type 3 DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes: 263:3337:1427, 5 DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22 DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x89bda0, 34, -1, 0x0) fd_no=23 called DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 0 11(1700) for activity on [tls:124.124.124.124:10443], 0x7f72f4768638 DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8 con=0x7f72f4768638, fd=11 DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain TLSs<default> DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending... DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=2060 fd=11 DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003 DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1 DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake done DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable renegotiation DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection from 123.123.123.123:58654 using TLSv1/SSLv3 AES256-SHA 256 DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket: 124.124.124.124:10443 DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not present a certificate DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending... DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=282 fd=11 DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003 DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f72f4768638, FD 11 DEBUG: <core> [tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con 0x7f72f4768638, state -1, fd=11, id=5 DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data 0x7f72f47915b0 DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child: reader response= 7f72f4768638, -1 from 0 DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection 0x7f72f47915b0 DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 123.123.123.123 DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port 58656, type 3 DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes: 313:3383:1453, 6 DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22 DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x89bda0, 34, -1, 0x0) fd_no=23 called DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1 DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 1 12(1701) for activity on [tls:124.124.124.124:10443], 0x7f72f4768638 DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8 con=0x7f72f4768638, fd=11 DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain TLSs<default> DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending... DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=2060 fd=11 DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003 DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1 DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake done DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable renegotiation DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection from 123.123.123.123:58656 using TLSv1/SSLv3 AES256-SHA 256 DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket: 124.124.124.124:10443 DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not present a certificate DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending... DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=282 fd=11 DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003 DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request: DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <GET> DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: </> DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version: <HTTP/1.1> DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of header DEBUG: <core> [receive.c:152]: receive_msg(): After parse_msg... DEBUG: xhttp [xhttp_mod.c:358]: xhttp_handler(): new fake msg created (425 bytes):#012<GET / HTTP/1.1#015#012Via: SIP/2.0/TLS 123.123.123.123:58656#015#012Host: domain.com:10443#015#012Connection: keep-alive#015#012Cache-Control: max-age=0#015#012Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8#015#012User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36#015#012Accept-Encoding: gzip,deflate#015#012Accept-Language: es,en-GB;q=0.8,en;q=0.6,fr;q=0.4#015#012#015#012> DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request: DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <GET> DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: </> DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version: <HTTP/1.1> DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header reached, state=5 DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): parse_headers: Via found, flags=2 DEBUG: <core> [parser/msg_parser.c:515]: parse_headers(): parse_headers: this is the first via INFO: <script>: HTTP Request Received DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of header DEBUG: sl [sl.c:288]: send_reply(): reply in stateless mode (sl) DEBUG: <core> [msg_translator.c:204]: check_via_address(): check_via_address( 123.123.123.123, 123.123.123.123, 0) DEBUG: <core> [tcp_main.c:2320]: tcpconn_send_put(): tcp_send: send from reader (1701 (12)), reusing fd DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending... DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=165 fd=11 DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#027#003#003 DEBUG: <core> [tcp_main.c:3624]: handle_ser_child(): handle_ser_child: read response= 7f72f4768638, -1, fd -1 from 12 (1701) DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection 0x7f72f47915b0 DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil) message repeated 5 times: [ DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)] DEBUG: <core> [xavp.c:448]: xavp_destroy_list(): destroying xavp list (nil) DEBUG: <core> [receive.c:296]: receive_msg(): receive_msg: cleaning up DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con 0x7f72f4768638, state -2, fd=11, id=6 DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data 0x7f72f47915b0 DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child: reader response= 7f72f4768638, -2 from 1
Regards and thanks for your time
*Manuel Camargo* Teléfono: 638000836 eMail: sir.louen@gmail.com https://twitter.com/SirLouen [image: Ver el perfil de Manuel Camargo Lominchar en LinkedIn] http://es.linkedin.com/in/louen
2014-09-08 14:57 GMT+02:00 Daniel-Constantin Mierla miconda@gmail.com:
Hello,
if you run latest versions of web browsers, they become more restrictive on wss connection. Be sure that the cetificate is also trusted by the web browser.
You can go with the web browser to https://ipofkamailio:portforwss and see if you get any warnings there.
Cheers, Daniel
On 06/09/14 17:23, Manuel Camarg wrote:
I'm trying to implement WSS with Kamailio Thing is that WS works fine, I've followed: http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket
modparam("tls", "config", "webrtc/tls.cfg") In a tls.cfg file I have :
[server:default] method = SSLv23 verify_certificate = no require_certificate = no private_key = webrtc/private.key certificate = webrtc/ssl.pem ca_list = webrtc/ca_list.pem
In the log file:
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain TLSs<default> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending... /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=5524 fd=11 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f7513516958), fd_no=1 /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake done /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable renegotiation /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection from 123.123.123.123:63300 using TLSv1/SSLv3 AES256-SHA 256 /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket: 124.124.124.124:10443 /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not present a certificate /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending... /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=282 fd=11 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f7513516958, FD 11 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con 0x7f7513516958, state -1, fd=11, id=2 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data 0x7f7513510a88 /usr/local/sbin/kamailio[4029]: DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child: reader response= 7f7513516958, -1 from 1 /usr/local/sbin/kamailio[4029]: DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection 0x7f7513510a88
In sipml5 the error:
*Disconnected: Failed to connect to the server*
In the Chrome console:
*__tsip_transport_ws_onerror * *__tsip_transport_ws_onclose *
SSL certificates seem to be ok: # openssl verify -CAfile ca_list.pem ssl.pem ssl.pem: OK
Can't figure out a solution :( Any ideas?
*Manuel Camargo* Teléfono: 638000836 eMail: sir.louen@gmail.com
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Next Kamailio Advanced Trainings 2014 - http://www.asipto.com Sep 22-25, Berlin, Germany