Re: [SR-Users] TLS Handshake failing with WSS

8 Sep 2014

Hello Daniel:

Trying it, accessing via Browser here is the log, similarities with the
access via SIPML5, no errors, no warnings (at least as far as I can see):

 DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
connection:  123.123.123.123
 DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port
58654, type 3
 DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes:
263:3337:1427, 5
 DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89bda0,
34, 2, 0x7f72f4768638), fd_no=22
 DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x89bda0, 34, -1, 0x0) fd_no=23 called
 DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending to
child, events 1
 DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 0
11(1700) for activity on [tls:124.124.124.124:10443], 0x7f72f4768638
  DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8
con=0x7f72f4768638, fd=11
  DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain
TLSs<default>
  DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake
started
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=2060 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
  DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
  DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake
done
  DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable
renegotiation
  DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
  DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection
from  123.123.123.123:58654 using TLSv1/SSLv3 AES256-SHA 256
  DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket:
124.124.124.124:10443
  DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not
present a certificate
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=282 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
  DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f72f4768638,
FD 11
  DEBUG: <core> [tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF
  DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x8e0040, 11, -1, 0x10) fd_no=2 called
  DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con
0x7f72f4768638, state -1, fd=11, id=5
  DEBUG: <core> [tcp_read.c:1438]: release_tcpconn():  extra_data
0x7f72f47915b0
  DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child:
reader response= 7f72f4768638, -1 from 0
  DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection
0x7f72f47915b0
  DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
connection:  123.123.123.123
  DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port
58656, type 3
  DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes:
313:3383:1453, 6
  DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22
  DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x89bda0, 34, -1, 0x0) fd_no=23 called
  DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending
to child, events 1
  DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 1
12(1701) for activity on [tls:124.124.124.124:10443], 0x7f72f4768638
  DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8
con=0x7f72f4768638, fd=11
  DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain
TLSs<default>
  DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake
started
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=2060 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
  DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
  DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake
done
  DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable
renegotiation
  DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
  DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection
from  123.123.123.123:58656 using TLSv1/SSLv3 AES256-SHA 256
  DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket:
124.124.124.124:10443
  DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not
present a certificate
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=282 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
  DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
  DEBUG: <core> [parser/msg_parser.c:625]: parse_msg():  method:  <GET>
  DEBUG: <core> [parser/msg_parser.c:627]: parse_msg():  uri:     </>
  DEBUG: <core> [parser/msg_parser.c:629]: parse_msg():  version: <HTTP/1.1>
  DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of
header
  DEBUG: <core> [receive.c:152]: receive_msg(): After parse_msg...
  DEBUG: xhttp [xhttp_mod.c:358]: xhttp_handler(): new fake msg created
(425 bytes):#012<GET / HTTP/1.1#015#012Via: SIP/2.0/TLS
123.123.123.123:58656#015#012Host: domain.com:10443#015#012Connection:
keep-alive#015#012Cache-Control: max-age=0#015#012Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8#015#012User-Agent:
Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/37.0.2062.103 Safari/537.36#015#012Accept-Encoding:
gzip,deflate#015#012Accept-Language:
es,en-GB;q=0.8,en;q=0.6,fr;q=0.4#015#012#015#012>
  DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
  DEBUG: <core> [parser/msg_parser.c:625]: parse_msg():  method:  <GET>
  DEBUG: <core> [parser/msg_parser.c:627]: parse_msg():  uri:     </>
  DEBUG: <core> [parser/msg_parser.c:629]: parse_msg():  version: <HTTP/1.1>
  DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header
reached, state=5
  DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): parse_headers:
Via found, flags=2
  DEBUG: <core> [parser/msg_parser.c:515]: parse_headers(): parse_headers:
this is the first via
  INFO: <script>: HTTP Request Received
  DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of
header
  DEBUG: sl [sl.c:288]: send_reply(): reply in stateless mode (sl)
  DEBUG: <core> [msg_translator.c:204]: check_via_address():
check_via_address( 123.123.123.123,  123.123.123.123, 0)
  DEBUG: <core> [tcp_main.c:2320]: tcpconn_send_put(): tcp_send: send from
reader (1701 (12)), reusing fd
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=165 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#027#003#003
  DEBUG: <core> [tcp_main.c:3624]: handle_ser_child(): handle_ser_child:
read response= 7f72f4768638, -1, fd -1 from 12 (1701)
  DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection
0x7f72f47915b0
  DEBUG: <core> [usr_avp.c:644]: destroy_avp_list():
DEBUG:destroy_avp_list: destroying list (nil)
  message repeated 5 times: [ DEBUG: <core> [usr_avp.c:644]:
destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)]
  DEBUG: <core> [xavp.c:448]: xavp_destroy_list(): destroying xavp list
(nil)
  DEBUG: <core> [receive.c:296]: receive_msg(): receive_msg: cleaning up
  DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x8e0040, 11, -1, 0x10) fd_no=2 called
  DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con
0x7f72f4768638, state -2, fd=11, id=6
  DEBUG: <core> [tcp_read.c:1438]: release_tcpconn():  extra_data
0x7f72f47915b0
  DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child:
reader response= 7f72f4768638, -2 from 1

Regards and thanks for your time

*Manuel Camargo*
Teléfono: 638000836
eMail: sir.louen(a)gmail.com
<https://twitter.com/SirLouen>
[image: Ver el perfil de Manuel Camargo Lominchar en LinkedIn]
<http://es.linkedin.com/in/louen>

2014-09-08 14:57 GMT+02:00 Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt;om>:

...
   Hello,

 if you run latest versions of web browsers, they become more restrictive
 on wss connection. Be sure that the cetificate is also trusted by the web
 browser.

 You can go with the web browser to https://ipofkamailio:portforwss and
 see if you get any warnings there.

 Cheers,
 Daniel

 On 06/09/14 17:23, Manuel Camarg wrote:

  I'm trying to implement WSS with Kamailio
 Thing is that WS works fine, I've followed:
 http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket

  modparam("tls", "config", "webrtc/tls.cfg")
  In a tls.cfg file I have :

  [server:default]
 method = SSLv23
 verify_certificate = no
  require_certificate = no
 private_key = webrtc/private.key
  certificate = webrtc/ssl.pem
 ca_list = webrtc/ca_list.pem

  In the log file:

  /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:178]:
 tls_complete_init(): Using TLS domain TLSs<default>
 /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:700]:
 sr_ssl_ctx_info_callback(): SSL handshake started
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
 tcpconn_do_send(): tcp_send: sending...
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
 tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=5524
 fd=11
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
 tcpconn_do_send(): tcp_send: buf=#012#026#003#003
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:390]:
 io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f7513516958), fd_no=1
 /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:712]:
 sr_ssl_ctx_info_callback(): SSL handshake done
 /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:715]:
 sr_ssl_ctx_info_callback(): SSL disable renegotiation
 /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:348]:
 tls_accept(): TLS accept successful
 /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:355]:
 tls_accept(): tls_accept: new connection from 123.123.123.123:63300 using
 TLSv1/SSLv3 AES256-SHA 256
 /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:358]:
 tls_accept(): tls_accept: local socket: 124.124.124.124:10443
 /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:369]:
 tls_accept(): tls_accept: client did not present a certificate
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
 tcpconn_do_send(): tcp_send: sending...
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
 tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=282 fd=11
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
 tcpconn_do_send(): tcp_send: buf=#012#026#003#003
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:296]:
 tcp_read_data(): EOF on 0x7f7513516958, FD 11
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1293]:
 tcp_read_req(): tcp_read_req: EOF
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:617]:
 io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1437]:
 release_tcpconn(): releasing con 0x7f7513516958, state -1, fd=11, id=2
 /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1438]:
 release_tcpconn():  extra_data 0x7f7513510a88
 /usr/local/sbin/kamailio[4029]: DEBUG: <core> [tcp_main.c:3385]:
 handle_tcp_child(): handle_tcp_child: reader response= 7f7513516958, -1
 from 1
 /usr/local/sbin/kamailio[4029]: DEBUG: tls [tls_server.c:597]:
 tls_h_close(): Closing SSL connection 0x7f7513510a88

  In sipml5 the error:

  *Disconnected: Failed to connect to the server*

  In the Chrome console:

 *__tsip_transport_ws_onerror  *
 *__tsip_transport_ws_onclose *

  SSL certificates seem to be ok:
  # openssl verify -CAfile ca_list.pem ssl.pem
 ssl.pem: OK

  Can't figure out a solution :( Any ideas?

 *Manuel Camargo*
 Teléfono: 638000836
 eMail: sir.louen(a)gmail.com

 _______________________________________________
 SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
listsr-users@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

 --
 Daniel-Constantin Mierlahttp://twitter.com/#!/miconda -
http://www.linkedin.com/in/miconda
 Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
 Sep 22-25, Berlin, Germany

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [SR-Users] TLS Handshake failing with WSS