WSS configuration sample needed

List overview All Threads
Download

newer

older

Planning the release of Kamailio...

sdp_remove_line_by_prefix

Sunil More

9 May 2016 9 May '16

11:44 a.m.

Hello All,

I am trying to connect Kamailio over WSS and the error I get is "tls_accept: client did not present a certificate" . It works fine for WS, however Please guide me to connect over WSS.

the following are the logs i See..

DEBUG: tls [tls_domain.c:703]: sr_ssl_ctx_info_callback(): SSL handshake started

DEBUG: <core> [tcp_main.c:2430]: tcpconn_do_send(): sending...

ay 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL handshake done

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_domain.c:718]: sr_ssl_ctx_info_callback(): SSL disable renegotiation

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:411]: tls_accept(): TLS accept successful

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:418]: tls_accept(): tls_accept: new connection from sunilmore.in:49703 using TLSv1/SSLv3 AES256-SHA 256

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:421]: tls_accept(): tls_accept: local socket: sunilmore.in:10082

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:432]: tls_accept(): tls_accept: client did not present a certificate

And the websocket closes. Please help.

Thanking You, Sunil More Ph : 9503338275

Attachments:

attachment.html (text/html — 2.1 KB)

Show replies by date

Daniel-Constantin Mierla

9 May 9 May

12:02 p.m.

Hello,

look at your tls.cfg file (or modparams for tls module) and change the setting for requiring tls certificate for clients.

Cheers, Daniel

On 09/05/16 13:44, Sunil More wrote:

...

-- Daniel-Constantin Mierla http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com

Sunil More

12:05 p.m.

Hello Daniel,

I am using this ..

loadmodule "tls.so" modparam("tls", "tls_method", "TLSv1") modparam("tls", "certificate", "/usr/local/kamailio/etc/kamailio/cc_kamailio/my_cert.net.crt") modparam("tls", "private_key", "/usr/local/kamailio/etc/kamailio/cc_kamailio/my_key.net.key") modparam("tls", "verify_certificate", 0) modparam("tls", "require_certificate", 0)

Thanking You, Sunil More Ph : 9503338275

On Mon, May 9, 2016 at 5:32 PM, Daniel-Constantin Mierla miconda@gmail.com wrote:

...

Hello,

look at your tls.cfg file (or modparams for tls module) and change the setting for requiring tls certificate for clients. Cheers, Daniel

On 09/05/16 13:44, Sunil More wrote:

Hello All,

I am trying to connect Kamailio over WSS and the error I get is "tls_accept: client did not present a certificate" . It works fine for WS, however Please guide me to connect over WSS.

the following are the logs i See..

DEBUG: tls [tls_domain.c:703]: sr_ssl_ctx_info_callback(): SSL handshake started

DEBUG: <core> [tcp_main.c:2430]: tcpconn_do_send(): sending...

ay 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL handshake done

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_domain.c:718]: sr_ssl_ctx_info_callback(): SSL disable renegotiation

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:411]: tls_accept(): TLS accept successful

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:418]: tls_accept(): tls_accept: new connection from sunilmore.in:49703 using TLSv1/SSLv3 AES256-SHA 256

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:421]: tls_accept(): tls_accept: local socket: sunilmore.in:10082

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:432]: tls_accept(): tls_accept: client did not present a certificate

And the websocket closes. Please help.

Thanking You, Sunil More Ph : 9503338275

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- Daniel-Constantin Mierlahttp://www.asipto.comhttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Daniel-Constantin Mierla

12:33 p.m.

Hello,

do you have config modparam set for tls? Like:

modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")

Or are those all your parameters for tls module?

Cheers, Daniel

On 09/05/16 14:05, Sunil More wrote:

...

Hello Daniel,

I am using this .. loadmodule "tls.so" modparam("tls", "tls_method", "TLSv1") modparam("tls", "certificate", "/usr/local/kamailio/etc/kamailio/cc_kamailio/my_cert.net.crt") modparam("tls", "private_key", "/usr/local/kamailio/etc/kamailio/cc_kamailio/my_key.net.key") modparam("tls", "verify_certificate", 0) modparam("tls", "require_certificate", 0)

Thanking You, Sunil More Ph : 9503338275

On Mon, May 9, 2016 at 5:32 PM, Daniel-Constantin Mierla <miconda@gmail.com mailto:miconda@gmail.com> wrote:

Hello,

look at your tls.cfg file (or modparams for tls module) and change
the setting for requiring tls certificate for clients.

Cheers,
Daniel


On 09/05/16 13:44, Sunil More wrote:

...

Hello All,

I am trying to connect Kamailio over WSS and the error I get is
"tls_accept: client did not present a certificate" . It works
fine for WS, however Please guide me to connect over WSS.

the following are the logs i See..

DEBUG: tls [tls_domain.c:703]: sr_ssl_ctx_info_callback(): SSL
handshake started

DEBUG: <core> [tcp_main.c:2430]: tcpconn_do_send(): sending...

ay  9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]:
DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL
handshake done

May  9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]:
DEBUG: tls [tls_domain.c:718]: sr_ssl_ctx_info_callback(): SSL
disable renegotiation

May  9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]:
DEBUG: tls [tls_server.c:411]: tls_accept(): TLS accept successful

May  9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]:
DEBUG: tls [tls_server.c:418]: tls_accept(): tls_accept: new
connection from sunilmore.in:49703 <http://sunilmore.in:49703>
using TLSv1/SSLv3 AES256-SHA 256

May  9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]:
DEBUG: tls [tls_server.c:421]: tls_accept(): tls_accept: local
socket:sunilmore.in:10082 <http://sunilmore.in:10082>

May  9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]:
DEBUG: tls [tls_server.c:432]: tls_accept(): tls_accept: client
did not present a certificate

And the websocket closes. Please help.




Thanking You,
Sunil More
Ph : 9503338275


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://www.asipto.com
http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - http://www.linkedin.com/in/miconda
Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
list
sr-users@lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- Daniel-Constantin Mierla http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com

Sunil More

3:41 p.m.

Hello Daniel,

I am not using config file. Those are the only parameters that I am using.

Regards, Sunil More On May 9, 2016 6:03 PM, "Daniel-Constantin Mierla" miconda@gmail.com wrote:

...

Hello,

do you have config modparam set for tls? Like:

modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg") Or are those all your parameters for tls module?

Cheers, Daniel

On 09/05/16 14:05, Sunil More wrote:

Hello Daniel,

I am using this ..

loadmodule "tls.so"modparam("tls", "tls_method", "TLSv1") modparam("tls", "certificate", "/usr/local/kamailio/etc/kamailio/cc_kamailio/my_cert.net.crt") modparam("tls", "private_key", "/usr/local/kamailio/etc/kamailio/cc_kamailio/my_key.net.key") modparam("tls", "verify_certificate", 0) modparam("tls", "require_certificate", 0)

Thanking You, Sunil More Ph : 9503338275

On Mon, May 9, 2016 at 5:32 PM, Daniel-Constantin Mierla < miconda@gmail.com> wrote:

...
Hello,

look at your tls.cfg file (or modparams for tls module) and change the setting for requiring tls certificate for clients. Cheers, Daniel

On 09/05/16 13:44, Sunil More wrote:

Hello All,

I am trying to connect Kamailio over WSS and the error I get is "tls_accept: client did not present a certificate" . It works fine for WS, however Please guide me to connect over WSS.

the following are the logs i See..

DEBUG: tls [tls_domain.c:703]: sr_ssl_ctx_info_callback(): SSL handshake started

DEBUG: <core> [tcp_main.c:2430]: tcpconn_do_send(): sending...

ay 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL handshake done

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_domain.c:718]: sr_ssl_ctx_info_callback(): SSL disable renegotiation

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:411]: tls_accept(): TLS accept successful

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:418]: tls_accept(): tls_accept: new connection from sunilmore.in:49703 using TLSv1/SSLv3 AES256-SHA 256

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:421]: tls_accept(): tls_accept: local socket: sunilmore.in:10082

May 9 11:07:01 P172 /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls [tls_server.c:432]: tls_accept(): tls_accept: client did not present a certificate

And the websocket closes. Please help.

Thanking You, Sunil More Ph : 9503338275

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- Daniel-Constantin Mierlahttp://www.asipto.comhttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- Daniel-Constantin Mierlahttp://www.asipto.comhttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com

Daniel-Constantin Mierla

4:07 p.m.

Hello,

I haven't used with modparams for long time, can you try with dedicated tls.cfg config file for tls module and set there require_certificate=no?

It will reveal if there is a problem on handling the modparams for this feature or something else.

Cheers, Daniel

On 09/05/16 17:41, Sunil More wrote:

...

Hello Daniel,

I am not using config file. Those are the only parameters that I am using.

Regards, Sunil More

On May 9, 2016 6:03 PM, "Daniel-Constantin Mierla" <miconda@gmail.com mailto:miconda@gmail.com> wrote:

Hello,

do you have config modparam set for tls? Like:

modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")

Or are those all your parameters for tls module?

Cheers,
Daniel

On 09/05/16 14:05, Sunil More wrote:

...

Hello Daniel, 

I am using this ..
loadmodule "tls.so" modparam("tls", "tls_method", "TLSv1")
modparam("tls", "certificate", "/usr/local/kamailio/etc/kamailio/cc_kamailio/my_cert.net.crt")
modparam("tls", "private_key", "/usr/local/kamailio/etc/kamailio/cc_kamailio/my_key.net.key")
modparam("tls", "verify_certificate", 0)
modparam("tls", "require_certificate", 0)

Thanking You,
Sunil More
Ph : 9503338275

On Mon, May 9, 2016 at 5:32 PM, Daniel-Constantin Mierla
<miconda@gmail.com <mailto:miconda@gmail.com>> wrote:

    Hello,

    look at your tls.cfg file (or modparams for tls module) and
    change the setting for requiring tls certificate for clients.

    Cheers,
    Daniel


    On 09/05/16 13:44, Sunil More wrote:

...

    Hello All,

    I am trying to connect Kamailio over WSS and the error I get
    is "tls_accept: client did not present a certificate" . It
    works fine for WS, however Please guide me to connect over WSS.

    the following are the logs i See..

    DEBUG: tls [tls_domain.c:703]: sr_ssl_ctx_info_callback():
    SSL handshake started

    DEBUG: <core> [tcp_main.c:2430]: tcpconn_do_send(): sending...

    ay  9 11:07:01 P172
    /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
    [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL
    handshake done

    May  9 11:07:01 P172
    /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
    [tls_domain.c:718]: sr_ssl_ctx_info_callback(): SSL disable
    renegotiation

    May  9 11:07:01 P172
    /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
    [tls_server.c:411]: tls_accept(): TLS accept successful

    May  9 11:07:01 P172
    /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
    [tls_server.c:418]: tls_accept(): tls_accept: new connection
    from sunilmore.in:49703 <http://sunilmore.in:49703> using
    TLSv1/SSLv3 AES256-SHA 256

    May  9 11:07:01 P172
    /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
    [tls_server.c:421]: tls_accept(): tls_accept: local
    socket:sunilmore.in:10082 <http://sunilmore.in:10082>

    May  9 11:07:01 P172
    /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
    [tls_server.c:432]: tls_accept(): tls_accept: client did not
    present a certificate

    And the websocket closes. Please help.




    Thanking You,
    Sunil More
    Ph : 9503338275


    _______________________________________________
    SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
    sr-users@lists.sip-router.org
    <mailto:sr-users@lists.sip-router.org>
    http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

    -- 
    Daniel-Constantin Mierla
    http://www.asipto.com
    http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - http://www.linkedin.com/in/miconda
    Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com


    _______________________________________________
    SIP Express Router (SER) and Kamailio (OpenSER) - sr-users
    mailing list
    sr-users@lists.sip-router.org
    <mailto:sr-users@lists.sip-router.org>
    http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://www.asipto.com
http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - http://www.linkedin.com/in/miconda
Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com

-- Daniel-Constantin Mierla http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com

3289

Age (days ago)

3289

Last active (days ago)

sr-users@lists.kamailio.org

5 comments

2 participants

tags (0)

participants (2)

Daniel-Constantin Mierla
Sunil More