Hi, please help me out with these questions:
Is it possible to configure kamailio to use different certificates, one per peer? Do we just add them to the same "calist.pem" file?
Is is possible to configure kamailio to accept a certificate from another device? I mean instead of Kamailio creating the certificate/key and give it to customer/provider. If that is the case, do we also add it to the "calist.pem" file as well?
If all the above is true, what happens when the certificates have different expiration dates?
thank you very much
Hello,
On 6/12/13 3:50 PM, Fabian Borot wrote:
Hi, please help me out with these questions:
Is it possible to configure kamailio to use different certificates, one per peer? Do we just add them to the same "calist.pem" file?
look at tls.cfg structure, you can define sections for various cases of acting as client or server.
Is is possible to configure kamailio to accept a certificate from another device? I mean instead of Kamailio creating the certificate/key and give it to customer/provider. If that is the case, do we also add it to the "calist.pem" file as well?
If all the above is true, what happens when the certificates have different expiration dates?
The clients can be required to present a certificate. The certificate can be generated by anyone, then it is up to your configuration to require validation inside the library (which will be done base on trusted CA list) or let it go to config and then use variables to check various attributes of the certificate.
Cheers, Daniel
Hi All,
Need some help of setup TLS on Kamailio. Currently my Kamailio TLS works, but only support one client register successfully. If there's another client want to setup TLS connection, it shows: tls [tls_server.c:392]: SSL error:error:07064041:memory bufferoutines:BUF_MEM_grow:malloc failure.
I have modified /etc/default/Kamailio MEMORY=256 But the error is still there.
The client A and B share same private key and Trusted Certificate. I don't know if this is correct or this is the cause that second TLS failure.
Can anyone help me? I can provide log or config if necessary.
Thanks, Derrick
Also tried: modparam("tls", "low_memory_threshold1", 0) modparam("tls", "low_memory_threshold2", 0) same error.
And by default, compression is disabled. So strange error.
-----Original Message----- From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Derrick Ding Sent: Tuesday, November 19, 2013 3:19 PM To: 'Kamailio (SER) - Users Mailing List' Subject: [SR-Users] Why my kamailio only support 1 TLS connection
Hi All,
Need some help of setup TLS on Kamailio. Currently my Kamailio TLS works, but only support one client register successfully. If there's another client want to setup TLS connection, it shows: tls [tls_server.c:392]: SSL error:error:07064041:memory bufferoutines:BUF_MEM_grow:malloc failure.
I have modified /etc/default/Kamailio MEMORY=256 But the error is still there.
The client A and B share same private key and Trusted Certificate. I don't know if this is correct or this is the cause that second TLS failure.
Can anyone help me? I can provide log or config if necessary.
Thanks, Derrick
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Here is the partial log: 17(21280) DEBUG: <core> [ip_addr.c:116]: tcpconn_new: new tcp connection: 10.30.102.161 17(21280) DEBUG: <core> [tcp_main.c:1052]: tcpconn_new: on port 5061, type 3 17(21280) DEBUG: <core> [tcp_main.c:1351]: tcpconn_add: hashes: 454:1641:1419, 3 17(21280) DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x7d51a0, 32, 2, 0x7fc3e26c20e8), fd_no=25 17(21280) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x7d51a0, 32, -1, 0x0) fd_no=26 called 17(21280) DEBUG: <core> [tcp_main.c:3627]: tcp: DBG: sendig to child, events 1 17(21280) DEBUG: <core> [tcp_main.c:3336]: send2child: to tcp child 2 15(21278), 0x7fc3e26c20e8 15(21278) DEBUG: <core> [tcp_read.c:884]: received n=8 con=0x7fc3e26c20e8, fd=7 15(21278) DEBUG: tls [tls_server.c:109]: Using TLS domain TLSs<default> 15(21278) ERROR: tls [tls_server.c:392]: SSL error:error:07064041:memory buffer routines:BUF_MEM_grow:malloc failure 15(21278) DEBUG: <core> [tcp_read.c:811]: releasing con 0x7fc3e26c20e8, state -2, fd=7, id=3 15(21278) DEBUG: <core> [tcp_read.c:812]: extra_data 0x7fc3e26d7c68 17(21280) DEBUG: <core> [tcp_main.c:2855]: handle_tcp_child: reader response= 7fc3e26c20e8, -2 from 2 17(21280) DEBUG: tls [tls_server.c:701]: Closing SSL connection 17(21280) DEBUG: tls [tls_server.c:523]: TLS shutdown successful
-----Original Message----- From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Derrick Ding Sent: Tuesday, November 19, 2013 4:01 PM To: 'Kamailio (SER) - Users Mailing List' Subject: Re: [SR-Users] Why my kamailio only support 1 TLS connection
Also tried: modparam("tls", "low_memory_threshold1", 0) modparam("tls", "low_memory_threshold2", 0) same error.
And by default, compression is disabled. So strange error.
-----Original Message----- From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Derrick Ding Sent: Tuesday, November 19, 2013 3:19 PM To: 'Kamailio (SER) - Users Mailing List' Subject: [SR-Users] Why my kamailio only support 1 TLS connection
Hi All,
Need some help of setup TLS on Kamailio. Currently my Kamailio TLS works, but only support one client register successfully. If there's another client want to setup TLS connection, it shows: tls [tls_server.c:392]: SSL error:error:07064041:memory bufferoutines:BUF_MEM_grow:malloc failure.
I have modified /etc/default/Kamailio MEMORY=256 But the error is still there.
The client A and B share same private key and Trusted Certificate. I don't know if this is correct or this is the cause that second TLS failure.
Can anyone help me? I can provide log or config if necessary.
Thanks, Derrick
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hello,
What version of kamailio and what libssl do you have? Have you installed from sources or from packages?
Cheers, Daniel
Daniel-Constantin Mierla http://www.asipto.com
On 19 Nov 2013, at 22:03, Derrick Ding dding@aastra.com wrote:
Here is the partial log: 17(21280) DEBUG: <core> [ip_addr.c:116]: tcpconn_new: new tcp connection: 10.30.102.161 17(21280) DEBUG: <core> [tcp_main.c:1052]: tcpconn_new: on port 5061, type 3 17(21280) DEBUG: <core> [tcp_main.c:1351]: tcpconn_add: hashes: 454:1641:1419, 3 17(21280) DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x7d51a0, 32, 2, 0x7fc3e26c20e8), fd_no=25 17(21280) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x7d51a0, 32, -1, 0x0) fd_no=26 called 17(21280) DEBUG: <core> [tcp_main.c:3627]: tcp: DBG: sendig to child, events 1 17(21280) DEBUG: <core> [tcp_main.c:3336]: send2child: to tcp child 2 15(21278), 0x7fc3e26c20e8 15(21278) DEBUG: <core> [tcp_read.c:884]: received n=8 con=0x7fc3e26c20e8, fd=7 15(21278) DEBUG: tls [tls_server.c:109]: Using TLS domain TLSs<default> 15(21278) ERROR: tls [tls_server.c:392]: SSL error:error:07064041:memory buffer routines:BUF_MEM_grow:malloc failure 15(21278) DEBUG: <core> [tcp_read.c:811]: releasing con 0x7fc3e26c20e8, state -2, fd=7, id=3 15(21278) DEBUG: <core> [tcp_read.c:812]: extra_data 0x7fc3e26d7c68 17(21280) DEBUG: <core> [tcp_main.c:2855]: handle_tcp_child: reader response= 7fc3e26c20e8, -2 from 2 17(21280) DEBUG: tls [tls_server.c:701]: Closing SSL connection 17(21280) DEBUG: tls [tls_server.c:523]: TLS shutdown successful
-----Original Message----- From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Derrick Ding Sent: Tuesday, November 19, 2013 4:01 PM To: 'Kamailio (SER) - Users Mailing List' Subject: Re: [SR-Users] Why my kamailio only support 1 TLS connection
Also tried: modparam("tls", "low_memory_threshold1", 0) modparam("tls", "low_memory_threshold2", 0) same error.
And by default, compression is disabled. So strange error.
-----Original Message----- From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Derrick Ding Sent: Tuesday, November 19, 2013 3:19 PM To: 'Kamailio (SER) - Users Mailing List' Subject: [SR-Users] Why my kamailio only support 1 TLS connection
Hi All,
Need some help of setup TLS on Kamailio. Currently my Kamailio TLS works, but only support one client register successfully. If there's another client want to setup TLS connection, it shows: tls [tls_server.c:392]: SSL error:error:07064041:memory bufferoutines:BUF_MEM_grow:malloc failure.
I have modified /etc/default/Kamailio MEMORY=256 But the error is still there.
The client A and B share same private key and Trusted Certificate. I don't know if this is correct or this is the cause that second TLS failure.
Can anyone help me? I can provide log or config if necessary.
Thanks, Derrick
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi Daniel,
Thanks for response. The software version is: Kamailio 3.0.2 OpenSSL 0.9.8k 25 Mar 2009
I have used Kamailio 3.0.2 for long. I installed it from source file.
Regards, Derrick
-----Original Message----- From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Daniel-Constantin Mierla Sent: Tuesday, November 19, 2013 4:18 PM To: Kamailio (SER) - Users Mailing List Cc: Kamailio (SER) - Users Mailing List Subject: Re: [SR-Users] Why my kamailio only support 1 TLS connection
Hello,
What version of kamailio and what libssl do you have? Have you installed from sources or from packages?
Cheers, Daniel
Daniel-Constantin Mierla http://www.asipto.com
On 19 Nov 2013, at 22:03, Derrick Ding dding@aastra.com wrote:
Here is the partial log: 17(21280) DEBUG: <core> [ip_addr.c:116]: tcpconn_new: new tcp connection: 10.30.102.161 17(21280) DEBUG: <core> [tcp_main.c:1052]: tcpconn_new: on port 5061, type 3 17(21280) DEBUG: <core> [tcp_main.c:1351]: tcpconn_add: hashes: 454:1641:1419, 3 17(21280) DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x7d51a0, 32, 2, 0x7fc3e26c20e8), fd_no=25 17(21280) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x7d51a0, 32, -1, 0x0) fd_no=26 called 17(21280) DEBUG: <core> [tcp_main.c:3627]: tcp: DBG: sendig to child, events 1 17(21280) DEBUG: <core> [tcp_main.c:3336]: send2child: to tcp child 2 15(21278), 0x7fc3e26c20e8 15(21278) DEBUG: <core> [tcp_read.c:884]: received n=8 con=0x7fc3e26c20e8, fd=7 15(21278) DEBUG: tls [tls_server.c:109]: Using TLS domain TLSs<default> 15(21278) ERROR: tls [tls_server.c:392]: SSL error:error:07064041:memory buffer routines:BUF_MEM_grow:malloc failure 15(21278) DEBUG: <core> [tcp_read.c:811]: releasing con 0x7fc3e26c20e8, state -2, fd=7, id=3 15(21278) DEBUG: <core> [tcp_read.c:812]: extra_data 0x7fc3e26d7c68 17(21280) DEBUG: <core> [tcp_main.c:2855]: handle_tcp_child: reader response= 7fc3e26c20e8, -2 from 2 17(21280) DEBUG: tls [tls_server.c:701]: Closing SSL connection 17(21280) DEBUG: tls [tls_server.c:523]: TLS shutdown successful
-----Original Message----- From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Derrick Ding Sent: Tuesday, November 19, 2013 4:01 PM To: 'Kamailio (SER) - Users Mailing List' Subject: Re: [SR-Users] Why my kamailio only support 1 TLS connection
Also tried: modparam("tls", "low_memory_threshold1", 0) modparam("tls", "low_memory_threshold2", 0) same error.
And by default, compression is disabled. So strange error.
-----Original Message----- From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Derrick Ding Sent: Tuesday, November 19, 2013 3:19 PM To: 'Kamailio (SER) - Users Mailing List' Subject: [SR-Users] Why my kamailio only support 1 TLS connection
Hi All,
Need some help of setup TLS on Kamailio. Currently my Kamailio TLS works, but only support one client register successfully. If there's another client want to setup TLS connection, it shows: tls [tls_server.c:392]: SSL error:error:07064041:memory bufferoutines:BUF_MEM_grow:malloc failure.
I have modified /etc/default/Kamailio MEMORY=256 But the error is still there.
The client A and B share same private key and Trusted Certificate. I don't know if this is correct or this is the cause that second TLS failure.
Can anyone help me? I can provide log or config if necessary.
Thanks, Derrick
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hello,
3.0 is almost 4 years old and there were some issue fixed for tls and shm memory afaik.
Can you try with 4.0.4?
Cheers, Daniel
On 11/19/13 10:43 PM, Derrick Ding wrote:
Hi Daniel,
Thanks for response. The software version is: Kamailio 3.0.2 OpenSSL 0.9.8k 25 Mar 2009
I have used Kamailio 3.0.2 for long. I installed it from source file.
Regards, Derrick
-----Original Message----- From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Daniel-Constantin Mierla Sent: Tuesday, November 19, 2013 4:18 PM To: Kamailio (SER) - Users Mailing List Cc: Kamailio (SER) - Users Mailing List Subject: Re: [SR-Users] Why my kamailio only support 1 TLS connection
Hello,
What version of kamailio and what libssl do you have? Have you installed from sources or from packages?
Cheers, Daniel
Daniel-Constantin Mierla http://www.asipto.com
On 19 Nov 2013, at 22:03, Derrick Ding dding@aastra.com wrote:
Here is the partial log: 17(21280) DEBUG: <core> [ip_addr.c:116]: tcpconn_new: new tcp connection: 10.30.102.161 17(21280) DEBUG: <core> [tcp_main.c:1052]: tcpconn_new: on port 5061, type 3 17(21280) DEBUG: <core> [tcp_main.c:1351]: tcpconn_add: hashes: 454:1641:1419, 3 17(21280) DEBUG: <core> [io_wait.h:361]: DBG: io_watch_add(0x7d51a0, 32, 2, 0x7fc3e26c20e8), fd_no=25 17(21280) DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x7d51a0, 32, -1, 0x0) fd_no=26 called 17(21280) DEBUG: <core> [tcp_main.c:3627]: tcp: DBG: sendig to child, events 1 17(21280) DEBUG: <core> [tcp_main.c:3336]: send2child: to tcp child 2 15(21278), 0x7fc3e26c20e8 15(21278) DEBUG: <core> [tcp_read.c:884]: received n=8 con=0x7fc3e26c20e8, fd=7 15(21278) DEBUG: tls [tls_server.c:109]: Using TLS domain TLSs<default> 15(21278) ERROR: tls [tls_server.c:392]: SSL error:error:07064041:memory buffer routines:BUF_MEM_grow:malloc failure 15(21278) DEBUG: <core> [tcp_read.c:811]: releasing con 0x7fc3e26c20e8, state -2, fd=7, id=3 15(21278) DEBUG: <core> [tcp_read.c:812]: extra_data 0x7fc3e26d7c68 17(21280) DEBUG: <core> [tcp_main.c:2855]: handle_tcp_child: reader response= 7fc3e26c20e8, -2 from 2 17(21280) DEBUG: tls [tls_server.c:701]: Closing SSL connection 17(21280) DEBUG: tls [tls_server.c:523]: TLS shutdown successful
-----Original Message----- From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Derrick Ding Sent: Tuesday, November 19, 2013 4:01 PM To: 'Kamailio (SER) - Users Mailing List' Subject: Re: [SR-Users] Why my kamailio only support 1 TLS connection
Also tried: modparam("tls", "low_memory_threshold1", 0) modparam("tls", "low_memory_threshold2", 0) same error.
And by default, compression is disabled. So strange error.
-----Original Message----- From: sr-users-bounces@lists.sip-router.org [mailto:sr-users-bounces@lists.sip-router.org] On Behalf Of Derrick Ding Sent: Tuesday, November 19, 2013 3:19 PM To: 'Kamailio (SER) - Users Mailing List' Subject: [SR-Users] Why my kamailio only support 1 TLS connection
Hi All,
Need some help of setup TLS on Kamailio. Currently my Kamailio TLS works, but only support one client register successfully. If there's another client want to setup TLS connection, it shows: tls [tls_server.c:392]: SSL error:error:07064041:memory bufferoutines:BUF_MEM_grow:malloc failure.
I have modified /etc/default/Kamailio MEMORY=256 But the error is still there.
The client A and B share same private key and Trusted Certificate. I don't know if this is correct or this is the cause that second TLS failure.
Can anyone help me? I can provide log or config if necessary.
Thanks, Derrick
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel-Constantin Mierla -
Derrick Ding -
Fabian Borot