6 Sep
2014
6 Sep
'14
6:23 p.m.
I'm trying to implement WSS with Kamailio
Thing is that WS works fine, I've followed:
http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket
modparam("tls", "config", "webrtc/tls.cfg")
In a tls.cfg file I have :
[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = webrtc/private.key
certificate = webrtc/ssl.pem
ca_list = webrtc/ca_list.pem
In the log file:
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:178]:
tls_complete_init(): Using TLS domain TLSs<default>
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:700]:
sr_ssl_ctx_info_callback(): SSL handshake started
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
tcpconn_do_send(): tcp_send: sending...
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=5524
fd=11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
tcpconn_do_send(): tcp_send: buf=#012#026#003#003
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:390]:
io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f7513516958), fd_no=1
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:712]:
sr_ssl_ctx_info_callback(): SSL handshake done
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:715]:
sr_ssl_ctx_info_callback(): SSL disable renegotiation
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:348]:
tls_accept(): TLS accept successful
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:355]:
tls_accept(): tls_accept: new connection from 123.123.123.123:63300 using
TLSv1/SSLv3 AES256-SHA 256
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:358]:
tls_accept(): tls_accept: local socket: 124.124.124.124:10443
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:369]:
tls_accept(): tls_accept: client did not present a certificate
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
tcpconn_do_send(): tcp_send: sending...
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=282 fd=11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
tcpconn_do_send(): tcp_send: buf=#012#026#003#003
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:296]:
tcp_read_data(): EOF on 0x7f7513516958, FD 11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1293]:
tcp_read_req(): tcp_read_req: EOF
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:617]:
io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1437]:
release_tcpconn(): releasing con 0x7f7513516958, state -1, fd=11, id=2
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1438]:
release_tcpconn(): extra_data 0x7f7513510a88
/usr/local/sbin/kamailio[4029]: DEBUG: <core> [tcp_main.c:3385]:
handle_tcp_child(): handle_tcp_child: reader response= 7f7513516958, -1
from 1
/usr/local/sbin/kamailio[4029]: DEBUG: tls [tls_server.c:597]:
tls_h_close(): Closing SSL connection 0x7f7513510a88
In sipml5 the error:
*Disconnected: Failed to connect to the server*
In the Chrome console:
*__tsip_transport_ws_onerror *
*__tsip_transport_ws_onclose *
SSL certificates seem to be ok:
# openssl verify -CAfile ca_list.pem ssl.pem
ssl.pem: OK
Can't figure out a solution :( Any ideas?
*Manuel Camargo*
Teléfono: 638000836
eMail: sir.louen(a)gmail.com
8 Sep
8 Sep
3:57 p.m.
Hello,
if you run latest versions of web browsers, they become more restrictive
on wss connection. Be sure that the cetificate is also trusted by the
web browser.
You can go with the web browser to https://ipofkamailio:portforwss and
see if you get any warnings there.
Cheers,
Daniel
On 06/09/14 17:23, Manuel Camarg wrote:
I'm trying to implement WSS with Kamailio
Thing is that WS works fine, I've followed:
http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket
modparam("tls", "config", "webrtc/tls.cfg")
In a tls.cfg file I have :
[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = webrtc/private.key
certificate = webrtc/ssl.pem
ca_list = webrtc/ca_list.pem
In the log file:
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:178]:
tls_complete_init(): Using TLS domain TLSs<default>
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:700]:
sr_ssl_ctx_info_callback(): SSL handshake started
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
tcpconn_do_send(): tcp_send: sending...
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958
n=5524 fd=11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
tcpconn_do_send(): tcp_send: buf=#012#026#003#003
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:390]:
io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f7513516958),
fd_no=1
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:712]:
sr_ssl_ctx_info_callback(): SSL handshake done
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:715]:
sr_ssl_ctx_info_callback(): SSL disable renegotiation
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:348]:
tls_accept(): TLS accept successful
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:355]:
tls_accept(): tls_accept: new connection from 123.123.123.123:63300
<http://123.123.123.123:63300> using TLSv1/SSLv3 AES256-SHA 256
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:358]:
tls_accept(): tls_accept: local socket: 124.124.124.124:10443
<http://124.124.124.124:10443>
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:369]:
tls_accept(): tls_accept: client did not present a certificate
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
tcpconn_do_send(): tcp_send: sending...
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=282
fd=11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
tcpconn_do_send(): tcp_send: buf=#012#026#003#003
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:296]:
tcp_read_data(): EOF on 0x7f7513516958, FD 11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1293]:
tcp_read_req(): tcp_read_req: EOF
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:617]:
io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1437]:
release_tcpconn(): releasing con 0x7f7513516958, state -1, fd=11, id=2
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1438]:
release_tcpconn(): extra_data 0x7f7513510a88
/usr/local/sbin/kamailio[4029]: DEBUG: <core> [tcp_main.c:3385]:
handle_tcp_child(): handle_tcp_child: reader response= 7f7513516958,
-1 from 1
/usr/local/sbin/kamailio[4029]: DEBUG: tls [tls_server.c:597]:
tls_h_close(): Closing SSL connection 0x7f7513510a88
In sipml5 the error:
/Disconnected: *Failed to connect to the server*/
In the Chrome console:
/*__tsip_transport_ws_onerror
*/
/*__tsip_transport_ws_onclose */
/*
*/
SSL certificates seem to be ok:
# openssl verify -CAfile ca_list.pem ssl.pem
ssl.pem: OK
Can't figure out a solution :( Any ideas?
*Manuel Camargo*
Teléfono: 638000836
eMail: sir.louen(a)gmail.com <mailto:sir.louen@gmail.com>
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany
9:10 p.m.
Hello Daniel:
Trying it, accessing via Browser here is the log, similarities with the
access via SIPML5, no errors, no warnings (at least as far as I can see):
DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
connection: 123.123.123.123
DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port
58654, type 3
DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes:
263:3337:1427, 5
DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89bda0,
34, 2, 0x7f72f4768638), fd_no=22
DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x89bda0, 34, -1, 0x0) fd_no=23 called
DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending to
child, events 1
DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 0
11(1700) for activity on [tls:124.124.124.124:10443], 0x7f72f4768638
DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8
con=0x7f72f4768638, fd=11
DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain
TLSs<default>
DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake
started
DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=2060 fd=11
DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake
done
DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable
renegotiation
DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection
from 123.123.123.123:58654 using TLSv1/SSLv3 AES256-SHA 256
DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket:
124.124.124.124:10443
DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not
present a certificate
DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=282 fd=11
DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f72f4768638,
FD 11
DEBUG: <core> [tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF
DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x8e0040, 11, -1, 0x10) fd_no=2 called
DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con
0x7f72f4768638, state -1, fd=11, id=5
DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data
0x7f72f47915b0
DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child:
reader response= 7f72f4768638, -1 from 0
DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection
0x7f72f47915b0
DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
connection: 123.123.123.123
DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port
58656, type 3
DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes:
313:3383:1453, 6
DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22
DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x89bda0, 34, -1, 0x0) fd_no=23 called
DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending
to child, events 1
DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 1
12(1701) for activity on [tls:124.124.124.124:10443], 0x7f72f4768638
DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8
con=0x7f72f4768638, fd=11
DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain
TLSs<default>
DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake
started
DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=2060 fd=11
DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake
done
DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable
renegotiation
DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection
from 123.123.123.123:58656 using TLSv1/SSLv3 AES256-SHA 256
DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket:
124.124.124.124:10443
DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not
present a certificate
DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=282 fd=11
DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <GET>
DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: </>
DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version: <HTTP/1.1>
DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of
header
DEBUG: <core> [receive.c:152]: receive_msg(): After parse_msg...
DEBUG: xhttp [xhttp_mod.c:358]: xhttp_handler(): new fake msg created
(425 bytes):#012<GET / HTTP/1.1#015#012Via: SIP/2.0/TLS
123.123.123.123:58656#015#012Host: domain.com:10443#015#012Connection:
keep-alive#015#012Cache-Control: max-age=0#015#012Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8#015#012User-Agent:
Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/37.0.2062.103 Safari/537.36#015#012Accept-Encoding:
gzip,deflate#015#012Accept-Language:
es,en-GB;q=0.8,en;q=0.6,fr;q=0.4#015#012#015#012>
DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <GET>
DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: </>
DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version: <HTTP/1.1>
DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header
reached, state=5
DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): parse_headers:
Via found, flags=2
DEBUG: <core> [parser/msg_parser.c:515]: parse_headers(): parse_headers:
this is the first via
INFO: <script>: HTTP Request Received
DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of
header
DEBUG: sl [sl.c:288]: send_reply(): reply in stateless mode (sl)
DEBUG: <core> [msg_translator.c:204]: check_via_address():
check_via_address( 123.123.123.123, 123.123.123.123, 0)
DEBUG: <core> [tcp_main.c:2320]: tcpconn_send_put(): tcp_send: send from
reader (1701 (12)), reusing fd
DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=165 fd=11
DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#027#003#003
DEBUG: <core> [tcp_main.c:3624]: handle_ser_child(): handle_ser_child:
read response= 7f72f4768638, -1, fd -1 from 12 (1701)
DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection
0x7f72f47915b0
DEBUG: <core> [usr_avp.c:644]: destroy_avp_list():
DEBUG:destroy_avp_list: destroying list (nil)
message repeated 5 times: [ DEBUG: <core> [usr_avp.c:644]:
destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)]
DEBUG: <core> [xavp.c:448]: xavp_destroy_list(): destroying xavp list
(nil)
DEBUG: <core> [receive.c:296]: receive_msg(): receive_msg: cleaning up
DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x8e0040, 11, -1, 0x10) fd_no=2 called
DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con
0x7f72f4768638, state -2, fd=11, id=6
DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data
0x7f72f47915b0
DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child:
reader response= 7f72f4768638, -2 from 1
Regards and thanks for your time
*Manuel Camargo*
Teléfono: 638000836
eMail: sir.louen(a)gmail.com
<https://twitter.com/SirLouen>
[image: Ver el perfil de Manuel Camargo Lominchar en LinkedIn]
<http://es.linkedin.com/in/louen>
2014-09-08 14:57 GMT+02:00 Daniel-Constantin Mierla <miconda(a)gmail.com>om>:
Hello,
if you run latest versions of web browsers, they become more restrictive
on wss connection. Be sure that the cetificate is also trusted by the web
browser.
You can go with the web browser to https://ipofkamailio:portforwss and
see if you get any warnings there.
Cheers,
Daniel
On 06/09/14 17:23, Manuel Camarg wrote:
I'm trying to implement WSS with Kamailio
Thing is that WS works fine, I've followed:
http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket
modparam("tls", "config", "webrtc/tls.cfg")
In a tls.cfg file I have :
[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = webrtc/private.key
certificate = webrtc/ssl.pem
ca_list = webrtc/ca_list.pem
In the log file:
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:178]:
tls_complete_init(): Using TLS domain TLSs<default>
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:700]:
sr_ssl_ctx_info_callback(): SSL handshake started
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
tcpconn_do_send(): tcp_send: sending...
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=5524
fd=11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
tcpconn_do_send(): tcp_send: buf=#012#026#003#003
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:390]:
io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f7513516958), fd_no=1
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:712]:
sr_ssl_ctx_info_callback(): SSL handshake done
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:715]:
sr_ssl_ctx_info_callback(): SSL disable renegotiation
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:348]:
tls_accept(): TLS accept successful
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:355]:
tls_accept(): tls_accept: new connection from 123.123.123.123:63300 using
TLSv1/SSLv3 AES256-SHA 256
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:358]:
tls_accept(): tls_accept: local socket: 124.124.124.124:10443
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:369]:
tls_accept(): tls_accept: client did not present a certificate
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
tcpconn_do_send(): tcp_send: sending...
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=282 fd=11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
tcpconn_do_send(): tcp_send: buf=#012#026#003#003
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:296]:
tcp_read_data(): EOF on 0x7f7513516958, FD 11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1293]:
tcp_read_req(): tcp_read_req: EOF
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:617]:
io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1437]:
release_tcpconn(): releasing con 0x7f7513516958, state -1, fd=11, id=2
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1438]:
release_tcpconn(): extra_data 0x7f7513510a88
/usr/local/sbin/kamailio[4029]: DEBUG: <core> [tcp_main.c:3385]:
handle_tcp_child(): handle_tcp_child: reader response= 7f7513516958, -1
from 1
/usr/local/sbin/kamailio[4029]: DEBUG: tls [tls_server.c:597]:
tls_h_close(): Closing SSL connection 0x7f7513510a88
In sipml5 the error:
*Disconnected: Failed to connect to the server*
In the Chrome console:
*__tsip_transport_ws_onerror *
*__tsip_transport_ws_onclose *
SSL certificates seem to be ok:
# openssl verify -CAfile ca_list.pem ssl.pem
ssl.pem: OK
Can't figure out a solution :( Any ideas?
*Manuel Camargo*
Teléfono: 638000836
eMail: sir.louen(a)gmail.com
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
listsr-users@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierlahttp://twitter.com/#!/miconda -
http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany
10:46 p.m.
Hello,
from the logs you sent now, it appears that you have set_reply_close()
in config, therefore the connection is closed after sending the reply.
Cheers,
Daniel
On 08/09/14 20:10, Manuel Camarg wrote:
Hello Daniel:
Trying it, accessing via Browser here is the log, similarities with
the access via SIPML5, no errors, no warnings (at least as far as I
can see):
DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
connection: 123.123.123.123
DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port
58654, type 3
DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes:
263:3337:1427, 5
DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22
DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x89bda0, 34, -1, 0x0) fd_no=23 called
DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG:
sending to child, events 1
DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 0
11(1700) for activity on [tls:124.124.124.124:10443
<http://124.124.124.124:10443>], 0x7f72f4768638
DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8
con=0x7f72f4768638, fd=11
DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain
TLSs<default>
DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL
handshake started
DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after
real write: c= 0x7f72f4768638 n=2060 fd=11
DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL
handshake done
DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL
disable renegotiation
DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new
connection from 123.123.123.123:58654 <http://123.123.123.123:58654>
using TLSv1/SSLv3 AES256-SHA 256
DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local
socket: 124.124.124.124:10443 <http://124.124.124.124:10443>
DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did
not present a certificate
DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after
real write: c= 0x7f72f4768638 n=282 fd=11
DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on
0x7f72f4768638, FD 11
DEBUG: <core> [tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF
DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x8e0040, 11, -1, 0x10) fd_no=2 called
DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con
0x7f72f4768638, state -1, fd=11, id=5
DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data
0x7f72f47915b0
DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child():
handle_tcp_child: reader response= 7f72f4768638, -1 from 0
DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection
0x7f72f47915b0
DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
connection: 123.123.123.123
DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port
58656, type 3
DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes:
313:3383:1453, 6
DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22
DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x89bda0, 34, -1, 0x0) fd_no=23 called
DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG:
sending to child, events 1
DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 1
12(1701) for activity on [tls:124.124.124.124:10443
<http://124.124.124.124:10443>], 0x7f72f4768638
DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8
con=0x7f72f4768638, fd=11
DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain
TLSs<default>
DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL
handshake started
DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after
real write: c= 0x7f72f4768638 n=2060 fd=11
DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL
handshake done
DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL
disable renegotiation
DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new
connection from 123.123.123.123:58656 <http://123.123.123.123:58656>
using TLSv1/SSLv3 AES256-SHA 256
DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local
socket: 124.124.124.124:10443 <http://124.124.124.124:10443>
DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did
not present a certificate
DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after
real write: c= 0x7f72f4768638 n=282 fd=11
DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <GET>
DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: </>
DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version:
<HTTP/1.1>
DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end
of header
DEBUG: <core> [receive.c:152]: receive_msg(): After parse_msg...
DEBUG: xhttp [xhttp_mod.c:358]: xhttp_handler(): new fake msg
created (425 bytes):#012<GET / HTTP/1.1#015#012Via: SIP/2.0/TLS
123.123.123.123:58656#015#012Host
<http://123.123.123.123:58656#015#012Host>:
domain.com:10443#015#012Connection
<http://domain.com:10443#015#012Connection>:
keep-alive#015#012Cache-Control: max-age=0#015#012Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8#015#012User-Agent:
Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/37.0.2062.103 Safari/537.36#015#012Accept-Encoding:
gzip,deflate#015#012Accept-Language:
es,en-GB;q=0.8,en;q=0.6,fr;q=0.4#015#012#015#012>
DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <GET>
DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: </>
DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version:
<HTTP/1.1>
DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header
reached, state=5
DEBUG: <core> [parser/msg_parser.c:513]: parse_headers():
parse_headers: Via found, flags=2
DEBUG: <core> [parser/msg_parser.c:515]: parse_headers():
parse_headers: this is the first via
INFO: <script>: HTTP Request Received
DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end
of header
DEBUG: sl [sl.c:288]: send_reply(): reply in stateless mode (sl)
DEBUG: <core> [msg_translator.c:204]: check_via_address():
check_via_address( 123.123.123.123, 123.123.123.123, 0)
DEBUG: <core> [tcp_main.c:2320]: tcpconn_send_put(): tcp_send: send
from reader (1701 (12)), reusing fd
DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after
real write: c= 0x7f72f4768638 n=165 fd=11
DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#027#003#003
DEBUG: <core> [tcp_main.c:3624]: handle_ser_child():
handle_ser_child: read response= 7f72f4768638, -1, fd -1 from 12 (1701)
DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection
0x7f72f47915b0
DEBUG: <core> [usr_avp.c:644]: destroy_avp_list():
DEBUG:destroy_avp_list: destroying list (nil)
message repeated 5 times: [ DEBUG: <core> [usr_avp.c:644]:
destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)]
DEBUG: <core> [xavp.c:448]: xavp_destroy_list(): destroying xavp
list (nil)
DEBUG: <core> [receive.c:296]: receive_msg(): receive_msg: cleaning up
DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x8e0040, 11, -1, 0x10) fd_no=2 called
DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con
0x7f72f4768638, state -2, fd=11, id=6
DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data
0x7f72f47915b0
DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child():
handle_tcp_child: reader response= 7f72f4768638, -2 from 1
Regards and thanks for your time
*Manuel Camargo*
Teléfono: 638000836
eMail: sir.louen(a)gmail.com <mailto:sir.louen@gmail.com>
<https://twitter.com/SirLouen>
Ver el perfil de Manuel Camargo Lominchar en LinkedIn
<http://es.linkedin.com/in/louen>
2014-09-08 14:57 GMT+02:00 Daniel-Constantin Mierla <miconda(a)gmail.com
<mailto:miconda@gmail.com>>:
Hello,
if you run latest versions of web browsers, they become more
restrictive on wss connection. Be sure that the cetificate is also
trusted by the web browser.
You can go with the web browser to https://ipofkamailio:portforwss
and see if you get any warnings there.
Cheers,
Daniel
On 06/09/14 17:23, Manuel Camarg wrote:
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany
I'm trying to implement WSS with
Kamailio
Thing is that WS works fine, I've followed:
http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket
modparam("tls", "config", "webrtc/tls.cfg")
In a tls.cfg file I have :
[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = webrtc/private.key
certificate = webrtc/ssl.pem
ca_list = webrtc/ca_list.pem
In the log file:
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:178]:
tls_complete_init(): Using TLS domain TLSs<default>
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:700]:
sr_ssl_ctx_info_callback(): SSL handshake started
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
tcpconn_do_send(): tcp_send: sending...
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958
n=5524 fd=11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
tcpconn_do_send(): tcp_send: buf=#012#026#003#003
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:390]:
io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2,
0x7f7513516958), fd_no=1
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:712]:
sr_ssl_ctx_info_callback(): SSL handshake done
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:715]:
sr_ssl_ctx_info_callback(): SSL disable renegotiation
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:348]:
tls_accept(): TLS accept successful
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:355]:
tls_accept(): tls_accept: new connection from
123.123.123.123:63300 <http://123.123.123.123:63300> using
TLSv1/SSLv3 AES256-SHA 256
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:358]:
tls_accept(): tls_accept: local socket: 124.124.124.124:10443
<http://124.124.124.124:10443>
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:369]:
tls_accept(): tls_accept: client did not present a certificate
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
tcpconn_do_send(): tcp_send: sending...
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958
n=282 fd=11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
tcpconn_do_send(): tcp_send: buf=#012#026#003#003
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:296]:
tcp_read_data(): EOF on 0x7f7513516958, FD 11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1293]:
tcp_read_req(): tcp_read_req: EOF
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:617]:
io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10)
fd_no=2 called
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1437]:
release_tcpconn(): releasing con 0x7f7513516958, state -1, fd=11,
id=2
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1438]:
release_tcpconn(): extra_data 0x7f7513510a88
/usr/local/sbin/kamailio[4029]: DEBUG: <core> [tcp_main.c:3385]:
handle_tcp_child(): handle_tcp_child: reader response=
7f7513516958, -1 from 1
/usr/local/sbin/kamailio[4029]: DEBUG: tls [tls_server.c:597]:
tls_h_close(): Closing SSL connection 0x7f7513510a88
In sipml5 the error:
/Disconnected: *Failed to connect to the server*/
In the Chrome console:
/*__tsip_transport_ws_onerror
*/
/*__tsip_transport_ws_onclose */
/*
*/
SSL certificates seem to be ok:
# openssl verify -CAfile ca_list.pem ssl.pem
ssl.pem: OK
Can't figure out a solution :( Any ideas?
*Manuel Camargo*
Teléfono: 638000836 <tel:638000836>
eMail: sir.louen(a)gmail.com <mailto:sir.louen@gmail.com>
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda>
-http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 -http://www.asipto.com
Sep 22-25, Berlin, Germany
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
3730
days inactive
3732
days old
3 comments
2 participants
participants (2)
-
Daniel-Constantin Mierla -
Manuel Camarg