[Kamailio-Users] Testing of Kamailio TLS with Sipp TLS

Klaus Darilion klaus.mailinglists at pernau.at
Thu Feb 18 10:50:44 CET 2010 

You could try using kamailio 3.0 which has a reworked TLS implementation 
which might work better.

Also, it may be that the problem is on SIPp side. I tested sipp with TLS 
some years ago and it was not stable.

You could try with pjsip-perf - it should be rather easy to extend it to 
TLS (http://www.pjsip.org/pjsip/docs/html/page_pjsip_perf_c.htm)

Naother approach would be to test TLS between Kamailio and Kamailio:
sipp ---UDP----> Kamailio ----TLS-----> Kamailio

regards
klaus

Am 18.02.2010 10:21, schrieb Hemanshu Patel:
> though it shows everything is working fine from sipp end...
>
> my capacity with sipp+tls is around  20% to normal sipp.
> i mean normal kamailio without tls.
>
>
> ant kamailio log gives this error:
>
> 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
> something wrong in SSL: 5
> Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
> failed to read
> Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
> something wrong in SSL
>
>
>
>
>
>
>>
>> i had created user certificate during process,which i set in kamailio
>> config file.
>> When i gave same certificate and private key to sipp...then it works..
>>
>>
>> but i am not sure if this is the right way.
>>
>> Becaue i also for testing created another certificates signed by same
>> rootCA, and when imported those to sipp....they didnt work...
>>
>>
>> i am confused...that am i using TLS the way it should be or not?
>>
>> can anyone suggest some nice docs/tutorials about TLS? pls dont just give
>> me google results..
>>
>>
>>
>> --
>> Regards,
>>
>> Hemanshu Patel
>>
>> M: 09601295238
>>
>>
>>
>>> Hello friendsm,
>>>
>>> I am testing TLS feature of both kamailio and Sipp.
>>>
>>> I first downloaded kamailio 1.5.x TLS supported version, uncommented
>>> TLS=1
>>> from Makefiel and then build the kamailio.
>>> first i test kamailio without TLS with sipp for registration and
>>> everything works file.
>>>
>>> Then i follow "http://www.kamailio.org/docs/tls-devel.html" and creates
>>> rootCA, user certificates and all configuration parameters to
>>> kamailio.cfg
>>> file
>>>
>>> Config paras are as below:
>>>
>>>
>>> /* uncomment the following lines to enable TLS support  (default off) */
>>> disable_tls = no
>>> listen = tls:172.16.16.218:5091
>>> tls_verify_server = 1
>>> tls_verify_client = 1
>>> tls_require_client_certificate = 1
>>> tls_method = TLSv1
>>> tls_certificate =
>>> "/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-cert.pem"
>>> tls_private_key =
>>> "/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-privkey.pem"
>>> tls_ca_list     =
>>> "/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-calist.pem"
>>>
>>>
>>> and restart kamailio server
>>>
>>> It works and i can see via netstat on port 5091.
>>>
>>> but when i starts sipp it gives me following error.
>>>
>>> [hemanshu at localhost sipp.3.1]$ ./sipp -sf ./data/rauth.xml -inf
>>> ./data/user.csv -r 1 -m 1 -trace_err -trace_stat -nd -fd 1 -i
>>> 172.16.16.218 172.16.16.218:5091 -t l1
>>> 2010-02-18      13:51:40:244    1266481300.244432: FI_init_ssl_context:
>>> SSL_CTX_use_certificate_file failed.
>>>
>>>
>>> I know i have built sipp with TLS support, then i can not figure out
>>> where
>>> is the problem.
>>> Sipp says user certification file failed ..but client doesnt need any
>>> certification file...or does it?
>>>
>>> i even tried with  tls_verify_client = 1 ,
>>> tls_require_client_certificate
>>> = 1, playing with different combinations...but still same ans.
>>>
>>>
>>> Can anyone suggest me what could be wrong?
>>> Have i made any mistake in configuring kamailio or theres some problem
>>> in
>>> SIPP.
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>> Hemanshu Patel
>>>
>>> M: 09601295238
>>>
>>>
>>> _______________________________________________
>>> Kamailio (OpenSER) - Users mailing list
>>> Users at lists.kamailio.org
>>> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
>>> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
>>>
>>
>>
>>
>>
>
>

More information about the sr-users mailing list