[Kamailio-Users] Testing of Kamailio TLS with Sipp TLS

Hemanshu Patel hemanshu.patel at saicare.com
Thu Feb 18 11:14:19 CET 2010


One more thing i notice is that kamailio currently support TLS over TCP only.
but even when i am firing register request at cps of say 300... it doesnt
show me 300 tcp connection. It shows just 2 - 5 tcp connection.

Can anyone give any explanation about the same?



-- 
Regards,

Hemanshu Patel

M: 09601295238


>
> i had created user certificate during process,which i set in kamailio
> config file.
> When i gave same certificate and private key to sipp...then it works..
>
>
> but i am not sure if this is the right way.
>
> Becaue i also for testing created another certificates signed by same
> rootCA, and when imported those to sipp....they didnt work...
>
>
> i am confused...that am i using TLS the way it should be or not?
>
> can anyone suggest some nice docs/tutorials about TLS? pls dont just give
> me google results..
>
>
>
> --
> Regards,
>
> Hemanshu Patel
>
> M: 09601295238
>
>
>
>> Hello friendsm,
>>
>> I am testing TLS feature of both kamailio and Sipp.
>>
>> I first downloaded kamailio 1.5.x TLS supported version, uncommented
>> TLS=1
>> from Makefiel and then build the kamailio.
>> first i test kamailio without TLS with sipp for registration and
>> everything works file.
>>
>> Then i follow "http://www.kamailio.org/docs/tls-devel.html" and creates
>> rootCA, user certificates and all configuration parameters to
>> kamailio.cfg
>> file
>>
>> Config paras are as below:
>>
>>
>> /* uncomment the following lines to enable TLS support  (default off) */
>> disable_tls = no
>> listen = tls:172.16.16.218:5091
>> tls_verify_server = 1
>> tls_verify_client = 1
>> tls_require_client_certificate = 1
>> tls_method = TLSv1
>> tls_certificate =
>> "/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-cert.pem"
>> tls_private_key =
>> "/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-privkey.pem"
>> tls_ca_list     =
>> "/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-calist.pem"
>>
>>
>> and restart kamailio server
>>
>> It works and i can see via netstat on port 5091.
>>
>> but when i starts sipp it gives me following error.
>>
>> [hemanshu at localhost sipp.3.1]$ ./sipp -sf ./data/rauth.xml -inf
>> ./data/user.csv -r 1 -m 1 -trace_err -trace_stat -nd -fd 1 -i
>> 172.16.16.218 172.16.16.218:5091 -t l1
>> 2010-02-18      13:51:40:244    1266481300.244432: FI_init_ssl_context:
>> SSL_CTX_use_certificate_file failed.
>>
>>
>> I know i have built sipp with TLS support, then i can not figure out
>> where
>> is the problem.
>> Sipp says user certification file failed ..but client doesnt need any
>> certification file...or does it?
>>
>> i even tried with  tls_verify_client = 1 ,
>> tls_require_client_certificate
>> = 1, playing with different combinations...but still same ans.
>>
>>
>> Can anyone suggest me what could be wrong?
>> Have i made any mistake in configuring kamailio or theres some problem
>> in
>> SIPP.
>>
>>
>>
>>
>>
>> --
>> Regards,
>>
>> Hemanshu Patel
>>
>> M: 09601295238
>>
>>
>> _______________________________________________
>> Kamailio (OpenSER) - Users mailing list
>> Users at lists.kamailio.org
>> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
>> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
>>
>
>
>
>






More information about the sr-users mailing list