[SR-Users] sip over tls is not working

Aft nix aftnix at gmail.com
Mon Jul 9 18:51:47 CEST 2012


On Mon, Jul 9, 2012 at 7:04 PM, Klaus Darilion
<klaus.mailinglists at pernau.at> wrote:
> Use wireshark to analyze the TLS handshake
>

Thanks for the suggestion. I'll analyze it and post my findings.

> regards
> klaus
>
>
> On 09.07.2012 13:27, Aft nix wrote:
>>
>> Hi,
>>
>> I have enabled tls parameters as follows:
>>
>> in kamailio.cfg
>>
>> listen = tls:<IP>:<PORT>
>>
>> in tls.cfg
>>
>> [server:<IP>:<PORT>]
>> method = TLSv1
>> verify_certificate = no
>> require_certificate = no
>> private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
>> certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
>>
>> Now if i try to connect to this interface using openssl s_client, it
>> does connects,
>> but now server certificate is sent from kamailio.
>>
>> kamailio log shows this :
>>
>>    <core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
>>    <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
>>    <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
>>    <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
>> 0xb5701580), fd_no=11
>>    <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
>> fd_no=12 called
>>    <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
>>    <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
>>   connection passed to the least busy one (3289651)
>>    <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
>> [tls:<IP>:<PORT>], 0xb5701580
>>    <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
>>
>> I'm using kamailio from git. its updated to the latest.
>> Thanks in advance.
>>
>



-- 
-aft



More information about the sr-users mailing list