[SR-Users] sip over tls is not working

Aft nix aftnix at gmail.com
Tue Jul 10 12:44:08 CEST 2012 

On Mon, Jul 9, 2012 at 10:24 PM, Daniel-Constantin Mierla
<miconda at gmail.com> wrote:
> Hello,
>
> also, can you provide more details about the case? Is it with the very first
> connection or you do some load testing and at some point you get this issue?
>

No, its not a part of load testing. it happens on the first connection.

> Can you reproduce it always?

Yes i can reproduce it.

>Do you set different number of workers per
> socket? What is the output of 'kamctl ps'?

No. both are 4. (udp and tls )

I have downgraded the lab machine to do some testing. so i can't give
kamctl ps of the faulty
installation at this moment. kamailio-3.2.x is deployed in our
production servers, and it worked flawlessly.

this is the output of kamctl ps from a 3.2.x. it uses the same config
file as i was using with git master branch.

[root at server kamailio-3.2.3]# kamctl ps
Process::  ID=0 PID=31109 Type=attendant
Process::  ID=1 PID=31110 Type=udp receiver child=0 sock=<IP>:<PORT>
Process::  ID=2 PID=31111 Type=udp receiver child=1 sock=<IP>:<PORT>
Process::  ID=3 PID=31112 Type=udp receiver child=2 sock=<IP>:<PORT>
Process::  ID=4 PID=31113 Type=udp receiver child=3 sock=<IP>:<PORT>
Process::  ID=5 PID=31114 Type=slow timer
Process::  ID=6 PID=31115 Type=timer
Process::  ID=7 PID=31116 Type=MI FIFO
Process::  ID=8 PID=31117 Type=ctl handler
Process::  ID=9 PID=31118 Type=TIMER NH
Process::  ID=10 PID=31119 Type=tcp receiver child=0
Process::  ID=11 PID=31120 Type=tcp receiver child=1
Process::  ID=12 PID=31121 Type=tcp receiver child=2
Process::  ID=13 PID=31122 Type=tcp receiver child=3
Process::  ID=14 PID=31123 Type=tcp main process

>
> Have you tried with 3.3 branch as well or just master branch?
>

I've got this in master branch. haven't tried it with 3.3 branch.

On the side note similar issue was reported by a guy earlier this year
in this list which went
unnoticed. here is the link to that mail :

http://lists.sip-router.org/pipermail/sr-users/2012-April/072683.html

His issue seems similar to me.

Cheers
> Cheers,
> Daniel
>
>
> On 7/9/12 3:04 PM, Klaus Darilion wrote:
>>
>> Use wireshark to analyze the TLS handshake
>>
>> regards
>> klaus
>>
>> On 09.07.2012 13:27, Aft nix wrote:
>>>
>>> Hi,
>>>
>>> I have enabled tls parameters as follows:
>>>
>>> in kamailio.cfg
>>>
>>> listen = tls:<IP>:<PORT>
>>>
>>> in tls.cfg
>>>
>>> [server:<IP>:<PORT>]
>>> method = TLSv1
>>> verify_certificate = no
>>> require_certificate = no
>>> private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
>>> certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
>>>
>>> Now if i try to connect to this interface using openssl s_client, it
>>> does connects,
>>> but now server certificate is sent from kamailio.
>>>
>>> kamailio log shows this :
>>>
>>>    <core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
>>>    <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
>>>    <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
>>>    <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
>>> 0xb5701580), fd_no=11
>>>    <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
>>> fd_no=12 called
>>>    <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
>>>    <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
>>>   connection passed to the least busy one (3289651)
>>>    <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
>>> [tls:<IP>:<PORT>], 0xb5701580
>>>    <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid
>>> 2491)
>>>
>>> I'm using kamailio from git. its updated to the latest.
>>> Thanks in advance.
>>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> --
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 -
> http://asipto.com/u/katu
> Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 -
> http://asipto.com/u/kpw
>



-- 
-aft

More information about the sr-users mailing list