[SR-Users] sip over tls is not working
klaus.mailinglists at pernau.at
Wed Jul 11 14:25:50 CEST 2012
Does it work with your web browser?
At least the TLS handshake should work.
If you add the following snippet to your config you should also see the
response in your browser:
xhttp_reply("200", "OK", "text/html","<html><body>OK - $hu -
On 10.07.2012 12:44, Aft nix wrote:
> On Mon, Jul 9, 2012 at 10:24 PM, Daniel-Constantin Mierla
> <miconda at gmail.com> wrote:
>> also, can you provide more details about the case? Is it with the very first
>> connection or you do some load testing and at some point you get this issue?
> No, its not a part of load testing. it happens on the first connection.
>> Can you reproduce it always?
> Yes i can reproduce it.
>> Do you set different number of workers per
>> socket? What is the output of 'kamctl ps'?
> No. both are 4. (udp and tls )
> I have downgraded the lab machine to do some testing. so i can't give
> kamctl ps of the faulty
> installation at this moment. kamailio-3.2.x is deployed in our
> production servers, and it worked flawlessly.
> this is the output of kamctl ps from a 3.2.x. it uses the same config
> file as i was using with git master branch.
> [root at server kamailio-3.2.3]# kamctl ps
> Process:: ID=0 PID=31109 Type=attendant
> Process:: ID=1 PID=31110 Type=udp receiver child=0 sock=<IP>:<PORT>
> Process:: ID=2 PID=31111 Type=udp receiver child=1 sock=<IP>:<PORT>
> Process:: ID=3 PID=31112 Type=udp receiver child=2 sock=<IP>:<PORT>
> Process:: ID=4 PID=31113 Type=udp receiver child=3 sock=<IP>:<PORT>
> Process:: ID=5 PID=31114 Type=slow timer
> Process:: ID=6 PID=31115 Type=timer
> Process:: ID=7 PID=31116 Type=MI FIFO
> Process:: ID=8 PID=31117 Type=ctl handler
> Process:: ID=9 PID=31118 Type=TIMER NH
> Process:: ID=10 PID=31119 Type=tcp receiver child=0
> Process:: ID=11 PID=31120 Type=tcp receiver child=1
> Process:: ID=12 PID=31121 Type=tcp receiver child=2
> Process:: ID=13 PID=31122 Type=tcp receiver child=3
> Process:: ID=14 PID=31123 Type=tcp main process
>> Have you tried with 3.3 branch as well or just master branch?
> I've got this in master branch. haven't tried it with 3.3 branch.
> On the side note similar issue was reported by a guy earlier this year
> in this list which went
> unnoticed. here is the link to that mail :
> His issue seems similar to me.
>> On 7/9/12 3:04 PM, Klaus Darilion wrote:
>>> Use wireshark to analyze the TLS handshake
>>> On 09.07.2012 13:27, Aft nix wrote:
>>>> I have enabled tls parameters as follows:
>>>> in kamailio.cfg
>>>> listen = tls:<IP>:<PORT>
>>>> in tls.cfg
>>>> method = TLSv1
>>>> verify_certificate = no
>>>> require_certificate = no
>>>> private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
>>>> certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
>>>> Now if i try to connect to this interface using openssl s_client, it
>>>> does connects,
>>>> but now server certificate is sent from kamailio.
>>>> kamailio log shows this :
>>>> <core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
>>>> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
>>>> <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
>>>> <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
>>>> 0xb5701580), fd_no=11
>>>> <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
>>>> fd_no=12 called
>>>> <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
>>>> <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
>>>> connection passed to the least busy one (3289651)
>>>> <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
>>>> [tls:<IP>:<PORT>], 0xb5701580
>>>> <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid
>>>> I'm using kamailio from git. its updated to the latest.
>>>> Thanks in advance.
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>> Daniel-Constantin Mierla - http://www.asipto.com
>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 -
>> Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 -
More information about the sr-users