[SR-Users] sip over tls is not working

Klaus Darilion klaus.mailinglists at pernau.at
Wed Jul 11 17:14:10 CEST 2012


Maybe there were some changes fore websocket support which cause 
problems. Do plain TCP connections work?

klaus

On 11.07.2012 16:20, Aft nix wrote:
> On Wed, Jul 11, 2012 at 6:56 PM, Klaus Darilion
> <klaus.mailinglists at pernau.at> wrote:
>> I just tested TLS with Kamailio 3.3.0 and Eyebeam and it works. Make sure to
>> specify "ca_list" if intermediate certificates are used.
>>
>
> I was working with master branch, not 3.3 branch.
>
>>
>> regards
>> Klaus
>>
>> On 09.07.2012 13:27, Aft nix wrote:
>>>
>>> Hi,
>>>
>>> I have enabled tls parameters as follows:
>>>
>>> in kamailio.cfg
>>>
>>> listen = tls:<IP>:<PORT>
>>>
>>> in tls.cfg
>>>
>>> [server:<IP>:<PORT>]
>>> method = TLSv1
>>> verify_certificate = no
>>> require_certificate = no
>>> private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
>>> certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
>>>
>>> Now if i try to connect to this interface using openssl s_client, it
>>> does connects,
>>> but now server certificate is sent from kamailio.
>>>
>>> kamailio log shows this :
>>>
>>>     <core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
>>>     <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
>>>     <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
>>>     <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
>>> 0xb5701580), fd_no=11
>>>     <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
>>> fd_no=12 called
>>>     <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
>>>     <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
>>>    connection passed to the least busy one (3289651)
>>>     <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
>>> [tls:<IP>:<PORT>], 0xb5701580
>>>     <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
>>>
>>> I'm using kamailio from git. its updated to the latest.
>>> Thanks in advance.
>>>
>>
>
>
>




More information about the sr-users mailing list