[SR-Users] segfault when phone registers on TLS
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Nov 15 20:25:25 CET 2012
Seems like Kamailio is configured to require a client certificate, but
the client doesn't have one.
klaus
Am 15.11.2012 15:04, schrieb Denis:
> Thank you, it worked!
> I just added listen=tcp:IP:5060 so it probably needs to initialize tcp
> separately from tls )
>
> Thanks a lot!
>
> P.S.
> now I am having another errors though while connecting to tls port but
> I believe it is certificates problems:
> $ openssl s_client -connect IP:5061 -tls1 -CAfile certs/demoCA/cert.pem
> ...
> 1727:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
> failure:s3_pkt.c:1102:SSL alert number 40
> 1727:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
> failure:s3_pkt.c:539:
> syslog:
> /opt/kamailio/sbin/kamailio[1708]: ERROR: tls [tls_server.c:1190]: TLS
> accept:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer
> did not return a certificate
> /opt/kamailio/sbin/kamailio[1708]: ERROR: <core> [tcp_read.c:1127]:
> ERROR: tcp_read_req: error reading
>
> Thanks,
> Den
>
> On 15/11/12 13:33, Daniel-Constantin Mierla wrote:
>> Copy and paste typo, overlapping port use:
>>
>> listen=tcp:127.0.0.1:5060
>>
>> Cheers,
>> Daniel
>>
>> On 11/15/12 7:54 AM, Denis wrote:
>>> Thanks for looking at that, Daniel.
>>>
>>> If I start all together with tls: and tcp: (both lines order) then I
>>> see this:
>>>
>>> /opt/kamailio/sbin/kamailio[1008]: ERROR: <core> [tcp_main.c:2918]:
>>> ERROR: tcp_init: bind(9, 0x7f3fa8eb7d64, 16) on IP_ADDRESS:5061 :
>>> Address already in use
>>> /opt/kamailio/sbin/kamailio[1008]: ERROR: tls [tls_init.c:314]:
>>> Error while initializing TCP part of TLS socket IP_ADDRESS:5061
>>>
>>> If I start only tcp: I am getting:
>>> /opt/kamailio/sbin/kamailio[1035]: ERROR: tls [tls_init.c:660]:
>>> TLSs<IP_ADDRESS:5061>: No listening socket found
>>> /opt/kamailio/sbin/kamailio[1035]: ERROR: <core> [sr_module.c:939]:
>>> init_mod(): Error while initializing module tls
>>> (/opt/kamailio/lib64/kamailio/modules/tls.so)
>>>
>>> Thanks,
>>> Den
>>>
>>> On 15/11/12 12:48, Daniel-Constantin Mierla wrote:
>>>> Reviewing the previous email, I probably spotted the issues. You
>>>> said you added:
>>>>
>>>> listen=tls:IP.ADDRESS:5061
>>>>
>>>> that forces Kamailio to listen only on tls. But tls is on top of
>>>> tcp, so add:
>>>>
>>>> listen=tcp:127.0.0.1:5061
>>>>
>>>> It was reported couple of days ago, I had no time to look at it
>>>> yet, traveling for the moment. Should not crash in any condition,
>>>> if tcp is required and no other way for tls only, the startup
>>>> process should fail -- I will take care of it soon.
>>>>
>>>> Cheers,
>>>> Daniel
>>>>
>>>> On 11/15/12 7:39 AM, Denis wrote:
>>>>> Only during kamailio start:
>>>>>
>>>>> ...
>>>>> /opt/kamailio/sbin/kamailio[752]: INFO: rtpproxy
>>>>> [rtpproxy.c:1413]: rtp proxy <udp:127.0.0.1:7722> found, support
>>>>> for it enabled
>>>>> /opt/kamailio/sbin/kamailio[759]: INFO: ctl [io_listener.c:225]:
>>>>> io_listen_loop: using epoll_lt io watch method (config)
>>>>>
>>>>> as soon as I send a request on port 5061 it crashes..
>>>>> user at server:~$ telnet HOSTNAME 5061
>>>>> Trying HOSTNAME...
>>>>> Connected to HOSTNAME.
>>>>> Escape character is '^]'.
>>>>> fsf
>>>>> Connection closed by foreign host.
>>>>>
>>>>> and it crashes.
>>>>>
>>>>> On 15/11/12 12:22, Daniel-Constantin Mierla wrote:
>>>>>> Hello,
>>>>>>
>>>>>> On 11/15/12 4:52 AM, Denis wrote:
>>>>>>> [...]
>>>>>>> /opt/kamailio/sbin/kamailio[30278]: ALERT: <core> [main.c:785]:
>>>>>>> child process 30293 exited by a signal 11
>>>>>> Before this line, do you have any other error messages printed by
>>>>>> pid 30278?
>>>>>>
>>>>>> Cheers,
>>>>>> Daniel
>>>>>> --
>>>>>> Daniel-Constantin Mierla -http://www.asipto.com
>>>>>> http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
>>>>>
>>>>
>>>> --
>>>> Daniel-Constantin Mierla -http://www.asipto.com
>>>> http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
>>>
>>
>> --
>> Daniel-Constantin Mierla -http://www.asipto.com
>> http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20121115/b786d9a6/attachment.htm>
More information about the sr-users
mailing list