[SR-Users] Configuring TLS and WSS with Kamailio

Ben Langfeld ben at langfeld.co.uk
Sat Oct 18 00:56:50 CEST 2014 

Out of curiosity, why don't you use the pre-built packaged binaries instead
of building from source?

On 17 October 2014 19:53, Kamrul Khan <dodul at live.com> wrote:

> Hi,
>
>
>  Im trying to connect my WebRTC clietn to kamailio via WSS. I
> successfully connected it via WS but having trouble connecting it via WSS.
> My first issue is I get error messages while i try to compile TLS
> module(console log in the end of the document). But, still it creates
> tls.so file. So i copied the tls.so to my kamailio modules directory and
> then updated my kamailio configuration as below:
>
>
>  #!define WITH_TLS
>
> .
>
> .
>
> listen=tcp:127.0.0.1:5061
>
> listen=tcp:192.168.146.133:5061
>
> .
>
> .
>
> #!ifdef WITH_TLS
>
> enable_tls=yes
>
> #!endif
>
> .
>
> .
>
> #!ifdef WITH_TLS
>
> # ----- tls params -----
>
> modparam("tls", "config", "/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
>
> #!endif
>
>
>  Now, according to this mailing list,
> http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html : “*when
> tls module is installed, a self signed pair of certificate-private key is
> generated in /usr/local/etc/kamailio”*
>
>
>  In my case, I dont even have the /usr/local/etc/kamailio directory. So,
> I followed
> http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates to
> create my certificate and key. And updated my tsl.cfg, this is how my
> tsl.cfg looks like:
>
>
>  [server:192.168.146.133:5061]
>
> method = TLSv1
>
> verify_certificate = no
>
> require_certificate = no
>
>
>  private_key = /etc/certs/sip.192.168.146.133/key.pem
>
> certificate = /etc/certs/sip.192.168.146.133/cert.pem
>
> ca_list = /etc/certs/demoCA/cert.pem
>
>
>  [client:192.168.146.133:5061]
>
> verify_certificate = yes
>
> require_certificate = yes
>
>
>
>  Then I restarted my kamailio server. And i get the following errors in
> my kamailio log:
>
>
>  Im not sure what wrong im doing. Please help me:
>
>
>  Oct 17 15:44:50 ubuntu kamailio: INFO: tls [tls_init.c:385]:
> init_tls_compression(): tls: init_tls: disabling compression...
>
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [socket_info.c:1397]:
> fix_hostname(): WARNING: fix_hostname: could not rev. resolve
> 192.168.146.133
>
> Oct 17 15:44:50 ubuntu kamailio: message repeated 2 times: [ WARNING:
> <core> [socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
> not rev. resolve 192.168.146.133]
>
> Oct 17 15:44:50 ubuntu kamailio: INFO: <core> [tcp_main.c:4836]:
> init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected)
>
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [daemonize.c:352]:
> daemonize(): pid file contains old pid, replacing pid
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:288]: mod_init(): forward functionality disabled
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:197]: pres_db_init(): xcap_auth_status function is
> disabled
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs<
> 192.168.146.133:5061>: No listening socket found
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while
> initializing module tls
> (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: :
> tls [tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
> invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
>
> Oct 17 15:44:51 ubuntu kamailio: ERROR: <core> [daemonize.c:307]:
> daemonize(): Main process exited before writing to pipe
>
>
>  tls module compile log
>
>
>  xxx at ubuntu:/usr/local/src/kamailio-4.1/kamailio$ sudo make -C modules/tls
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> CC (gcc) [M tls.so]             tls_bio.o
> CC (gcc) [M tls.so]             tls_cfg.o
> CC (gcc) [M tls.so]             tls_config.o
> CC (gcc) [M tls.so]             tls_ct_wrq.o
> CC (gcc) [M tls.so]             tls_domain.o
> In file included from tls_domain.c:39:0:
> tls_domain.c: In function âload_certâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_domain.c:506:4: note: in expansion of macro âTLS_ERRâ
>     TLS_ERR("load_cert:");
>     ^
> tls_domain.c: In function âload_ca_listâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_domain.c:536:4: note: in expansion of macro âTLS_ERRâ
>     TLS_ERR("load_ca_list:");
>     ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_domain.c:543:4: note: in expansion of macro âTLS_ERRâ
>     TLS_ERR("load_ca_list:");
>     ^
> tls_domain.c: In function âload_crlâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_domain.c:575:4: note: in expansion of macro âTLS_ERRâ
>     TLS_ERR("load_crl:");
>     ^
> tls_domain.c: In function âload_private_keyâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_domain.c:990:5: note: in expansion of macro âTLS_ERRâ
>      TLS_ERR("load_private_key:");
>      ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_domain.c:998:4: note: in expansion of macro âTLS_ERRâ
>     TLS_ERR("load_private_key:");
>     ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_domain.c:1005:4: note: in expansion of macro âTLS_ERRâ
>     TLS_ERR("load_private_key:");
>     ^
> CC (gcc) [M tls.so]             tls_dump_vf.o
> CC (gcc) [M tls.so]             tls_init.o
> CC (gcc) [M tls.so]             tls_locking.o
> CC (gcc) [M tls.so]             tls_mod.o
> CC (gcc) [M tls.so]             tls_rpc.o
> CC (gcc) [M tls.so]             tls_select.o
> CC (gcc) [M tls.so]             tls_server.o
> In file included from tls_server.c:52:0:
> tls_server.c: In function âtls_complete_initâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_server.c:192:3: note: in expansion of macro âTLS_ERRâ
>    TLS_ERR("Failed to create SSL or BIO structure:");
>    ^
> tls_server.c: In function âtls_shutdownâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_server.c:521:4: note: in expansion of macro âTLS_ERRâ
>     TLS_ERR("SSL error:");
>     ^
> tls_server.c: In function âtls_encode_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_server.c:798:5: note: in expansion of macro âTLS_ERRâ
>      TLS_ERR(err_src);
>      ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_server.c:832:5: note: in expansion of macro âTLS_ERRâ
>      TLS_ERR(err_src);
>      ^
> tls_server.c: In function âtls_read_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_server.c:1186:4: note: in expansion of macro âTLS_ERRâ
>     TLS_ERR(err_src);
>     ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
>   int ret;             \
>       ^
> tls_server.c:1220:4: note: in expansion of macro âTLS_ERRâ
>     TLS_ERR(err_src);
>     ^
> CC (gcc) [M tls.so]             tls_util.o
> CC (gcc) [M tls.so]             tls_verify.o
> LD (gcc) [M tls.so]             tls.so
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20141017/0dd9d8c8/attachment.html>

More information about the sr-users mailing list