[SR-Users] TLS Handshake failing with WSS

Manuel Camarg sir.louen at gmail.com
Mon Sep 8 20:10:49 CEST 2014 

Hello Daniel:

Trying it, accessing via Browser here is the log, similarities with the
access via SIPML5, no errors, no warnings (at least as far as I can see):

 DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
connection:  123.123.123.123
 DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port
58654, type 3
 DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes:
263:3337:1427, 5
 DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89bda0,
34, 2, 0x7f72f4768638), fd_no=22
 DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x89bda0, 34, -1, 0x0) fd_no=23 called
 DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending to
child, events 1
 DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 0
11(1700) for activity on [tls:124.124.124.124:10443], 0x7f72f4768638
  DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8
con=0x7f72f4768638, fd=11
  DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain
TLSs<default>
  DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake
started
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=2060 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
  DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
  DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake
done
  DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable
renegotiation
  DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
  DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection
from  123.123.123.123:58654 using TLSv1/SSLv3 AES256-SHA 256
  DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket:
124.124.124.124:10443
  DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not
present a certificate
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=282 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
  DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f72f4768638,
FD 11
  DEBUG: <core> [tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF
  DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x8e0040, 11, -1, 0x10) fd_no=2 called
  DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con
0x7f72f4768638, state -1, fd=11, id=5
  DEBUG: <core> [tcp_read.c:1438]: release_tcpconn():  extra_data
0x7f72f47915b0
  DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child:
reader response= 7f72f4768638, -1 from 0
  DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection
0x7f72f47915b0
  DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
connection:  123.123.123.123
  DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port
58656, type 3
  DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes:
313:3383:1453, 6
  DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22
  DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x89bda0, 34, -1, 0x0) fd_no=23 called
  DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending
to child, events 1
  DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 1
12(1701) for activity on [tls:124.124.124.124:10443], 0x7f72f4768638
  DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8
con=0x7f72f4768638, fd=11
  DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain
TLSs<default>
  DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake
started
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=2060 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
  DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
  DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake
done
  DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable
renegotiation
  DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
  DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection
from  123.123.123.123:58656 using TLSv1/SSLv3 AES256-SHA 256
  DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket:
124.124.124.124:10443
  DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not
present a certificate
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=282 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003
  DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
  DEBUG: <core> [parser/msg_parser.c:625]: parse_msg():  method:  <GET>
  DEBUG: <core> [parser/msg_parser.c:627]: parse_msg():  uri:     </>
  DEBUG: <core> [parser/msg_parser.c:629]: parse_msg():  version: <HTTP/1.1>
  DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of
header
  DEBUG: <core> [receive.c:152]: receive_msg(): After parse_msg...
  DEBUG: xhttp [xhttp_mod.c:358]: xhttp_handler(): new fake msg created
(425 bytes):#012<GET / HTTP/1.1#015#012Via: SIP/2.0/TLS
123.123.123.123:58656#015#012Host: domain.com:10443#015#012Connection:
keep-alive#015#012Cache-Control: max-age=0#015#012Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8#015#012User-Agent:
Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/37.0.2062.103 Safari/537.36#015#012Accept-Encoding:
gzip,deflate#015#012Accept-Language:
es,en-GB;q=0.8,en;q=0.6,fr;q=0.4#015#012#015#012>
  DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
  DEBUG: <core> [parser/msg_parser.c:625]: parse_msg():  method:  <GET>
  DEBUG: <core> [parser/msg_parser.c:627]: parse_msg():  uri:     </>
  DEBUG: <core> [parser/msg_parser.c:629]: parse_msg():  version: <HTTP/1.1>
  DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header
reached, state=5
  DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): parse_headers:
Via found, flags=2
  DEBUG: <core> [parser/msg_parser.c:515]: parse_headers(): parse_headers:
this is the first via
  INFO: <script>: HTTP Request Received
  DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of
header
  DEBUG: sl [sl.c:288]: send_reply(): reply in stateless mode (sl)
  DEBUG: <core> [msg_translator.c:204]: check_via_address():
check_via_address( 123.123.123.123,  123.123.123.123, 0)
  DEBUG: <core> [tcp_main.c:2320]: tcpconn_send_put(): tcp_send: send from
reader (1701 (12)), reusing fd
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f72f4768638 n=165 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#027#003#003
  DEBUG: <core> [tcp_main.c:3624]: handle_ser_child(): handle_ser_child:
read response= 7f72f4768638, -1, fd -1 from 12 (1701)
  DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection
0x7f72f47915b0
  DEBUG: <core> [usr_avp.c:644]: destroy_avp_list():
DEBUG:destroy_avp_list: destroying list (nil)
  message repeated 5 times: [ DEBUG: <core> [usr_avp.c:644]:
destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)]
  DEBUG: <core> [xavp.c:448]: xavp_destroy_list(): destroying xavp list
(nil)
  DEBUG: <core> [receive.c:296]: receive_msg(): receive_msg: cleaning up
  DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x8e0040, 11, -1, 0x10) fd_no=2 called
  DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con
0x7f72f4768638, state -2, fd=11, id=6
  DEBUG: <core> [tcp_read.c:1438]: release_tcpconn():  extra_data
0x7f72f47915b0
  DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child:
reader response= 7f72f4768638, -2 from 1

Regards and thanks for your time


*Manuel Camargo*
Teléfono: 638000836
eMail: sir.louen at gmail.com
<https://twitter.com/SirLouen>
[image: Ver el perfil de Manuel Camargo Lominchar en LinkedIn]
<http://es.linkedin.com/in/louen>


2014-09-08 14:57 GMT+02:00 Daniel-Constantin Mierla <miconda at gmail.com>:

>  Hello,
>
> if you run latest versions of web browsers, they become more restrictive
> on wss connection. Be sure that the cetificate is also trusted by the web
> browser.
>
> You can go with the web browser to https://ipofkamailio:portforwss and
> see if you get any warnings there.
>
> Cheers,
> Daniel
>
>
> On 06/09/14 17:23, Manuel Camarg wrote:
>
>  I'm trying to implement WSS with Kamailio
> Thing is that WS works fine, I've followed:
> http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket
>
>  modparam("tls", "config", "webrtc/tls.cfg")
>  In a tls.cfg file I have :
>
>  [server:default]
> method = SSLv23
> verify_certificate = no
>  require_certificate = no
> private_key = webrtc/private.key
>  certificate = webrtc/ssl.pem
> ca_list = webrtc/ca_list.pem
>
>  In the log file:
>
>  /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:178]:
> tls_complete_init(): Using TLS domain TLSs<default>
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:700]:
> sr_ssl_ctx_info_callback(): SSL handshake started
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
> tcpconn_do_send(): tcp_send: sending...
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
> tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=5524
> fd=11
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
> tcpconn_do_send(): tcp_send: buf=#012#026#003#003
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:390]:
> io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f7513516958), fd_no=1
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:712]:
> sr_ssl_ctx_info_callback(): SSL handshake done
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:715]:
> sr_ssl_ctx_info_callback(): SSL disable renegotiation
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:348]:
> tls_accept(): TLS accept successful
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:355]:
> tls_accept(): tls_accept: new connection from 123.123.123.123:63300 using
> TLSv1/SSLv3 AES256-SHA 256
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:358]:
> tls_accept(): tls_accept: local socket: 124.124.124.124:10443
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:369]:
> tls_accept(): tls_accept: client did not present a certificate
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
> tcpconn_do_send(): tcp_send: sending...
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
> tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=282 fd=11
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
> tcpconn_do_send(): tcp_send: buf=#012#026#003#003
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:296]:
> tcp_read_data(): EOF on 0x7f7513516958, FD 11
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1293]:
> tcp_read_req(): tcp_read_req: EOF
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:617]:
> io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1437]:
> release_tcpconn(): releasing con 0x7f7513516958, state -1, fd=11, id=2
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1438]:
> release_tcpconn():  extra_data 0x7f7513510a88
> /usr/local/sbin/kamailio[4029]: DEBUG: <core> [tcp_main.c:3385]:
> handle_tcp_child(): handle_tcp_child: reader response= 7f7513516958, -1
> from 1
> /usr/local/sbin/kamailio[4029]: DEBUG: tls [tls_server.c:597]:
> tls_h_close(): Closing SSL connection 0x7f7513510a88
>
>  In sipml5 the error:
>
>  *Disconnected: Failed to connect to the server*
>
>  In the Chrome console:
>
>
> *__tsip_transport_ws_onerror  *
> *__tsip_transport_ws_onclose *
>
>  SSL certificates seem to be ok:
>  # openssl verify -CAfile ca_list.pem ssl.pem
> ssl.pem: OK
>
>  Can't figure out a solution :( Any ideas?
>
> *Manuel Camargo*
> Teléfono: 638000836
> eMail: sir.louen at gmail.com
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> --
> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
> Sep 22-25, Berlin, Germany
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140908/a31482f6/attachment.html>

More information about the sr-users mailing list