[SR-Users] TLS Handshake failing with WSS
Daniel-Constantin Mierla
miconda at gmail.com
Mon Sep 8 21:46:59 CEST 2014
Hello,
from the logs you sent now, it appears that you have set_reply_close()
in config, therefore the connection is closed after sending the reply.
Cheers,
Daniel
On 08/09/14 20:10, Manuel Camarg wrote:
> Hello Daniel:
>
> Trying it, accessing via Browser here is the log, similarities with
> the access via SIPML5, no errors, no warnings (at least as far as I
> can see):
>
> DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
> connection: 123.123.123.123
> DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port
> 58654, type 3
> DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes:
> 263:3337:1427, 5
> DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
> io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22
> DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
> (0x89bda0, 34, -1, 0x0) fd_no=23 called
> DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG:
> sending to child, events 1
> DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 0
> 11(1700) for activity on [tls:124.124.124.124:10443
> <http://124.124.124.124:10443>], 0x7f72f4768638
> DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8
> con=0x7f72f4768638, fd=11
> DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain
> TLSs<default>
> DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL
> handshake started
> DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
> DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after
> real write: c= 0x7f72f4768638 n=2060 fd=11
> DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
> buf=#012#026#003#003
> DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
> io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
> DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL
> handshake done
> DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL
> disable renegotiation
> DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
> DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new
> connection from 123.123.123.123:58654 <http://123.123.123.123:58654>
> using TLSv1/SSLv3 AES256-SHA 256
> DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local
> socket: 124.124.124.124:10443 <http://124.124.124.124:10443>
> DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did
> not present a certificate
> DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
> DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after
> real write: c= 0x7f72f4768638 n=282 fd=11
> DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
> buf=#012#026#003#003
> DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on
> 0x7f72f4768638, FD 11
> DEBUG: <core> [tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF
> DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
> (0x8e0040, 11, -1, 0x10) fd_no=2 called
> DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con
> 0x7f72f4768638, state -1, fd=11, id=5
> DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data
> 0x7f72f47915b0
> DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child():
> handle_tcp_child: reader response= 7f72f4768638, -1 from 0
> DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection
> 0x7f72f47915b0
> DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp
> connection: 123.123.123.123
> DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port
> 58656, type 3
> DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes:
> 313:3383:1453, 6
> DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
> io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22
> DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
> (0x89bda0, 34, -1, 0x0) fd_no=23 called
> DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG:
> sending to child, events 1
> DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 1
> 12(1701) for activity on [tls:124.124.124.124:10443
> <http://124.124.124.124:10443>], 0x7f72f4768638
> DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8
> con=0x7f72f4768638, fd=11
> DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain
> TLSs<default>
> DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL
> handshake started
> DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
> DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after
> real write: c= 0x7f72f4768638 n=2060 fd=11
> DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
> buf=#012#026#003#003
> DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG:
> io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
> DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL
> handshake done
> DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL
> disable renegotiation
> DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
> DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new
> connection from 123.123.123.123:58656 <http://123.123.123.123:58656>
> using TLSv1/SSLv3 AES256-SHA 256
> DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local
> socket: 124.124.124.124:10443 <http://124.124.124.124:10443>
> DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did
> not present a certificate
> DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
> DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after
> real write: c= 0x7f72f4768638 n=282 fd=11
> DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
> buf=#012#026#003#003
> DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
> DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <GET>
> DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: </>
> DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version:
> <HTTP/1.1>
> DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end
> of header
> DEBUG: <core> [receive.c:152]: receive_msg(): After parse_msg...
> DEBUG: xhttp [xhttp_mod.c:358]: xhttp_handler(): new fake msg
> created (425 bytes):#012<GET / HTTP/1.1#015#012Via: SIP/2.0/TLS
> 123.123.123.123:58656#015#012Host
> <http://123.123.123.123:58656#015#012Host>:
> domain.com:10443#015#012Connection
> <http://domain.com:10443#015#012Connection>:
> keep-alive#015#012Cache-Control: max-age=0#015#012Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8#015#012User-Agent:
> Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like
> Gecko) Chrome/37.0.2062.103 Safari/537.36#015#012Accept-Encoding:
> gzip,deflate#015#012Accept-Language:
> es,en-GB;q=0.8,en;q=0.6,fr;q=0.4#015#012#015#012>
> DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
> DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <GET>
> DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: </>
> DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version:
> <HTTP/1.1>
> DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header
> reached, state=5
> DEBUG: <core> [parser/msg_parser.c:513]: parse_headers():
> parse_headers: Via found, flags=2
> DEBUG: <core> [parser/msg_parser.c:515]: parse_headers():
> parse_headers: this is the first via
> INFO: <script>: HTTP Request Received
> DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end
> of header
> DEBUG: sl [sl.c:288]: send_reply(): reply in stateless mode (sl)
> DEBUG: <core> [msg_translator.c:204]: check_via_address():
> check_via_address( 123.123.123.123, 123.123.123.123, 0)
> DEBUG: <core> [tcp_main.c:2320]: tcpconn_send_put(): tcp_send: send
> from reader (1701 (12)), reusing fd
> DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
> DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after
> real write: c= 0x7f72f4768638 n=165 fd=11
> DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
> buf=#012#027#003#003
> DEBUG: <core> [tcp_main.c:3624]: handle_ser_child():
> handle_ser_child: read response= 7f72f4768638, -1, fd -1 from 12 (1701)
> DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection
> 0x7f72f47915b0
> DEBUG: <core> [usr_avp.c:644]: destroy_avp_list():
> DEBUG:destroy_avp_list: destroying list (nil)
> message repeated 5 times: [ DEBUG: <core> [usr_avp.c:644]:
> destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)]
> DEBUG: <core> [xavp.c:448]: xavp_destroy_list(): destroying xavp
> list (nil)
> DEBUG: <core> [receive.c:296]: receive_msg(): receive_msg: cleaning up
> DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
> (0x8e0040, 11, -1, 0x10) fd_no=2 called
> DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con
> 0x7f72f4768638, state -2, fd=11, id=6
> DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data
> 0x7f72f47915b0
> DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child():
> handle_tcp_child: reader response= 7f72f4768638, -2 from 1
>
> Regards and thanks for your time
>
>
> *Manuel Camargo*
> Teléfono: 638000836
> eMail: sir.louen at gmail.com <mailto:sir.louen at gmail.com>
> <https://twitter.com/SirLouen>
> Ver el perfil de Manuel Camargo Lominchar en LinkedIn
> <http://es.linkedin.com/in/louen>
>
>
> 2014-09-08 14:57 GMT+02:00 Daniel-Constantin Mierla <miconda at gmail.com
> <mailto:miconda at gmail.com>>:
>
> Hello,
>
> if you run latest versions of web browsers, they become more
> restrictive on wss connection. Be sure that the cetificate is also
> trusted by the web browser.
>
> You can go with the web browser to https://ipofkamailio:portforwss
> and see if you get any warnings there.
>
> Cheers,
> Daniel
>
>
> On 06/09/14 17:23, Manuel Camarg wrote:
>> I'm trying to implement WSS with Kamailio
>> Thing is that WS works fine, I've followed:
>> http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket
>>
>> modparam("tls", "config", "webrtc/tls.cfg")
>> In a tls.cfg file I have :
>>
>> [server:default]
>> method = SSLv23
>> verify_certificate = no
>> require_certificate = no
>> private_key = webrtc/private.key
>> certificate = webrtc/ssl.pem
>> ca_list = webrtc/ca_list.pem
>>
>> In the log file:
>>
>> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:178]:
>> tls_complete_init(): Using TLS domain TLSs<default>
>> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:700]:
>> sr_ssl_ctx_info_callback(): SSL handshake started
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
>> tcpconn_do_send(): tcp_send: sending...
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
>> tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958
>> n=5524 fd=11
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
>> tcpconn_do_send(): tcp_send: buf=#012#026#003#003
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:390]:
>> io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2,
>> 0x7f7513516958), fd_no=1
>> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:712]:
>> sr_ssl_ctx_info_callback(): SSL handshake done
>> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:715]:
>> sr_ssl_ctx_info_callback(): SSL disable renegotiation
>> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:348]:
>> tls_accept(): TLS accept successful
>> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:355]:
>> tls_accept(): tls_accept: new connection from
>> 123.123.123.123:63300 <http://123.123.123.123:63300> using
>> TLSv1/SSLv3 AES256-SHA 256
>> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:358]:
>> tls_accept(): tls_accept: local socket: 124.124.124.124:10443
>> <http://124.124.124.124:10443>
>> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:369]:
>> tls_accept(): tls_accept: client did not present a certificate
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
>> tcpconn_do_send(): tcp_send: sending...
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
>> tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958
>> n=282 fd=11
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
>> tcpconn_do_send(): tcp_send: buf=#012#026#003#003
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:296]:
>> tcp_read_data(): EOF on 0x7f7513516958, FD 11
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1293]:
>> tcp_read_req(): tcp_read_req: EOF
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:617]:
>> io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10)
>> fd_no=2 called
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1437]:
>> release_tcpconn(): releasing con 0x7f7513516958, state -1, fd=11,
>> id=2
>> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1438]:
>> release_tcpconn(): extra_data 0x7f7513510a88
>> /usr/local/sbin/kamailio[4029]: DEBUG: <core> [tcp_main.c:3385]:
>> handle_tcp_child(): handle_tcp_child: reader response=
>> 7f7513516958, -1 from 1
>> /usr/local/sbin/kamailio[4029]: DEBUG: tls [tls_server.c:597]:
>> tls_h_close(): Closing SSL connection 0x7f7513510a88
>>
>> In sipml5 the error:
>>
>> /Disconnected: *Failed to connect to the server*/
>>
>> In the Chrome console:
>>
>> /*__tsip_transport_ws_onerror
>> */
>> /*__tsip_transport_ws_onclose */
>> /*
>> */
>> SSL certificates seem to be ok:
>> # openssl verify -CAfile ca_list.pem ssl.pem
>> ssl.pem: OK
>>
>> Can't figure out a solution :( Any ideas?
>>
>> *Manuel Camargo*
>> Teléfono: 638000836 <tel:638000836>
>> eMail: sir.louen at gmail.com <mailto:sir.louen at gmail.com>
>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla
> http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> -http://www.linkedin.com/in/miconda
> Next Kamailio Advanced Trainings 2014 -http://www.asipto.com
> Sep 22-25, Berlin, Germany
>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140908/e0427907/attachment.html>
More information about the sr-users
mailing list