[SR-Users] TLS Handshake failing with WSS

Daniel-Constantin Mierla miconda at gmail.com
Mon Sep 8 21:46:59 CEST 2014 

Hello,

from the logs you sent now, it appears that you have set_reply_close() 
in config, therefore the connection is closed after sending the reply.

Cheers,
Daniel

On 08/09/14 20:10, Manuel Camarg wrote:
> Hello Daniel:
>
> Trying it, accessing via Browser here is the log, similarities with 
> the access via SIPML5, no errors, no warnings (at least as far as I 
> can see):
>
>  DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp 
> connection:  123.123.123.123
>  DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port 
> 58654, type 3
>  DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes: 
> 263:3337:1427, 5
>  DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: 
> io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22
>  DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del 
> (0x89bda0, 34, -1, 0x0) fd_no=23 called
>  DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: 
> sending to child, events 1
>  DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 0 
> 11(1700) for activity on [tls:124.124.124.124:10443 
> <http://124.124.124.124:10443>], 0x7f72f4768638
>   DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8 
> con=0x7f72f4768638, fd=11
>   DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain 
> TLSs<default>
>   DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL 
> handshake started
>   DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
>   DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after 
> real write: c= 0x7f72f4768638 n=2060 fd=11
>   DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: 
> buf=#012#026#003#003
>   DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: 
> io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
>   DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL 
> handshake done
>   DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL 
> disable renegotiation
>   DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
>   DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new 
> connection from 123.123.123.123:58654 <http://123.123.123.123:58654> 
> using TLSv1/SSLv3 AES256-SHA 256
>   DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local 
> socket: 124.124.124.124:10443 <http://124.124.124.124:10443>
>   DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did 
> not present a certificate
>   DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
>   DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after 
> real write: c= 0x7f72f4768638 n=282 fd=11
>   DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: 
> buf=#012#026#003#003
>   DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 
> 0x7f72f4768638, FD 11
>   DEBUG: <core> [tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF
>   DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del 
> (0x8e0040, 11, -1, 0x10) fd_no=2 called
>   DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con 
> 0x7f72f4768638, state -1, fd=11, id=5
>   DEBUG: <core> [tcp_read.c:1438]: release_tcpconn():  extra_data 
> 0x7f72f47915b0
>   DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): 
> handle_tcp_child: reader response= 7f72f4768638, -1 from 0
>   DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection 
> 0x7f72f47915b0
>   DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp 
> connection:  123.123.123.123
>   DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port 
> 58656, type 3
>   DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes: 
> 313:3383:1453, 6
>   DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: 
> io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22
>   DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del 
> (0x89bda0, 34, -1, 0x0) fd_no=23 called
>   DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: 
> sending to child, events 1
>   DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 1 
> 12(1701) for activity on [tls:124.124.124.124:10443 
> <http://124.124.124.124:10443>], 0x7f72f4768638
>   DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8 
> con=0x7f72f4768638, fd=11
>   DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain 
> TLSs<default>
>   DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL 
> handshake started
>   DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
>   DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after 
> real write: c= 0x7f72f4768638 n=2060 fd=11
>   DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: 
> buf=#012#026#003#003
>   DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: 
> io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
>   DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL 
> handshake done
>   DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL 
> disable renegotiation
>   DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
>   DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new 
> connection from 123.123.123.123:58656 <http://123.123.123.123:58656> 
> using TLSv1/SSLv3 AES256-SHA 256
>   DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local 
> socket: 124.124.124.124:10443 <http://124.124.124.124:10443>
>   DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did 
> not present a certificate
>   DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
>   DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after 
> real write: c= 0x7f72f4768638 n=282 fd=11
>   DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: 
> buf=#012#026#003#003
>   DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
>   DEBUG: <core> [parser/msg_parser.c:625]: parse_msg():  method:  <GET>
>   DEBUG: <core> [parser/msg_parser.c:627]: parse_msg():  uri:     </>
>   DEBUG: <core> [parser/msg_parser.c:629]: parse_msg():  version: 
> <HTTP/1.1>
>   DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end 
> of header
>   DEBUG: <core> [receive.c:152]: receive_msg(): After parse_msg...
>   DEBUG: xhttp [xhttp_mod.c:358]: xhttp_handler(): new fake msg 
> created (425 bytes):#012<GET / HTTP/1.1#015#012Via: SIP/2.0/TLS 
> 123.123.123.123:58656#015#012Host 
> <http://123.123.123.123:58656#015#012Host>: 
> domain.com:10443#015#012Connection 
> <http://domain.com:10443#015#012Connection>: 
> keep-alive#015#012Cache-Control: max-age=0#015#012Accept: 
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8#015#012User-Agent: 
> Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like 
> Gecko) Chrome/37.0.2062.103 Safari/537.36#015#012Accept-Encoding: 
> gzip,deflate#015#012Accept-Language: 
> es,en-GB;q=0.8,en;q=0.6,fr;q=0.4#015#012#015#012>
>   DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
>   DEBUG: <core> [parser/msg_parser.c:625]: parse_msg():  method:  <GET>
>   DEBUG: <core> [parser/msg_parser.c:627]: parse_msg():  uri:     </>
>   DEBUG: <core> [parser/msg_parser.c:629]: parse_msg():  version: 
> <HTTP/1.1>
>   DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header 
> reached, state=5
>   DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): 
> parse_headers: Via found, flags=2
>   DEBUG: <core> [parser/msg_parser.c:515]: parse_headers(): 
> parse_headers: this is the first via
>   INFO: <script>: HTTP Request Received
>   DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end 
> of header
>   DEBUG: sl [sl.c:288]: send_reply(): reply in stateless mode (sl)
>   DEBUG: <core> [msg_translator.c:204]: check_via_address(): 
> check_via_address( 123.123.123.123,  123.123.123.123, 0)
>   DEBUG: <core> [tcp_main.c:2320]: tcpconn_send_put(): tcp_send: send 
> from reader (1701 (12)), reusing fd
>   DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
>   DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after 
> real write: c= 0x7f72f4768638 n=165 fd=11
>   DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: 
> buf=#012#027#003#003
>   DEBUG: <core> [tcp_main.c:3624]: handle_ser_child(): 
> handle_ser_child: read response= 7f72f4768638, -1, fd -1 from 12 (1701)
>   DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection 
> 0x7f72f47915b0
>   DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): 
> DEBUG:destroy_avp_list: destroying list (nil)
>   message repeated 5 times: [ DEBUG: <core> [usr_avp.c:644]: 
> destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)]
>   DEBUG: <core> [xavp.c:448]: xavp_destroy_list(): destroying xavp 
> list (nil)
>   DEBUG: <core> [receive.c:296]: receive_msg(): receive_msg: cleaning up
>   DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del 
> (0x8e0040, 11, -1, 0x10) fd_no=2 called
>   DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con 
> 0x7f72f4768638, state -2, fd=11, id=6
>   DEBUG: <core> [tcp_read.c:1438]: release_tcpconn():  extra_data 
> 0x7f72f47915b0
>   DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): 
> handle_tcp_child: reader response= 7f72f4768638, -2 from 1
>
> Regards and thanks for your time
>
>
> *Manuel Camargo*
> Teléfono: 638000836
> eMail: sir.louen at gmail.com <mailto:sir.louen at gmail.com>
> <https://twitter.com/SirLouen>
> Ver el perfil de Manuel Camargo Lominchar en LinkedIn 
> <http://es.linkedin.com/in/louen>
>
>
> 2014-09-08 14:57 GMT+02:00 Daniel-Constantin Mierla <miconda at gmail.com 
> <mailto:miconda at gmail.com>>:
>
>     Hello,
>
>     if you run latest versions of web browsers, they become more
>     restrictive on wss connection. Be sure that the cetificate is also
>     trusted by the web browser.
>
>     You can go with the web browser to https://ipofkamailio:portforwss
>     and see if you get any warnings there.
>
>     Cheers,
>     Daniel
>
>
>     On 06/09/14 17:23, Manuel Camarg wrote:
>>     I'm trying to implement WSS with Kamailio
>>     Thing is that WS works fine, I've followed:
>>     http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket
>>
>>     modparam("tls", "config", "webrtc/tls.cfg")
>>     In a tls.cfg file I have :
>>
>>     [server:default]
>>     method = SSLv23
>>     verify_certificate = no
>>     require_certificate = no
>>     private_key = webrtc/private.key
>>     certificate = webrtc/ssl.pem
>>     ca_list = webrtc/ca_list.pem
>>
>>     In the log file:
>>
>>     /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:178]:
>>     tls_complete_init(): Using TLS domain TLSs<default>
>>     /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:700]:
>>     sr_ssl_ctx_info_callback(): SSL handshake started
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
>>     tcpconn_do_send(): tcp_send: sending...
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
>>     tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958
>>     n=5524 fd=11
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
>>     tcpconn_do_send(): tcp_send: buf=#012#026#003#003
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:390]:
>>     io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2,
>>     0x7f7513516958), fd_no=1
>>     /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:712]:
>>     sr_ssl_ctx_info_callback(): SSL handshake done
>>     /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:715]:
>>     sr_ssl_ctx_info_callback(): SSL disable renegotiation
>>     /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:348]:
>>     tls_accept(): TLS accept successful
>>     /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:355]:
>>     tls_accept(): tls_accept: new connection from
>>     123.123.123.123:63300 <http://123.123.123.123:63300> using
>>     TLSv1/SSLv3 AES256-SHA 256
>>     /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:358]:
>>     tls_accept(): tls_accept: local socket: 124.124.124.124:10443
>>     <http://124.124.124.124:10443>
>>     /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:369]:
>>     tls_accept(): tls_accept: client did not present a certificate
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]:
>>     tcpconn_do_send(): tcp_send: sending...
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]:
>>     tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958
>>     n=282 fd=11
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]:
>>     tcpconn_do_send(): tcp_send: buf=#012#026#003#003
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:296]:
>>     tcp_read_data(): EOF on 0x7f7513516958, FD 11
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1293]:
>>     tcp_read_req(): tcp_read_req: EOF
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:617]:
>>     io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10)
>>     fd_no=2 called
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1437]:
>>     release_tcpconn(): releasing con 0x7f7513516958, state -1, fd=11,
>>     id=2
>>     /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1438]:
>>     release_tcpconn():  extra_data 0x7f7513510a88
>>     /usr/local/sbin/kamailio[4029]: DEBUG: <core> [tcp_main.c:3385]:
>>     handle_tcp_child(): handle_tcp_child: reader response=
>>     7f7513516958, -1 from 1
>>     /usr/local/sbin/kamailio[4029]: DEBUG: tls [tls_server.c:597]:
>>     tls_h_close(): Closing SSL connection 0x7f7513510a88
>>
>>     In sipml5 the error:
>>
>>     /Disconnected: *Failed to connect to the server*/
>>
>>     In the Chrome console:
>>
>>     /*__tsip_transport_ws_onerror
>>     */
>>     /*__tsip_transport_ws_onclose */
>>     /*
>>     */
>>     SSL certificates seem to be ok:
>>     # openssl verify -CAfile ca_list.pem ssl.pem
>>     ssl.pem: OK
>>
>>     Can't figure out a solution :( Any ideas?
>>
>>     *Manuel Camargo*
>>     Teléfono: 638000836 <tel:638000836>
>>     eMail: sir.louen at gmail.com <mailto:sir.louen at gmail.com>
>>
>>
>>
>>     _______________________________________________
>>     SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>     sr-users at lists.sip-router.org  <mailto:sr-users at lists.sip-router.org>
>>     http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>     -- 
>     Daniel-Constantin Mierla
>     http://twitter.com/#!/miconda  <http://twitter.com/#%21/miconda>  -http://www.linkedin.com/in/miconda
>     Next Kamailio Advanced Trainings 2014 -http://www.asipto.com
>     Sep 22-25, Berlin, Germany
>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140908/e0427907/attachment.html>

More information about the sr-users mailing list