[SR-Users] TLS Handshake failing with WSS
Manuel Camarg
sir.louen at gmail.com
Tue Sep 9 16:49:04 CEST 2014
According to this article I mentioned in the beginning:
http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket
In http:request they do straight away the set_reply_close();
I don't know exactly if this kamailio.cfg implementation may be useful for
working with WSS:
event_route[xhttp:request] {
set_reply_close();
set_reply_no_connect();
if ($Rp != MY_WS_PORT
#!ifdef WITH_TLS
&& $Rp != MY_WSS_PORT
#!endif
) {
xlog("L_WARN", "HTTP request received on $Rp\n");
xhttp_reply("403", "Forbidden", "", "");
exit;
}
xlog("L_DBG", "HTTP Request Received\n");
if ($hdr(Upgrade)=~"websocket"
&& $hdr(Connection)=~"Upgrade"
&& $rm=~"GET") {
# Validate Host - make sure the client is using the correct
# alias for WebSockets
if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
xlog("L_WARN", "Bad host $hdr(Host)\n");
xhttp_reply("403", "Forbidden", "", "");
exit;
}
# Optional... validate Origin - make sure the client is from an
# authorised website. For example,
#
# if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
# && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
# xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
# xhttp_reply("403", "Forbidden", "", "");
# exit;
# }
# Optional... perform HTTP authentication
# ws_handle_handshake() exits (no further configuration file
# processing of the request) when complete.
if (ws_handle_handshake())
{
# Optional... cache some information about the
# successful connection
exit;
}
}
HTTP authentication is not being properly set up. Any indications on how to
perform this sucessfully?
Kind regards
Manuel
>Hello,
>
>from the logs you sent now, it appears that you have set_reply_close()
>in config, therefore the connection is closed after sending the reply.
>
>Cheers,
>Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140909/18e668b4/attachment.html>
More information about the sr-users
mailing list