[SR-Users] TLS Handshake failing with WSS

Daniel-Constantin Mierla miconda at gmail.com
Wed Sep 10 18:32:56 CEST 2014 

The set_reply_close() should be removed from there.

For digest authentication, simply use the same functions as for sip 
(e.g., from auth/auth_db modules).

Cheers,
Daniel

On 09/09/14 16:49, Manuel Camarg wrote:
> According to this article I mentioned in the beginning:
>
> http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket
>
> In http:request they do straight away the set_reply_close();
>
> I don't know exactly if this kamailio.cfg implementation may be useful 
> for working with WSS:
>
> event_route[xhttp:request] {
> set_reply_close();
> set_reply_no_connect();
>
> if ($Rp != MY_WS_PORT
> #!ifdef WITH_TLS
>      && $Rp != MY_WSS_PORT
> #!endif
> ) {
>   xlog("L_WARN", "HTTP request received on $Rp\n");
>   xhttp_reply("403", "Forbidden", "", "");
>   exit;
> }
>
> xlog("L_DBG", "HTTP Request Received\n");
>
> if ($hdr(Upgrade)=~"websocket"
>    && $hdr(Connection)=~"Upgrade"
>    && $rm=~"GET") {
>
>   # Validate Host - make sure the client is using the correct
>   # alias for WebSockets
>   if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
>    xlog("L_WARN", "Bad host $hdr(Host)\n");
>    xhttp_reply("403", "Forbidden", "", "");
>    exit;
>   }
>
>   # Optional... validate Origin - make sure the client is from an
>   # authorised website.  For example,
>   #
>   # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
>   #     && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
>   # xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
>   # xhttp_reply("403", "Forbidden", "", "");
>   # exit;
>   # }
>
>   # Optional... perform HTTP authentication
>
>   # ws_handle_handshake() exits (no further configuration file
>   # processing of the request) when complete.
>   if (ws_handle_handshake())
>   {
>    # Optional... cache some information about the
>    # successful connection
>    exit;
>   }
> }
>
> HTTP authentication is not being properly set up. Any indications on 
> how to perform this sucessfully?
>
> Kind regards
>
> Manuel
>
>
> >Hello,
> >
> >from the logs you sent now, it appears that you have set_reply_close()
> >in config, therefore the connection is closed after sending the reply.
> >
> >Cheers,
> >Daniel

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany

More information about the sr-users mailing list