[SR-Users] TLS testing (with sipp)

Julien Chavanton jchavanton at gmail.com
Thu Dec 19 17:06:14 CET 2019 

Hi, I guess I was the one stretching it :)

If you need to generate a cert, check EFF let's encrypt, here is one
example to get a cert with HTTP validation

#!/bin/bash


iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo docker run -it --rm --name certbot \
        --net=host \
        -v "/etc/letsencrypt:/etc/letsencrypt" \
        -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
        certbot/certbot certonly --eff-email --agree-tos -m use at domain.com
--standalone --preferred-challenges http -d $1
iptables -D INPUT -p tcp --dport 80 -j ACCEPT
if [ "$2" == "copy" ]
then
        cp /etc/letsencrypt/live/$1/fullchain.pem tls/certificate.pem
        cp /etc/letsencrypt/live/$1/privkey.pem tls/key.pem
fi


On Thu, Dec 19, 2019 at 6:20 AM Sebastian Damm <damm at sipgate.de> wrote:

> Hi Julien,
>
> I had been thinking quite a while before posting it here, and maybe I
> shouldn't have mentioned the sipp SSL error. But I thought, end2end
> testing of kamailio setups could be of general interest from a
> Kamailio user point of view. And I hoped to get suggestions on how to
> do it.
>
> Thanks for the link to voip_patrol. I'm already playing with it. Still
> stuck with needing a client certificate, though. I shouldn't need that
> for a client, I'd think. But I'll try my best.
>
> Regards,
> Sebastian
>
> On Wed, Dec 18, 2019 at 7:31 PM Julien Chavanton <jchavanton at gmail.com>
> wrote:
> >
> > Hi Sebastian, this is off topic for the Kamailio mailing list.
> >
> > You can use Voip_patrol :
> > https://github.com/jchavanton/voip_patrol
> >
> > Once you have your certificate, key and ca_list in default location
> > ./voip_patrol -c ./xml/tls.xml
> >
> > [18:24:51.800][INFO] main: TLS tcfg.tlsConfig.ca_list
> :tls/ca_list.pem
> > [18:24:51.800][INFO] main: TLS tcfg.tlsConfig.certFile
>  :tls/certificate.pem
> > [18:24:51.800][INFO] main: TLS tcfg.tlsConfig.privKeyFile  :tls/key.pem
> >
> > tls.xml
> >
> > <?xml version="1.0"?>
> > <config>
> >     <actions>
> >         <action type="register" transport="tls"
> expected_cause_code="200" username="VP_ENV_USERNAME"
> password="VP_ENV_PASSWORD" realm="domain.com" registrar="ep.domain.com"/>
> >         <action type="wait" complete/>
> >         <action type="accept" account="VP_ENV_USERNAME"
> max_duration="20" hangup="5"/>
> >         <action type="call"  transport="tls"
> >             wait_until="3" expected_cause_code="200"
> >             caller="12062349971 at 1.1.1.1" callee="
> 12012343238 at ep.domain.com" max_duration="15" hangup="5"
> >             username="VP_ENV_USERNAME" password="VP_ENV_PASSWORD" realm="
> domain.com"
> >         />
> >         <action type="wait" complete/>
> >     </actions>
> > </config>
> >
> > On Wed, Dec 18, 2019 at 8:34 AM Sebastian Damm <damm at sipgate.de> wrote:
> >>
> >> Hi,
> >>
> >> I'm trying to construct an end-to-end encrypted signalling test
> >> through our setup. I thought I could use sipp for that, as it supports
> >> TLS according to the man page. However, when I try to run it, I get
> >> this error:
> >>
> >> FI_init_ssl_context: SSL_CTX_use_certificate_file failed.
> >>
> >> I searched the web; however, all similar questions end up without
> >> answers. I tried specifying a local key and cert without success. I'd
> >> think I should not need a cert for my client, though.
> >>
> >> Has anyone ever successfully conducted an automated TLS test? I'm open
> >> to using a different tool if necessary.
> >>
> >> Thanks for all hints or examples.
> >>
> >> Regards,
> >> Sebastian
> >>
> >> --
> >> Sebastian Damm
> >> Voice Engineer
> >> __________________________________________
> >> sipgate GmbH
> >> Gladbacher Straße 74 | 40219 Düsseldorf
> >>
> >> _______________________________________________
> >> Kamailio (SER) - Users Mailing List
> >> sr-users at lists.kamailio.org
> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> --
> Sebastian Damm
> Voice Engineer
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191219/af4c43c5/attachment.html>

More information about the sr-users mailing list