[SR-Users] Problems establishing SIP signaling between MsTeams and Kamailio
Daniel-Constantin Mierla
miconda at gmail.com
Thu Jan 7 08:52:59 CET 2021
Does this happen when Kamailio connects to MS Teams? The logs indicate
the received TLS certificate is not trusted:
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
You can set debug=3 in kamailio.cfg and see if the DEBUG messages
provide more hints. For me it worked fine with Letsencrypt certs in
Kamailio and accepting what ever MS sent back. I used Debian 10 and
libssl 1.1.
Cheers,
Daniel
On 06.01.21 21:47, Willy Valles Rios wrote:
>
> Hello community,
>
>
> I am having trouble establishing SIP signaling between MsTeams and
> Kamailio. I currently have this configuration in my tls.cfg file
>
>
> [server: default]
>
> method = TLSv1.2 +
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/certificates/private-key.pem
>
> certificate = /etc/kamailio/certificates/certificate.pem
>
>
> [client: default]
>
> method = TLSv1.2 +
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/certificates/private-key.pem
>
> certificate = /etc/kamailio/certificates/certificate.pem
>
>
> My domain was certified with ssl through an authoritative certifier
> (GoDaddy), however I see these errors in the / var / log / messages of
> the Kamailio server.
>
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_mod.c:389]: mod_init(): With ECDH-Support!
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_mod.c:392]: mod_init(): With Diffie Hellman
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
> "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
> compression: on
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_init.c:730]: tls_h_mod_init_f(): installed openssl library
> version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos
> support: on, zlib compression: on#012 compiler: gcc -I. -I..
> -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
> -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g
> -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector-strong --param=ssp-buffer-size=4
> -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
> -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
> -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
> -DGHASH_ASM -DECP_NISTZ256_ASM
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
> [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem
> leaks on low memory) workaround enabled (on low memory tls operations
> will fail preemptively) with free memory thresholds 13107200 and
> 6553600 bytes
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has
> been changed to 13107200
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has
> been changed to 6553600
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 -
> pkg size: 4194304
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is
> initially 212992
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is
> finally 425984
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
> certificate='/etc/kamailio/certificados/certificate.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
> private_key='/etc/kamailio/certificados/private-key.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
> [tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name
> callback handler for socket [:0], server_name='' ...
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:697]: set_verification(): TLSs: Client MUST present
> valid certificate
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
> certificate='/etc/kamailio/certificados/certificate.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
> private_key='/etc/kamailio/certificados/private-key.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:697]: set_verification(): TLSc: Server MUST present
> valid certificate
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO:
> jsonrpcs [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child
> 0/32422
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
> [io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt
> io watch method (config)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error
> reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error
> reading - c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error
> reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
>
>
> Could you help me identify the problem please.
>
>
> Cheers
>
>
> Saludos Cordiales
> --
> _Willy Valles Rios_
> *Unified Communications Specialist*
> *
> *
> phone: +51955747343
> em at il: willyvalles17 at gmail.com <mailto:willyvalles17 at gmail.com>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210107/e52cee9f/attachment.htm>
More information about the sr-users
mailing list