[Kamailio-Users] Testing of Kamailio TLS with Sipp TLS

Hemanshu Patel hemanshu.patel at saicare.com
Thu Feb 18 10:08:11 CET 2010 

i had created user certificate during process,which i set in kamailio
config file.
When i gave same certificate and private key to sipp...then it works..


but i am not sure if this is the right way.

Becaue i also for testing created another certificates signed by same
rootCA, and when imported those to sipp....they didnt work...


i am confused...that am i using TLS the way it should be or not?

can anyone suggest some nice docs/tutorials about TLS? pls dont just give
me google results..



-- 
Regards,

Hemanshu Patel

M: 09601295238



> Hello friendsm,
>
> I am testing TLS feature of both kamailio and Sipp.
>
> I first downloaded kamailio 1.5.x TLS supported version, uncommented TLS=1
> from Makefiel and then build the kamailio.
> first i test kamailio without TLS with sipp for registration and
> everything works file.
>
> Then i follow "http://www.kamailio.org/docs/tls-devel.html" and creates
> rootCA, user certificates and all configuration parameters to kamailio.cfg
> file
>
> Config paras are as below:
>
>
> /* uncomment the following lines to enable TLS support  (default off) */
> disable_tls = no
> listen = tls:172.16.16.218:5091
> tls_verify_server = 1
> tls_verify_client = 1
> tls_require_client_certificate = 1
> tls_method = TLSv1
> tls_certificate =
> "/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-cert.pem"
> tls_private_key =
> "/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-privkey.pem"
> tls_ca_list     =
> "/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-calist.pem"
>
>
> and restart kamailio server
>
> It works and i can see via netstat on port 5091.
>
> but when i starts sipp it gives me following error.
>
> [hemanshu at localhost sipp.3.1]$ ./sipp -sf ./data/rauth.xml -inf
> ./data/user.csv -r 1 -m 1 -trace_err -trace_stat -nd -fd 1 -i
> 172.16.16.218 172.16.16.218:5091 -t l1
> 2010-02-18      13:51:40:244    1266481300.244432: FI_init_ssl_context:
> SSL_CTX_use_certificate_file failed.
>
>
> I know i have built sipp with TLS support, then i can not figure out where
> is the problem.
> Sipp says user certification file failed ..but client doesnt need any
> certification file...or does it?
>
> i even tried with  tls_verify_client = 1 , tls_require_client_certificate
> = 1, playing with different combinations...but still same ans.
>
>
> Can anyone suggest me what could be wrong?
> Have i made any mistake in configuring kamailio or theres some problem in
> SIPP.
>
>
>
>
>
> --
> Regards,
>
> Hemanshu Patel
>
> M: 09601295238
>
>
> _______________________________________________
> Kamailio (OpenSER) - Users mailing list
> Users at lists.kamailio.org
> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
>

More information about the Users mailing list