[Kamailio-Users] Error in Registration with TLS on

Hemanshu Patel hemanshu.patel at saicare.com
Mon Feb 22 05:49:51 CET 2010


 I was checking the occurrence of the particular error and i came across a
line in code which is in tls/tls_server.c +263

ret = SSL_accept(ssl);

This function fails and gives the error.
I am looking further, meanwhile if someone have any clue, please let me
know about the same.


-- 
Regards,

Hemanshu Patel

M: 09601295238

>
> Dear friends,
>
> Since last few days i am working on Kamailio with TLS support. I had
> followed each and every steps in installation docs...created certificates
> as well.
>
> Then i started testing the server with TLS on using SIPP. First i didnt
> added any certificate to SIPP, and Registration wasnt happening...
> When i added a certificate and key to SIPP....it started working fine....i
> was been able to test Registrations Successfully.
>
> Then i started working with one open source soft phone supporting TLS
> named mumble. IT Supports. Now i hadnt added any certificate to Mumblem.
>
> In my settings of kamailio i have set clietn_verify = 0  and
> require_client_certificate = 0. So without certificate as well i should be
> able to Authenticate my self successfully.
> Instead it gives following error in kamailio log:
>
>
>
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:print_ip:
> tcpconn_new: new tcp connection to: 172.16.16.218
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_new: on
> port 58125, type 3
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connection
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_tcpconn_init: looking up socket based TLS server domain
> [172.16.16.218:5091]
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_find_server_domain: socket based TLS server domain found
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_tcpconn_init: found socket based TLS server domain
> [172.16.16.218:5091]
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server)
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_add:
> hashes: 929, 1
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
> DBG:core:handle_new_connect: new connection: 0x7fd6f4a58208 23 flags: 0002
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:send2child: to
> tcp child 0 0(3296), 0x7fd6f4a58208
> Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:handle_io:
> received n=8 con=0x7fd6f4a58208, fd=18
> Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_add:
> io_watch_add(0x73a0a0, 18, 2, 0x7fd6f4a58208), fd_no=1
> Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:tls_update_fd:
> New fd is 18
> Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: ERROR:core:tls_accept:
> SSL_accept failed: SSL_ERROR_SSL
> Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_del:
> io_watch_del (0x73a0a0, 18, -1, 0x10) fd_no=2 called
> Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn:
>  releasing con 0x7fd6f4a58208, state -2, fd=18, id=1
> Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn:
>  extra_data 0x7fd6f4a683a0
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
> DBG:core:handle_tcp_child: reader response= 7fd6f4a58208, -2 from 0
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_destroy:
> destroying connection 0x7fd6f4a58208, flags 0002
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_close:
> closing SSL connection
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_update_fd:
> New fd is 23
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_shutdown:
> shutdown successful
> Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_tcpconn_clean: Cleanup function entered
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:print_ip:
> tcpconn_new: new tcp connection to: 172.16.16.218
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_new: on
> port 58126, type 3
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connection
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_tcpconn_init: looking up socket based TLS server domain
> [172.16.16.218:5091]
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_find_server_domain: socket based TLS server domain found
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_tcpconn_init: found socket based TLS server domain
> [172.16.16.218:5091]
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server)
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_add:
> hashes: 930, 2
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
> DBG:core:handle_new_connect: new connection: 0x7fd6f4a58208 23 flags: 0002
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:send2child: to
> tcp child 0 0(3296), 0x7fd6f4a58208
> Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:handle_io:
> received n=8 con=0x7fd6f4a58208, fd=18
> Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_add:
> io_watch_add(0x73a0a0, 18, 2, 0x7fd6f4a58208), fd_no=1
> Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:tls_update_fd:
> New fd is 18
> Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: ERROR:core:tls_accept:
> SSL_accept failed: SSL_ERROR_SSL
> Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_del:
> io_watch_del (0x73a0a0, 18, -1, 0x10) fd_no=2 called
> Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn:
>  releasing con 0x7fd6f4a58208, state -2, fd=18, id=2
> Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn:
>  extra_data 0x7fd6f4a683a0
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
> DBG:core:handle_tcp_child: reader response= 7fd6f4a58208, -2 from 0
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_destroy:
> destroying connection 0x7fd6f4a58208, flags 0002
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_close:
> closing SSL connection
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_update_fd:
> New fd is 23
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_shutdown:
> shutdown successful
> Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
> DBG:core:tls_tcpconn_clean: Cleanup function entered
>
>
> And in Mumble soft phone log it gives me following Error:
>
> [9:50 AM] Welcome to Mumble.
> [9:50 AM] Server connection failed: Error during SSL handshake:
> error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure.
> [9:51 AM] Reconnecting.
> [9:51 AM] Server connection failed: Error during SSL handshake:
> error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure.
> [9:51 AM] Reconnecting.
> [9:51 AM] Server connection failed: Error during SSL handshake:
> error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure.
> [9:51 AM] Reconnecting.
> [9:51 AM] Server connection failed: Error during SSL handshake:
> error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure.
>
>
> Can any one suggest what could be the problem?
> My Server works great with SIPP with TLS....so i dont think theres any
> config related error and i have set client_require_certificate = 0 thats
> for sure....
>
> In real life scenario, hard or soft phones wont have certificates...so
> they should be able to connect to server and authenticate/Authorize
> themselves if server has valid certificate.But its not happening. So i
> need help from experienced guys....
>
>
>
> --
> Regards,
>
> Hemanshu Patel
>
> M: 09601295238
>
>
>
>
> _______________________________________________
> Kamailio (OpenSER) - Users mailing list
> Users at lists.kamailio.org
> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
>





More information about the Users mailing list