[SR-Users] sip over tls is not working

Klaus Darilion klaus.mailinglists at pernau.at
Wed Jul 11 14:25:50 CEST 2012 

Does it work with your web browser?

https://ip.address.ofyour.proxy:5061/

At least the TLS handshake should work.

If you add the following snippet to your config you should also see the 
response in your browser:

event_route[xhttp:request] {
         xhttp_reply("200", "OK", "text/html","<html><body>OK - $hu - 
[$si:$sp]</body></html>");
}


regards
Klaus


On 10.07.2012 12:44, Aft nix wrote:
> On Mon, Jul 9, 2012 at 10:24 PM, Daniel-Constantin Mierla
> <miconda at gmail.com> wrote:
>> Hello,
>>
>> also, can you provide more details about the case? Is it with the very first
>> connection or you do some load testing and at some point you get this issue?
>>
>
> No, its not a part of load testing. it happens on the first connection.
>
>> Can you reproduce it always?
>
> Yes i can reproduce it.
>
>> Do you set different number of workers per
>> socket? What is the output of 'kamctl ps'?
>
> No. both are 4. (udp and tls )
>
> I have downgraded the lab machine to do some testing. so i can't give
> kamctl ps of the faulty
> installation at this moment. kamailio-3.2.x is deployed in our
> production servers, and it worked flawlessly.
>
> this is the output of kamctl ps from a 3.2.x. it uses the same config
> file as i was using with git master branch.
>
> [root at server kamailio-3.2.3]# kamctl ps
> Process::  ID=0 PID=31109 Type=attendant
> Process::  ID=1 PID=31110 Type=udp receiver child=0 sock=<IP>:<PORT>
> Process::  ID=2 PID=31111 Type=udp receiver child=1 sock=<IP>:<PORT>
> Process::  ID=3 PID=31112 Type=udp receiver child=2 sock=<IP>:<PORT>
> Process::  ID=4 PID=31113 Type=udp receiver child=3 sock=<IP>:<PORT>
> Process::  ID=5 PID=31114 Type=slow timer
> Process::  ID=6 PID=31115 Type=timer
> Process::  ID=7 PID=31116 Type=MI FIFO
> Process::  ID=8 PID=31117 Type=ctl handler
> Process::  ID=9 PID=31118 Type=TIMER NH
> Process::  ID=10 PID=31119 Type=tcp receiver child=0
> Process::  ID=11 PID=31120 Type=tcp receiver child=1
> Process::  ID=12 PID=31121 Type=tcp receiver child=2
> Process::  ID=13 PID=31122 Type=tcp receiver child=3
> Process::  ID=14 PID=31123 Type=tcp main process
>
>>
>> Have you tried with 3.3 branch as well or just master branch?
>>
>
> I've got this in master branch. haven't tried it with 3.3 branch.
>
> On the side note similar issue was reported by a guy earlier this year
> in this list which went
> unnoticed. here is the link to that mail :
>
> http://lists.sip-router.org/pipermail/sr-users/2012-April/072683.html
>
> His issue seems similar to me.
>
> Cheers
>> Cheers,
>> Daniel
>>
>>
>> On 7/9/12 3:04 PM, Klaus Darilion wrote:
>>>
>>> Use wireshark to analyze the TLS handshake
>>>
>>> regards
>>> klaus
>>>
>>> On 09.07.2012 13:27, Aft nix wrote:
>>>>
>>>> Hi,
>>>>
>>>> I have enabled tls parameters as follows:
>>>>
>>>> in kamailio.cfg
>>>>
>>>> listen = tls:<IP>:<PORT>
>>>>
>>>> in tls.cfg
>>>>
>>>> [server:<IP>:<PORT>]
>>>> method = TLSv1
>>>> verify_certificate = no
>>>> require_certificate = no
>>>> private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
>>>> certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
>>>>
>>>> Now if i try to connect to this interface using openssl s_client, it
>>>> does connects,
>>>> but now server certificate is sent from kamailio.
>>>>
>>>> kamailio log shows this :
>>>>
>>>>     <core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
>>>>     <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
>>>>     <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
>>>>     <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
>>>> 0xb5701580), fd_no=11
>>>>     <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
>>>> fd_no=12 called
>>>>     <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
>>>>     <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
>>>>    connection passed to the least busy one (3289651)
>>>>     <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
>>>> [tls:<IP>:<PORT>], 0xb5701580
>>>>     <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid
>>>> 2491)
>>>>
>>>> I'm using kamailio from git. its updated to the latest.
>>>> Thanks in advance.
>>>>
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>> --
>> Daniel-Constantin Mierla - http://www.asipto.com
>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 -
>> http://asipto.com/u/katu
>> Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 -
>> http://asipto.com/u/kpw
>>
>
>
>

More information about the sr-users mailing list