Dear Klaus<br>The certificate verification I have disabled.<br><br>Facing a new problem.<br>When there is a connection reset, that time Kamailio is crashing.<br>During crash, I get below logs. Any idea why it is crashing and how can I avoid it.<br>
<br><i>oot@B2BUA:/usr/local/src/scripts# 9(9557) : <core> [mem/q_malloc.c:431]: BUG: qm_free: bad pointer (nil) (out of memory block!) - aborting<br> 0(9548) ALERT: <core> [main.c:742]: child process 9557 exited by a signal 6<br>
0(9548) ALERT: <core> [main.c:745]: core was generated<br> 0(9548) INFO: <core> [main.c:757]: INFO: terminating due to SIGCHLD<br> 6(9554) INFO: <core> [main.c:808]: INFO: signal 15 received<br> 8(9556) INFO: <core> [main.c:808]: INFO: signal 15 received<br>
4(9552) INFO: <core> [main.c:808]: INFO: signal 15 received<br> 5(9553) INFO: <core> [main.c:808]: INFO: signal 15 received<br> 3(9551) INFO: <core> [main.c:808]: INFO: signal 15 received<br> 7(9555) INFO: <core> [main.c:808]: INFO: signal 15 received<br>
1(9549) INFO: <core> [main.c:808]: INFO: signal 15 received<br> 2(9550) INFO: <core> [main.c:808]: INFO: signal 15 received<br> 0(9548) : <core> [mem/q_malloc.c:431]: BUG: qm_free: bad pointer (nil) (out of memory block!) - aborting<br>
<br><br>THANKS<br>kamal<br></i><br><div class="gmail_quote">On Thu, Oct 25, 2012 at 7:43 PM, Klaus Darilion <span dir="ltr"><<a href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@pernau.at</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Kamal!<br>
<br>
Are you familiar with SSL/TLS and certificates? With TLS the trust between TLS server and TLS client is usually via a trusted certification authority (CA). For example, if the intermediate proxy uses a certificate which is issued by CA FOOBAR-XYZ, the you have to configure Kamailio to accept certificates singed by FOOBAR-XYZ. This is done by copying the public root certificate of FOOBAR-XYZ to the Kamailio server and configure Kamailio to use the FOOBAR-XYZ certificate as trusted CA. Of course then you automatically also trust all others certificates issued by FOOBAR-XYZ.<br>
<br>
To configure the trusted CAs use:<br>
<a href="http://kamailio.org/docs/modules/3.3.x/modules/tls.html#ca_list" target="_blank">http://kamailio.org/docs/<u></u>modules/3.3.x/modules/tls.<u></u>html#ca_list</a><br>
<br>
You could also disable the certificate validation with:<br>
<a href="http://kamailio.org/docs/modules/3.3.x/modules/tls.html#verify_certificate" target="_blank">http://kamailio.org/docs/<u></u>modules/3.3.x/modules/tls.<u></u>html#verify_certificate</a><br>
<br>
But of course this reduces TLS benefits to encryption-only.<br>
<br>
regards<br>
Klaus<div class="im"><br>
<br>
On 22.10.2012 13:53, Kamal Palei wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
Dear All<br>
I have modified kamailio,cfg and compiled all the modules with TLS<br>
enabled, and able to bring up the kamailio proxy properly.<br>
<br>
Kamailio proxy will receive the REGISTER message from endpoints in UDP ,<br>
and want to send this REGISTER message to another intermediate proxy in<br>
TLS. For this purpose, I have added few lines in kamailio.cfg file as below.<br>
<br>
I have created the certificates, private keys as explained by README<br>
file in kamailio-3.1.5/modules/tls/ path.<br>
<br>
if(is_method("REGISTER"))<br>
{<br>
t_relay_to("tls:<a href="http://115.114.48.75:443" target="_blank">115.114.48.75:<u></u>443</a><br></div>
<<a href="http://115.114.48.75:443" target="_blank">http://115.114.48.75:443</a>>");<div class="im"><br>
exit();<br>
}<br>
<br>
Looks like this is taking effect. When Kamailio receives REGISTER<br>
message it is trying to do handshake with intermediate proxy.<br>
I used wireshark to see the handshake messages.<br>
<br>
1. From Kamailio proxy, a TCP SYNC message is going to intermediate proxy.<br>
2. intermediate proxy sends SYNC + ACK<br>
3. Kamailio sends CLIENT HELLO<br>
4. intermediate proxy sends SERVER HELLO, CERTIFICATE and SERVER HELLO DONE<br>
5. The Kamailio sends ALERT (Level: Fatal, Description: Unknown CA)<br>
---> IS something going wrong here..............<br>
6. Then Kamailio sends FIN + ACK<br>
<br>
Can somebody please let me know why the certificate verification fails<br>
(I get this log in console).<br>
How can I put a work around to avoid certification verification failure.<br>
<br>
Best Regards<br>
kamal<br>
<br>
<br>
<br>
<br></div>
______________________________<u></u>_________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/<u></u>cgi-bin/mailman/listinfo/sr-<u></u>users</a><br>
<br>
</blockquote>
</blockquote></div><br>