<div dir="ltr"><div>Hello Daniel:</div><div><br></div>Trying it, accessing via Browser here is the log, similarities with the access via SIPML5, no errors, no warnings (at least as far as I can see):<div><br></div><div><div> DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 123.123.123.123</div><div> DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port 58654, type 3</div><div> DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes: 263:3337:1427, 5</div><div> DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22</div><div> DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x89bda0, 34, -1, 0x0) fd_no=23 called</div><div> DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1</div><div> DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 0 11(1700) for activity on [tls:<a href="http://124.124.124.124:10443">124.124.124.124:10443</a>], 0x7f72f4768638</div><div> DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8 con=0x7f72f4768638, fd=11</div><div> DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain TLSs<default></div><div> DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started</div><div> DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...</div><div> DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=2060 fd=11</div><div> DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003</div><div> DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1</div><div> DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake done</div><div> DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable renegotiation</div><div> DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful</div><div> DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection from <a href="http://123.123.123.123:58654">123.123.123.123:58654</a> using TLSv1/SSLv3 AES256-SHA 256</div><div> DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket: <a href="http://124.124.124.124:10443">124.124.124.124:10443</a></div><div> DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not present a certificate</div><div> DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...</div><div> DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=282 fd=11</div><div> DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003</div><div> DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f72f4768638, FD 11</div><div> DEBUG: <core> [tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF</div><div> DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called</div><div> DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con 0x7f72f4768638, state -1, fd=11, id=5</div><div> DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data 0x7f72f47915b0</div><div> DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child: reader response= 7f72f4768638, -1 from 0</div><div> DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection 0x7f72f47915b0</div><div> DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection: 123.123.123.123</div><div> DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port 58656, type 3</div><div> DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes: 313:3383:1453, 6</div><div> DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22</div><div> DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x89bda0, 34, -1, 0x0) fd_no=23 called</div><div> DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1</div><div> DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 1 12(1701) for activity on [tls:<a href="http://124.124.124.124:10443">124.124.124.124:10443</a>], 0x7f72f4768638</div><div> DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8 con=0x7f72f4768638, fd=11</div><div> DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain TLSs<default></div><div> DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started</div><div> DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...</div><div> DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=2060 fd=11</div><div> DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003</div><div> DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1</div><div> DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake done</div><div> DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable renegotiation</div><div> DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful</div><div> DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection from <a href="http://123.123.123.123:58656">123.123.123.123:58656</a> using TLSv1/SSLv3 AES256-SHA 256</div><div> DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket: <a href="http://124.124.124.124:10443">124.124.124.124:10443</a></div><div> DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not present a certificate</div><div> DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...</div><div> DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=282 fd=11</div><div> DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003</div><div> DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:</div><div> DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <GET></div><div> DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: </></div><div> DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version: <HTTP/1.1></div><div> DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of header</div><div> DEBUG: <core> [receive.c:152]: receive_msg(): After parse_msg...</div><div> DEBUG: xhttp [xhttp_mod.c:358]: xhttp_handler(): new fake msg created (425 bytes):#012<GET / HTTP/1.1#015#012Via: SIP/2.0/TLS <a href="http://123.123.123.123:58656#015#012Host">123.123.123.123:58656#015#012Host</a>: <a href="http://domain.com:10443#015#012Connection">domain.com:10443#015#012Connection</a>: keep-alive#015#012Cache-Control: max-age=0#015#012Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8#015#012User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36#015#012Accept-Encoding: gzip,deflate#015#012Accept-Language: es,en-GB;q=0.8,en;q=0.6,fr;q=0.4#015#012#015#012></div><div> DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:</div><div> DEBUG: <core> [parser/msg_parser.c:625]: parse_msg(): method: <GET></div><div> DEBUG: <core> [parser/msg_parser.c:627]: parse_msg(): uri: </></div><div> DEBUG: <core> [parser/msg_parser.c:629]: parse_msg(): version: <HTTP/1.1></div><div> DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header reached, state=5</div><div> DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): parse_headers: Via found, flags=2</div><div> DEBUG: <core> [parser/msg_parser.c:515]: parse_headers(): parse_headers: this is the first via</div><div> INFO: <script>: HTTP Request Received</div><div> DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of header</div><div> DEBUG: sl [sl.c:288]: send_reply(): reply in stateless mode (sl)</div><div> DEBUG: <core> [msg_translator.c:204]: check_via_address(): check_via_address( 123.123.123.123, 123.123.123.123, 0)</div><div> DEBUG: <core> [tcp_main.c:2320]: tcpconn_send_put(): tcp_send: send from reader (1701 (12)), reusing fd</div><div> DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...</div><div> DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=165 fd=11</div><div> DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#027#003#003</div><div> DEBUG: <core> [tcp_main.c:3624]: handle_ser_child(): handle_ser_child: read response= 7f72f4768638, -1, fd -1 from 12 (1701)</div><div> DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection 0x7f72f47915b0</div><div> DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)</div><div> message repeated 5 times: [ DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)]</div><div> DEBUG: <core> [xavp.c:448]: xavp_destroy_list(): destroying xavp list (nil)</div><div> DEBUG: <core> [receive.c:296]: receive_msg(): receive_msg: cleaning up</div><div> DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called</div><div> DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con 0x7f72f4768638, state -2, fd=11, id=6</div><div> DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data 0x7f72f47915b0</div><div> DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child: reader response= 7f72f4768638, -2 from 1</div></div><div><br></div><div>Regards and thanks for your time</div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><br><div><b><font face="verdana, sans-serif" size="4">Manuel Camargo</font></b></div><div><font face="verdana, sans-serif">Teléfono: 638000836<br>eMail: <a href="mailto:sir.louen@gmail.com" target="_blank">sir.louen@gmail.com</a><br></font></div><div><a href="https://twitter.com/SirLouen" target="_blank"><img src="https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcTZnSvzRAcTe36mGzv-aQeLImXnrw6H9EE64XEeViENzIm02f3X" width="200" height="70"></a><br></div><div><a href="http://es.linkedin.com/in/louen" style="font-family:'Times New Roman';font-size:medium" target="_blank"><img src="http://www.linkedin.com/img/webpromo/btn_viewmy_160x33_es_ES.png?locale=" alt="Ver el perfil de Manuel Camargo Lominchar en LinkedIn" border="0" height="33" width="160"></a><br><br></div></div></div>
<br><div class="gmail_quote">2014-09-08 14:57 GMT+02:00 Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
if you run latest versions of web browsers, they become more
restrictive on wss connection. Be sure that the cetificate is also
trusted by the web browser.<br>
<br>
You can go with the web browser to https://ipofkamailio:portforwss
and see if you get any warnings there.<br>
<br>
Cheers,<br>
Daniel<div><div class="h5"><br>
<br>
<div>On 06/09/14 17:23, Manuel Camarg wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div>I'm trying to implement WSS with Kamailio</div>
<div>Thing is that WS works fine, I've followed:</div>
<div><a href="http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket" target="_blank">http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket</a><br>
</div>
<div><br>
</div>
<div>modparam("tls", "config", "webrtc/tls.cfg")<br>
</div>
<div>In a tls.cfg file I have :</div>
<div><br>
</div>
<div>
<div>[server:default]</div>
<div>method = SSLv23</div>
<div>verify_certificate = no<br>
</div>
<div>require_certificate = no</div>
<div>private_key = webrtc/private.key<br>
</div>
<div>certificate = webrtc/ssl.pem</div>
<div>ca_list = webrtc/ca_list.pem<br>
</div>
</div>
<div><br>
</div>
<div>In the log file:</div>
<div><br>
</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: tls
[tls_server.c:178]: tls_complete_init(): Using TLS domain
TLSs<default></div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: tls
[tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake
started</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f7513516958 n=5524 fd=11</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x8e0040,
11, 2, 0x7f7513516958), fd_no=1</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: tls
[tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake
done</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: tls
[tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable
renegotiation</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: tls
[tls_server.c:348]: tls_accept(): TLS accept successful</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: tls
[tls_server.c:355]: tls_accept(): tls_accept: new connection
from <a href="http://123.123.123.123:63300" target="_blank">123.123.123.123:63300</a>
using TLSv1/SSLv3 AES256-SHA 256</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: tls
[tls_server.c:358]: tls_accept(): tls_accept: local socket: <a href="http://124.124.124.124:10443" target="_blank">124.124.124.124:10443</a></div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: tls
[tls_server.c:369]: tls_accept(): tls_accept: client did not
present a certificate</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7f7513516958 n=282 fd=11</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[tcp_main.c:2591]: tcpconn_do_send(): tcp_send:
buf=#012#026#003#003</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[tcp_read.c:296]: tcp_read_data(): EOF on 0x7f7513516958, FD
11</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x8e0040,
11, -1, 0x10) fd_no=2 called</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[tcp_read.c:1437]: release_tcpconn(): releasing con
0x7f7513516958, state -1, fd=11, id=2</div>
<div>/usr/local/sbin/kamailio[4025]: DEBUG: <core>
[tcp_read.c:1438]: release_tcpconn(): extra_data
0x7f7513510a88</div>
<div>/usr/local/sbin/kamailio[4029]: DEBUG: <core>
[tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child:
reader response= 7f7513516958, -1 from 1</div>
<div>/usr/local/sbin/kamailio[4029]: DEBUG: tls
[tls_server.c:597]: tls_h_close(): Closing SSL connection
0x7f7513510a88</div>
<div><br>
</div>
<div>In sipml5 the error:</div>
<div><br>
</div>
<div><i>Disconnected: <b>Failed
to connect to the server</b></i></div>
<div><br>
</div>
<div>In the Chrome console:<br>
</div>
<div><br>
</div>
<div><i style="text-align:center;background-color:rgb(245,245,245)"><b><font face="Helvetica Neue, Helvetica, Arial,
sans-serif" color="#333333"><span style="line-height:18px">__tsip_transport_ws_onerror </span></font><br>
</b></i></div>
<div><i style="text-align:center;background-color:rgb(245,245,245)"><b><font face="Helvetica Neue, Helvetica, Arial,
sans-serif" color="#333333"><span style="line-height:18px">__tsip_transport_ws_onclose </span></font></b></i></div>
<div><i style="text-align:center;background-color:rgb(245,245,245)"><b><font face="Helvetica Neue, Helvetica, Arial,
sans-serif" color="#333333"><span style="line-height:18px"><br>
</span></font></b></i></div>
<div>SSL certificates seem to be ok:</div>
<div>
<div># openssl verify -CAfile ca_list.pem ssl.pem</div>
<div>ssl.pem: OK</div>
</div>
<div><br>
</div>
<div>Can't figure out a solution :( Any ideas?<br>
</div>
<div>
<div dir="ltr"><br>
<div><b><font face="verdana, sans-serif" size="4">Manuel
Camargo</font></b></div>
<div><font face="verdana, sans-serif">Teléfono: <a href="tel:638000836" value="+34638000836" target="_blank">638000836</a><br>
eMail: <a href="mailto:sir.louen@gmail.com" target="_blank">sir.louen@gmail.com</a></font></div>
<div><br>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre cols="72">--
Daniel-Constantin Mierla
<a href="http://twitter.com/#!/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/miconda</a>
Next Kamailio Advanced Trainings 2014 - <a href="http://www.asipto.com" target="_blank">http://www.asipto.com</a>
Sep 22-25, Berlin, Germany</pre>
</font></span></div>
</blockquote></div><br></div>