From klaus.mailinglists@pernau.at Wed Jul 11 14:25:57 2012
From: Klaus Darilion <klaus.mailinglists@pernau.at>
To: sr-users@lists.kamailio.org
Subject: Re: [SR-Users] sip over tls is not working
Date: Wed, 11 Jul 2012 14:25:50 +0200
Message-ID: <4FFD70CE.6020404@pernau.at>
In-Reply-To:
 <CAGuaRCuYLyNJtp-qkRDdACF5g7mQsVRo7BoYKTz4vYAXxir-ug@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0237769260=="

--===============0237769260==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Does it work with your web browser?

https://ip.address.ofyour.proxy:5061/

At least the TLS handshake should work.

If you add the following snippet to your config you should also see the=20
response in your browser:

event_route[xhttp:request] {
         xhttp_reply("200", "OK", "text/html","<html><body>OK - $hu -=20
[$si:$sp]</body></html>");
}


regards
Klaus


On 10.07.2012 12:44, Aft nix wrote:
> On Mon, Jul 9, 2012 at 10:24 PM, Daniel-Constantin Mierla
> <miconda(a)gmail.com> wrote:
>> Hello,
>>
>> also, can you provide more details about the case? Is it with the very fir=
st
>> connection or you do some load testing and at some point you get this issu=
e?
>>
>
> No, its not a part of load testing. it happens on the first connection.
>
>> Can you reproduce it always?
>
> Yes i can reproduce it.
>
>> Do you set different number of workers per
>> socket? What is the output of 'kamctl ps'?
>
> No. both are 4. (udp and tls )
>
> I have downgraded the lab machine to do some testing. so i can't give
> kamctl ps of the faulty
> installation at this moment. kamailio-3.2.x is deployed in our
> production servers, and it worked flawlessly.
>
> this is the output of kamctl ps from a 3.2.x. it uses the same config
> file as i was using with git master branch.
>
> [root(a)server kamailio-3.2.3]# kamctl ps
> Process::  ID=3D0 PID=3D31109 Type=3Dattendant
> Process::  ID=3D1 PID=3D31110 Type=3Dudp receiver child=3D0 sock=3D<IP>:<PO=
RT>
> Process::  ID=3D2 PID=3D31111 Type=3Dudp receiver child=3D1 sock=3D<IP>:<PO=
RT>
> Process::  ID=3D3 PID=3D31112 Type=3Dudp receiver child=3D2 sock=3D<IP>:<PO=
RT>
> Process::  ID=3D4 PID=3D31113 Type=3Dudp receiver child=3D3 sock=3D<IP>:<PO=
RT>
> Process::  ID=3D5 PID=3D31114 Type=3Dslow timer
> Process::  ID=3D6 PID=3D31115 Type=3Dtimer
> Process::  ID=3D7 PID=3D31116 Type=3DMI FIFO
> Process::  ID=3D8 PID=3D31117 Type=3Dctl handler
> Process::  ID=3D9 PID=3D31118 Type=3DTIMER NH
> Process::  ID=3D10 PID=3D31119 Type=3Dtcp receiver child=3D0
> Process::  ID=3D11 PID=3D31120 Type=3Dtcp receiver child=3D1
> Process::  ID=3D12 PID=3D31121 Type=3Dtcp receiver child=3D2
> Process::  ID=3D13 PID=3D31122 Type=3Dtcp receiver child=3D3
> Process::  ID=3D14 PID=3D31123 Type=3Dtcp main process
>
>>
>> Have you tried with 3.3 branch as well or just master branch?
>>
>
> I've got this in master branch. haven't tried it with 3.3 branch.
>
> On the side note similar issue was reported by a guy earlier this year
> in this list which went
> unnoticed. here is the link to that mail :
>
> http://lists.sip-router.org/pipermail/sr-users/2012-April/072683.html
>
> His issue seems similar to me.
>
> Cheers
>> Cheers,
>> Daniel
>>
>>
>> On 7/9/12 3:04 PM, Klaus Darilion wrote:
>>>
>>> Use wireshark to analyze the TLS handshake
>>>
>>> regards
>>> klaus
>>>
>>> On 09.07.2012 13:27, Aft nix wrote:
>>>>
>>>> Hi,
>>>>
>>>> I have enabled tls parameters as follows:
>>>>
>>>> in kamailio.cfg
>>>>
>>>> listen =3D tls:<IP>:<PORT>
>>>>
>>>> in tls.cfg
>>>>
>>>> [server:<IP>:<PORT>]
>>>> method =3D TLSv1
>>>> verify_certificate =3D no
>>>> require_certificate =3D no
>>>> private_key =3D /usr/local/etc/kamailio/kamailio-selfsigned.key
>>>> certificate =3D /usr/local/etc/kamailio/kamailio-selfsigned.pem
>>>>
>>>> Now if i try to connect to this interface using openssl s_client, it
>>>> does connects,
>>>> but now server certificate is sent from kamailio.
>>>>
>>>> kamailio log shows this :
>>>>
>>>>     <core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
>>>>     <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
>>>>     <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
>>>>     <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
>>>> 0xb5701580), fd_no=3D11
>>>>     <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
>>>> fd_no=3D12 called
>>>>     <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
>>>>     <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
>>>>    connection passed to the least busy one (3289651)
>>>>     <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
>>>> [tls:<IP>:<PORT>], 0xb5701580
>>>>     <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid
>>>> 2491)
>>>>
>>>> I'm using kamailio from git. its updated to the latest.
>>>> Thanks in advance.
>>>>
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users(a)lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>> --
>> Daniel-Constantin Mierla - http://www.asipto.com
>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 -
>> http://asipto.com/u/katu
>> Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 -
>> http://asipto.com/u/kpw
>>
>
>
>



--===============0237769260==--