Dear friends,
Since last few days i am working on Kamailio with TLS support. I had
followed each and every steps in installation docs...created certificates
as well.
Then i started testing the server with TLS on using SIPP. First i didnt
added any certificate to SIPP, and Registration wasnt happening...
When i added a certificate and key to SIPP....it started working fine....i
was been able to test Registrations Successfully.
Then i started working with one open source soft phone supporting TLS
named mumble. IT Supports. Now i hadnt added any certificate to Mumblem.
In my settings of kamailio i have set clietn_verify = 0 and
require_client_certificate = 0. So without certificate as well i should be
able to Authenticate my self successfully.
Instead it gives following error in kamailio log:
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:print_ip:
tcpconn_new: new tcp connection to: 172.16.16.218
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_new: on
port 58125, type 3
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connection
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
DBG:core:tls_tcpconn_init: looking up socket based TLS server domain
[172.16.16.218:5091]
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
DBG:core:tls_find_server_domain: socket based TLS server domain found
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
DBG:core:tls_tcpconn_init: found socket based TLS server domain
[172.16.16.218:5091]
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server)
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_add:
hashes: 929, 1
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
DBG:core:handle_new_connect: new connection: 0x7fd6f4a58208 23 flags: 0002
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:send2child: to
tcp child 0 0(3296), 0x7fd6f4a58208
Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:handle_io:
received n=8 con=0x7fd6f4a58208, fd=18
Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_add:
io_watch_add(0x73a0a0, 18, 2, 0x7fd6f4a58208), fd_no=1
Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:tls_update_fd:
New fd is 18
Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: ERROR:core:tls_accept:
SSL_accept failed: SSL_ERROR_SSL
Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_del:
io_watch_del (0x73a0a0, 18, -1, 0x10) fd_no=2 called
Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn:
releasing con 0x7fd6f4a58208, state -2, fd=18, id=1
Feb 22 09:50:51 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn:
extra_data 0x7fd6f4a683a0
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
DBG:core:handle_tcp_child: reader response= 7fd6f4a58208, -2 from 0
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_destroy:
destroying connection 0x7fd6f4a58208, flags 0002
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_close:
closing SSL connection
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_update_fd:
New fd is 23
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]: DBG:core:tls_shutdown:
shutdown successful
Feb 22 09:50:51 localhost ./sbin/kamailio[3300]:
DBG:core:tls_tcpconn_clean: Cleanup function entered
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:print_ip:
tcpconn_new: new tcp connection to: 172.16.16.218
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_new: on
port 58126, type 3
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connection
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
DBG:core:tls_tcpconn_init: looking up socket based TLS server domain
[172.16.16.218:5091]
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
DBG:core:tls_find_server_domain: socket based TLS server domain found
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
DBG:core:tls_tcpconn_init: found socket based TLS server domain
[172.16.16.218:5091]
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server)
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_add:
hashes: 930, 2
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
DBG:core:handle_new_connect: new connection: 0x7fd6f4a58208 23 flags: 0002
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:send2child: to
tcp child 0 0(3296), 0x7fd6f4a58208
Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:handle_io:
received n=8 con=0x7fd6f4a58208, fd=18
Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_add:
io_watch_add(0x73a0a0, 18, 2, 0x7fd6f4a58208), fd_no=1
Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:tls_update_fd:
New fd is 18
Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: ERROR:core:tls_accept:
SSL_accept failed: SSL_ERROR_SSL
Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:io_watch_del:
io_watch_del (0x73a0a0, 18, -1, 0x10) fd_no=2 called
Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn:
releasing con 0x7fd6f4a58208, state -2, fd=18, id=2
Feb 22 09:51:01 localhost ./sbin/kamailio[3296]: DBG:core:release_tcpconn:
extra_data 0x7fd6f4a683a0
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
DBG:core:handle_tcp_child: reader response= 7fd6f4a58208, -2 from 0
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tcpconn_destroy:
destroying connection 0x7fd6f4a58208, flags 0002
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_close:
closing SSL connection
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_update_fd:
New fd is 23
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]: DBG:core:tls_shutdown:
shutdown successful
Feb 22 09:51:01 localhost ./sbin/kamailio[3300]:
DBG:core:tls_tcpconn_clean: Cleanup function entered
And in Mumble soft phone log it gives me following Error:
[9:50 AM] Welcome to Mumble.
[9:50 AM] Server connection failed: Error during SSL handshake:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure.
[9:51 AM] Reconnecting.
[9:51 AM] Server connection failed: Error during SSL handshake:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure.
[9:51 AM] Reconnecting.
[9:51 AM] Server connection failed: Error during SSL handshake:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure.
[9:51 AM] Reconnecting.
[9:51 AM] Server connection failed: Error during SSL handshake:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure.
Can any one suggest what could be the problem?
My Server works great with SIPP with TLS....so i dont think theres any
config related error and i have set client_require_certificate = 0 thats
for sure....
In real life scenario, hard or soft phones wont have certificates...so
they should be able to connect to server and authenticate/Authorize
themselves if server has valid certificate.But its not happening. So i
need help from experienced guys....
--
Regards,
Hemanshu Patel
M: 09601295238