Hello Daniel:

Trying it, accessing via Browser here is the log, similarities with the access via SIPML5, no errors, no warnings (at least as far as I can see):

 DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection:  123.123.123.123
 DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port 58654, type 3
 DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes: 263:3337:1427, 5
 DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22
 DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x89bda0, 34, -1, 0x0) fd_no=23 called
 DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
 DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 0 11(1700) for activity on [tls:124.124.124.124:10443], 0x7f72f4768638
  DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8 con=0x7f72f4768638, fd=11
  DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain TLSs<default>
  DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=2060 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003
  DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
  DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake done
  DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable renegotiation
  DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
  DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection from  123.123.123.123:58654 using TLSv1/SSLv3 AES256-SHA 256
  DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket: 124.124.124.124:10443
  DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not present a certificate
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=282 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003
  DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f72f4768638, FD 11
  DEBUG: <core> [tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF
  DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called
  DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con 0x7f72f4768638, state -1, fd=11, id=5
  DEBUG: <core> [tcp_read.c:1438]: release_tcpconn():  extra_data 0x7f72f47915b0
  DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child: reader response= 7f72f4768638, -1 from 0
  DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection 0x7f72f47915b0
  DEBUG: <core> [ip_addr.c:243]: print_ip(): tcpconn_new: new tcp connection:  123.123.123.123
  DEBUG: <core> [tcp_main.c:1096]: tcpconn_new(): tcpconn_new: on port 58656, type 3
  DEBUG: <core> [tcp_main.c:1408]: tcpconn_add(): tcpconn_add: hashes: 313:3383:1453, 6
  DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x89bda0, 34, 2, 0x7f72f4768638), fd_no=22
  DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x89bda0, 34, -1, 0x0) fd_no=23 called
  DEBUG: <core> [tcp_main.c:4302]: handle_tcpconn_ev(): tcp: DBG: sending to child, events 1
  DEBUG: <core> [tcp_main.c:3973]: send2child(): selected tcp worker 1 12(1701) for activity on [tls:124.124.124.124:10443], 0x7f72f4768638
  DEBUG: <core> [tcp_read.c:1510]: handle_io(): received n=8 con=0x7f72f4768638, fd=11
  DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain TLSs<default>
  DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=2060 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003
  DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f72f4768638), fd_no=1
  DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake done
  DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable renegotiation
  DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
  DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection from  123.123.123.123:58656 using TLSv1/SSLv3 AES256-SHA 256
  DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket: 124.124.124.124:10443
  DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not present a certificate
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=282 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003
  DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
  DEBUG: <core> [parser/msg_parser.c:625]: parse_msg():  method:  <GET>
  DEBUG: <core> [parser/msg_parser.c:627]: parse_msg():  uri:     </>
  DEBUG: <core> [parser/msg_parser.c:629]: parse_msg():  version: <HTTP/1.1>
  DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of header
  DEBUG: <core> [receive.c:152]: receive_msg(): After parse_msg...
  DEBUG: xhttp [xhttp_mod.c:358]: xhttp_handler(): new fake msg created (425 bytes):#012<GET / HTTP/1.1#015#012Via: SIP/2.0/TLS  123.123.123.123:58656#015#012Host: domain.com:10443#015#012Connection: keep-alive#015#012Cache-Control: max-age=0#015#012Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8#015#012User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36#015#012Accept-Encoding: gzip,deflate#015#012Accept-Language: es,en-GB;q=0.8,en;q=0.6,fr;q=0.4#015#012#015#012>
  DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
  DEBUG: <core> [parser/msg_parser.c:625]: parse_msg():  method:  <GET>
  DEBUG: <core> [parser/msg_parser.c:627]: parse_msg():  uri:     </>
  DEBUG: <core> [parser/msg_parser.c:629]: parse_msg():  version: <HTTP/1.1>
  DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of header reached, state=5
  DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): parse_headers: Via found, flags=2
  DEBUG: <core> [parser/msg_parser.c:515]: parse_headers(): parse_headers: this is the first via
  INFO: <script>: HTTP Request Received
  DEBUG: <core> [parser/msg_parser.c:106]: get_hdr_field(): found end of header
  DEBUG: sl [sl.c:288]: send_reply(): reply in stateless mode (sl)
  DEBUG: <core> [msg_translator.c:204]: check_via_address(): check_via_address( 123.123.123.123,  123.123.123.123, 0)
  DEBUG: <core> [tcp_main.c:2320]: tcpconn_send_put(): tcp_send: send from reader (1701 (12)), reusing fd
  DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
  DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f72f4768638 n=165 fd=11
  DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#027#003#003
  DEBUG: <core> [tcp_main.c:3624]: handle_ser_child(): handle_ser_child: read response= 7f72f4768638, -1, fd -1 from 12 (1701)
  DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection 0x7f72f47915b0
  DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)
  message repeated 5 times: [ DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): DEBUG:destroy_avp_list: destroying list (nil)]
  DEBUG: <core> [xavp.c:448]: xavp_destroy_list(): destroying xavp list (nil)
  DEBUG: <core> [receive.c:296]: receive_msg(): receive_msg: cleaning up
  DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called
  DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con 0x7f72f4768638, state -2, fd=11, id=6
  DEBUG: <core> [tcp_read.c:1438]: release_tcpconn():  extra_data 0x7f72f47915b0
  DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child: reader response= 7f72f4768638, -2 from 1

Regards and thanks for your time


Manuel Camargo
Teléfono: 638000836
eMail: sir.louen@gmail.com

Ver el perfil de Manuel Camargo Lominchar en LinkedIn


2014-09-08 14:57 GMT+02:00 Daniel-Constantin Mierla <miconda@gmail.com>:
Hello,

if you run latest versions of web browsers, they become more restrictive on wss connection. Be sure that the cetificate is also trusted by the web browser.

You can go with the web browser to https://ipofkamailio:portforwss and see if you get any warnings there.

Cheers,
Daniel


On 06/09/14 17:23, Manuel Camarg wrote:
I'm trying to implement WSS with Kamailio
Thing is that WS works fine, I've followed:

modparam("tls", "config", "webrtc/tls.cfg")
In a tls.cfg file I have :

[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = webrtc/private.key
certificate = webrtc/ssl.pem
ca_list = webrtc/ca_list.pem

In the log file:

/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain TLSs<default>
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:700]: sr_ssl_ctx_info_callback(): SSL handshake started
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=5524 fd=11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f7513516958), fd_no=1
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:712]: sr_ssl_ctx_info_callback(): SSL handshake done
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL disable renegotiation
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection from 123.123.123.123:63300 using TLSv1/SSLv3 AES256-SHA 256
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket: 124.124.124.124:10443
/usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not present a certificate
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=282 fd=11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=#012#026#003#003
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7f7513516958, FD 11
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1293]: tcp_read_req(): tcp_read_req: EOF
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con 0x7f7513516958, state -1, fd=11, id=2
/usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1438]: release_tcpconn():  extra_data 0x7f7513510a88
/usr/local/sbin/kamailio[4029]: DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child: reader response= 7f7513516958, -1 from 1
/usr/local/sbin/kamailio[4029]: DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection 0x7f7513510a88

In sipml5 the error:

Disconnected: Failed to connect to the server

In the Chrome console:

__tsip_transport_ws_onerror 
__tsip_transport_ws_onclose 

SSL certificates seem to be ok:
# openssl verify -CAfile ca_list.pem ssl.pem
ssl.pem: OK

Can't figure out a solution :( Any ideas?

Manuel Camargo
Teléfono: 638000836
eMail: sir.louen@gmail.com



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany