Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2, 0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
Use wireshark to analyze the TLS handshake
regards klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2, 0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
Hello,
also, can you provide more details about the case? Is it with the very first connection or you do some load testing and at some point you get this issue?
Can you reproduce it always? Do you set different number of workers per socket? What is the output of 'kamctl ps'?
Have you tried with 3.3 branch as well or just master branch?
Cheers, Daniel
On 7/9/12 3:04 PM, Klaus Darilion wrote:
Use wireshark to analyze the TLS handshake
regards klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2, 0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
On Mon, Jul 9, 2012 at 10:24 PM, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
also, can you provide more details about the case? Is it with the very first connection or you do some load testing and at some point you get this issue?
No, its not a part of load testing. it happens on the first connection.
Can you reproduce it always?
Yes i can reproduce it.
Do you set different number of workers per socket? What is the output of 'kamctl ps'?
No. both are 4. (udp and tls )
I have downgraded the lab machine to do some testing. so i can't give kamctl ps of the faulty installation at this moment. kamailio-3.2.x is deployed in our production servers, and it worked flawlessly.
this is the output of kamctl ps from a 3.2.x. it uses the same config file as i was using with git master branch.
[root@server kamailio-3.2.3]# kamctl ps Process:: ID=0 PID=31109 Type=attendant Process:: ID=1 PID=31110 Type=udp receiver child=0 sock=<IP>:<PORT> Process:: ID=2 PID=31111 Type=udp receiver child=1 sock=<IP>:<PORT> Process:: ID=3 PID=31112 Type=udp receiver child=2 sock=<IP>:<PORT> Process:: ID=4 PID=31113 Type=udp receiver child=3 sock=<IP>:<PORT> Process:: ID=5 PID=31114 Type=slow timer Process:: ID=6 PID=31115 Type=timer Process:: ID=7 PID=31116 Type=MI FIFO Process:: ID=8 PID=31117 Type=ctl handler Process:: ID=9 PID=31118 Type=TIMER NH Process:: ID=10 PID=31119 Type=tcp receiver child=0 Process:: ID=11 PID=31120 Type=tcp receiver child=1 Process:: ID=12 PID=31121 Type=tcp receiver child=2 Process:: ID=13 PID=31122 Type=tcp receiver child=3 Process:: ID=14 PID=31123 Type=tcp main process
Have you tried with 3.3 branch as well or just master branch?
I've got this in master branch. haven't tried it with 3.3 branch.
On the side note similar issue was reported by a guy earlier this year in this list which went unnoticed. here is the link to that mail :
http://lists.sip-router.org/pipermail/sr-users/2012-April/072683.html
His issue seems similar to me.
Cheers
Cheers, Daniel
On 7/9/12 3:04 PM, Klaus Darilion wrote:
Use wireshark to analyze the TLS handshake
regards klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2, 0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 - http://asipto.com/u/katu Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 - http://asipto.com/u/kpw
Does it work with your web browser?
https://ip.address.ofyour.proxy:5061/
At least the TLS handshake should work.
If you add the following snippet to your config you should also see the response in your browser:
event_route[xhttp:request] { xhttp_reply("200", "OK", "text/html","<html><body>OK - $hu - [$si:$sp]</body></html>"); }
regards Klaus
On 10.07.2012 12:44, Aft nix wrote:
On Mon, Jul 9, 2012 at 10:24 PM, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
also, can you provide more details about the case? Is it with the very first connection or you do some load testing and at some point you get this issue?
No, its not a part of load testing. it happens on the first connection.
Can you reproduce it always?
Yes i can reproduce it.
Do you set different number of workers per socket? What is the output of 'kamctl ps'?
No. both are 4. (udp and tls )
I have downgraded the lab machine to do some testing. so i can't give kamctl ps of the faulty installation at this moment. kamailio-3.2.x is deployed in our production servers, and it worked flawlessly.
this is the output of kamctl ps from a 3.2.x. it uses the same config file as i was using with git master branch.
[root@server kamailio-3.2.3]# kamctl ps Process:: ID=0 PID=31109 Type=attendant Process:: ID=1 PID=31110 Type=udp receiver child=0 sock=<IP>:<PORT> Process:: ID=2 PID=31111 Type=udp receiver child=1 sock=<IP>:<PORT> Process:: ID=3 PID=31112 Type=udp receiver child=2 sock=<IP>:<PORT> Process:: ID=4 PID=31113 Type=udp receiver child=3 sock=<IP>:<PORT> Process:: ID=5 PID=31114 Type=slow timer Process:: ID=6 PID=31115 Type=timer Process:: ID=7 PID=31116 Type=MI FIFO Process:: ID=8 PID=31117 Type=ctl handler Process:: ID=9 PID=31118 Type=TIMER NH Process:: ID=10 PID=31119 Type=tcp receiver child=0 Process:: ID=11 PID=31120 Type=tcp receiver child=1 Process:: ID=12 PID=31121 Type=tcp receiver child=2 Process:: ID=13 PID=31122 Type=tcp receiver child=3 Process:: ID=14 PID=31123 Type=tcp main process
Have you tried with 3.3 branch as well or just master branch?
I've got this in master branch. haven't tried it with 3.3 branch.
On the side note similar issue was reported by a guy earlier this year in this list which went unnoticed. here is the link to that mail :
http://lists.sip-router.org/pipermail/sr-users/2012-April/072683.html
His issue seems similar to me.
Cheers
Cheers, Daniel
On 7/9/12 3:04 PM, Klaus Darilion wrote:
Use wireshark to analyze the TLS handshake
regards klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 - http://asipto.com/u/katu Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 - http://asipto.com/u/kpw
On Wed, Jul 11, 2012 at 6:25 PM, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Does it work with your web browser?
https://ip.address.ofyour.proxy:5061/
At least the TLS handshake should work.
Yes i've tested that way. It shows server not found. I think the problem is not related to tls. The TCP connection is not established in the first place. You will get the a hint of this by reading the debug log i gave in my initial mail.
If you add the following snippet to your config you should also see the response in your browser:
event_route[xhttp:request] { xhttp_reply("200", "OK", "text/html","<html><body>OK - $hu - [$si:$sp]</body></html>"); }
regards Klaus
On 10.07.2012 12:44, Aft nix wrote:
On Mon, Jul 9, 2012 at 10:24 PM, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
also, can you provide more details about the case? Is it with the very first connection or you do some load testing and at some point you get this issue?
No, its not a part of load testing. it happens on the first connection.
Can you reproduce it always?
Yes i can reproduce it.
Do you set different number of workers per socket? What is the output of 'kamctl ps'?
No. both are 4. (udp and tls )
I have downgraded the lab machine to do some testing. so i can't give kamctl ps of the faulty installation at this moment. kamailio-3.2.x is deployed in our production servers, and it worked flawlessly.
this is the output of kamctl ps from a 3.2.x. it uses the same config file as i was using with git master branch.
[root@server kamailio-3.2.3]# kamctl ps Process:: ID=0 PID=31109 Type=attendant Process:: ID=1 PID=31110 Type=udp receiver child=0 sock=<IP>:<PORT> Process:: ID=2 PID=31111 Type=udp receiver child=1 sock=<IP>:<PORT> Process:: ID=3 PID=31112 Type=udp receiver child=2 sock=<IP>:<PORT> Process:: ID=4 PID=31113 Type=udp receiver child=3 sock=<IP>:<PORT> Process:: ID=5 PID=31114 Type=slow timer Process:: ID=6 PID=31115 Type=timer Process:: ID=7 PID=31116 Type=MI FIFO Process:: ID=8 PID=31117 Type=ctl handler Process:: ID=9 PID=31118 Type=TIMER NH Process:: ID=10 PID=31119 Type=tcp receiver child=0 Process:: ID=11 PID=31120 Type=tcp receiver child=1 Process:: ID=12 PID=31121 Type=tcp receiver child=2 Process:: ID=13 PID=31122 Type=tcp receiver child=3 Process:: ID=14 PID=31123 Type=tcp main process
Have you tried with 3.3 branch as well or just master branch?
I've got this in master branch. haven't tried it with 3.3 branch.
On the side note similar issue was reported by a guy earlier this year in this list which went unnoticed. here is the link to that mail :
http://lists.sip-router.org/pipermail/sr-users/2012-April/072683.html
His issue seems similar to me.
Cheers
Cheers, Daniel
On 7/9/12 3:04 PM, Klaus Darilion wrote:
Use wireshark to analyze the TLS handshake
regards klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENTIP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2, 0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 - http://asipto.com/u/katu Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 - http://asipto.com/u/kpw
On Mon, Jul 9, 2012 at 7:04 PM, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Use wireshark to analyze the TLS handshake
Thanks for the suggestion. I'll analyze it and post my findings.
regards klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2, 0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
I just tested TLS with Kamailio 3.3.0 and Eyebeam and it works. Make sure to specify "ca_list" if intermediate certificates are used.
regards Klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2, 0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
On Wed, Jul 11, 2012 at 6:56 PM, Klaus Darilion klaus.mailinglists@pernau.at wrote:
I just tested TLS with Kamailio 3.3.0 and Eyebeam and it works. Make sure to specify "ca_list" if intermediate certificates are used.
I was working with master branch, not 3.3 branch.
regards Klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2, 0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
Maybe there were some changes fore websocket support which cause problems. Do plain TCP connections work?
klaus
On 11.07.2012 16:20, Aft nix wrote:
On Wed, Jul 11, 2012 at 6:56 PM, Klaus Darilion klaus.mailinglists@pernau.at wrote:
I just tested TLS with Kamailio 3.3.0 and Eyebeam and it works. Make sure to specify "ca_list" if intermediate certificates are used.
I was working with master branch, not 3.3 branch.
regards Klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
Hi,
WebSockets over TLS works which requires establishing a TLS connection and exchanging an HTTP request and response. It doesn't sound like this connection is even getting passed the TLS handshake part?
Peter
On Wed, 2012-07-11 at 17:14 +0200, Klaus Darilion wrote:
Maybe there were some changes fore websocket support which cause problems. Do plain TCP connections work?
klaus
On 11.07.2012 16:20, Aft nix wrote:
On Wed, Jul 11, 2012 at 6:56 PM, Klaus Darilion klaus.mailinglists@pernau.at wrote:
I just tested TLS with Kamailio 3.3.0 and Eyebeam and it works. Make sure to specify "ca_list" if intermediate certificates are used.
I was working with master branch, not 3.3 branch.
regards Klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
On Wed, Jul 11, 2012 at 9:37 PM, Peter Dunkley peter.dunkley@crocodile-rcs.com wrote:
Hi,
WebSockets over TLS works which requires establishing a TLS connection and exchanging an HTTP request and response. It doesn't sound like this connection is even getting passed the TLS handshake part?
Peter
Hi, That was my first guess. I will run some tests with plain tcp socket and post update.
cheers.
On Wed, 2012-07-11 at 17:14 +0200, Klaus Darilion wrote:
Maybe there were some changes fore websocket support which cause problems. Do plain TCP connections work?
klaus
On 11.07.2012 16:20, Aft nix wrote:
On Wed, Jul 11, 2012 at 6:56 PM, Klaus Darilion klaus.mailinglists@pernau.at wrote:
I just tested TLS with Kamailio 3.3.0 and Eyebeam and it works. Make sure to specify "ca_list" if intermediate certificates are used.
I was working with master branch, not 3.3 branch.
regards Klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>] method = TLSv1 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key certificate = /usr/local/etc/kamailio/
kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it does connects, but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENTIP> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3 <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2 <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2, 0xb5701580), fd_no=11 <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0) fd_no=12 called <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1 <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver, connection passed to the least busy one (3289651) <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on [tls:<IP>:<PORT>], 0xb5701580 <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest. Thanks in advance.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Peter Dunkley Technical Director Crocodile RCS Ltd
-- -aft
-
Aft nix -
Daniel-Constantin Mierla -
Klaus Darilion -
Peter Dunkley