9 Jul
2012
9 Jul
'12
2:27 p.m.
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it
does connects,
but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
<core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
<core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
<core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
0xb5701580), fd_no=11
<core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
fd_no=12 called
<core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
<core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
connection passed to the least busy one (3289651)
<core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
[tls:<IP>:<PORT>], 0xb5701580
<core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest.
Thanks in advance.
--
-aft
9 Jul
9 Jul
4:04 p.m.
Use wireshark to analyze the TLS handshake
regards
klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it
does connects,
but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
<core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
<core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
<core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
0xb5701580), fd_no=11
<core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
fd_no=12 called
<core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
<core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
connection passed to the least busy one (3289651)
<core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
[tls:<IP>:<PORT>], 0xb5701580
<core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest.
Thanks in advance.
7:24 p.m.
Hello,
also, can you provide more details about the case? Is it with the very
first connection or you do some load testing and at some point you get
this issue?
Can you reproduce it always? Do you set different number of workers per
socket? What is the output of 'kamctl ps'?
Have you tried with 3.3 branch as well or just master branch?
Cheers,
Daniel
On 7/9/12 3:04 PM, Klaus Darilion wrote:
Use wireshark to analyze the TLS handshake
regards
klaus
On 09.07.2012 13:27, Aft nix wrote:
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 - http://asipto.com/u/katu
Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 - http://asipto.com/u/kpw
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it
does connects,
but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
<core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
<core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
<core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
0xb5701580), fd_no=11
<core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
fd_no=12 called
<core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
<core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
connection passed to the least busy one (3289651)
<core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
[tls:<IP>:<PORT>], 0xb5701580
<core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid
2491)
I'm using kamailio from git. its updated to the latest.
Thanks in advance.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
10 Jul
10 Jul
1:44 p.m.
On Mon, Jul 9, 2012 at 10:24 PM, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
Hello,
also, can you provide more details about the case? Is it with the very first
connection or you do some load testing and at some point you get this issue?
No, its not a part of load testing. it happens on the first connection.
Can you reproduce it always?
Yes i can reproduce it.
Do you set different number of workers per
socket? What is the output of 'kamctl ps'?
No. both are 4. (udp and tls )
I have downgraded the lab machine to do some testing. so i can't give
kamctl ps of the faulty
installation at this moment. kamailio-3.2.x is deployed in our
production servers, and it worked flawlessly.
this is the output of kamctl ps from a 3.2.x. it uses the same config
file as i was using with git master branch.
[root@server kamailio-3.2.3]# kamctl ps
Process:: ID=0 PID=31109 Type=attendant
Process:: ID=1 PID=31110 Type=udp receiver child=0 sock=<IP>:<PORT>
Process:: ID=2 PID=31111 Type=udp receiver child=1 sock=<IP>:<PORT>
Process:: ID=3 PID=31112 Type=udp receiver child=2 sock=<IP>:<PORT>
Process:: ID=4 PID=31113 Type=udp receiver child=3 sock=<IP>:<PORT>
Process:: ID=5 PID=31114 Type=slow timer
Process:: ID=6 PID=31115 Type=timer
Process:: ID=7 PID=31116 Type=MI FIFO
Process:: ID=8 PID=31117 Type=ctl handler
Process:: ID=9 PID=31118 Type=TIMER NH
Process:: ID=10 PID=31119 Type=tcp receiver child=0
Process:: ID=11 PID=31120 Type=tcp receiver child=1
Process:: ID=12 PID=31121 Type=tcp receiver child=2
Process:: ID=13 PID=31122 Type=tcp receiver child=3
Process:: ID=14 PID=31123 Type=tcp main process
Have you tried with 3.3 branch as well or just master branch?
I've got this in master branch. haven't tried it with 3.3 branch.
On the side note similar issue was reported by a guy earlier this year
in this list which went
unnoticed. here is the link to that mail :
http://lists.sip-router.org/pipermail/sr-users/2012-April/072683.html
His issue seems similar to me.
Cheers
Cheers,
Daniel
On 7/9/12 3:04 PM, Klaus Darilion wrote:
--
-aft
Use wireshark to analyze the TLS handshake
regards
klaus
On 09.07.2012 13:27, Aft nix wrote:
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 -
http://asipto.com/u/katu
Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 -
http://asipto.com/u/kpw
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it
does connects,
but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
<core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
<core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
<core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
0xb5701580), fd_no=11
<core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
fd_no=12 called
<core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
<core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
connection passed to the least busy one (3289651)
<core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
[tls:<IP>:<PORT>], 0xb5701580
<core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid
2491)
I'm using kamailio from git. its updated to the latest.
Thanks in advance.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
11 Jul
11 Jul
3:25 p.m.
Does it work with your web browser?
https://ip.address.ofyour.proxy:5061/
At least the TLS handshake should work.
If you add the following snippet to your config you should also see the
response in your browser:
event_route[xhttp:request] {
xhttp_reply("200", "OK",
"text/html","<html><body>OK - $hu -
[$si:$sp]</body></html>");
}
regards
Klaus
On 10.07.2012 12:44, Aft nix wrote:
On Mon, Jul 9, 2012 at 10:24 PM, Daniel-Constantin
Mierla
<miconda(a)gmail.com> wrote:
Hello,
also, can you provide more details about the case? Is it with the very first
connection or you do some load testing and at some point you get this issue?
No, its not a part of load testing. it happens on the first connection.
Can you reproduce it always?
Yes i can reproduce it.
Do you set different number of workers per
socket? What is the output of 'kamctl ps'?
No. both are 4. (udp and tls )
I have downgraded the lab machine to do some testing. so i can't give
kamctl ps of the faulty
installation at this moment. kamailio-3.2.x is deployed in our
production servers, and it worked flawlessly.
this is the output of kamctl ps from a 3.2.x. it uses the same config
file as i was using with git master branch.
[root@server kamailio-3.2.3]# kamctl ps
Process:: ID=0 PID=31109 Type=attendant
Process:: ID=1 PID=31110 Type=udp receiver child=0 sock=<IP>:<PORT>
Process:: ID=2 PID=31111 Type=udp receiver child=1 sock=<IP>:<PORT>
Process:: ID=3 PID=31112 Type=udp receiver child=2 sock=<IP>:<PORT>
Process:: ID=4 PID=31113 Type=udp receiver child=3 sock=<IP>:<PORT>
Process:: ID=5 PID=31114 Type=slow timer
Process:: ID=6 PID=31115 Type=timer
Process:: ID=7 PID=31116 Type=MI FIFO
Process:: ID=8 PID=31117 Type=ctl handler
Process:: ID=9 PID=31118 Type=TIMER NH
Process:: ID=10 PID=31119 Type=tcp receiver child=0
Process:: ID=11 PID=31120 Type=tcp receiver child=1
Process:: ID=12 PID=31121 Type=tcp receiver child=2
Process:: ID=13 PID=31122 Type=tcp receiver child=3
Process:: ID=14 PID=31123 Type=tcp main process
Have you tried with 3.3 branch as well or just master branch?
I've got this in master branch. haven't tried it with 3.3 branch.
On the side note similar issue was reported by a guy earlier this year
in this list which went
unnoticed. here is the link to that mail :
http://lists.sip-router.org/pipermail/sr-users/2012-April/072683.html
His issue seems similar to me.
Cheers
Cheers,
Daniel
On 7/9/12 3:04 PM, Klaus Darilion wrote:
Use wireshark to analyze the TLS handshake
regards
klaus
On 09.07.2012 13:27, Aft nix wrote:
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 -
http://asipto.com/u/katu
Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 -
http://asipto.com/u/kpw
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it
does connects,
but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
<core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
<core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
<core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
0xb5701580), fd_no=11
<core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
fd_no=12 called
<core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
<core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
connection passed to the least busy one (3289651)
<core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
[tls:<IP>:<PORT>], 0xb5701580
<core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid
2491)
I'm using kamailio from git. its updated to the latest.
Thanks in advance.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
5:22 p.m.
On Wed, Jul 11, 2012 at 6:25 PM, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
Does it work with your web browser?
https://ip.address.ofyour.proxy:5061/
At least the TLS handshake should work.
Yes i've tested that way. It shows server not found. I think the
problem is not related to
tls. The TCP connection is not established in the first place. You
will get the a hint of this
by reading the debug log i gave in my initial mail.
If you add the following snippet to your config you
should also see the
response in your browser:
event_route[xhttp:request] {
xhttp_reply("200", "OK",
"text/html","<html><body>OK - $hu -
[$si:$sp]</body></html>");
}
regards
Klaus
On 10.07.2012 12:44, Aft nix wrote:
--
-aft
On Mon, Jul 9, 2012 at 10:24 PM, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
Hello,
also, can you provide more details about the case? Is it with the very
first
connection or you do some load testing and at some point you get this
issue?
No, its not a part of load testing. it happens on the first connection.
Can you reproduce it always?
Yes i can reproduce it.
Do you set different number of workers per
socket? What is the output of 'kamctl ps'?
No. both are 4. (udp and tls )
I have downgraded the lab machine to do some testing. so i can't give
kamctl ps of the faulty
installation at this moment. kamailio-3.2.x is deployed in our
production servers, and it worked flawlessly.
this is the output of kamctl ps from a 3.2.x. it uses the same config
file as i was using with git master branch.
[root@server kamailio-3.2.3]# kamctl ps
Process:: ID=0 PID=31109 Type=attendant
Process:: ID=1 PID=31110 Type=udp receiver child=0 sock=<IP>:<PORT>
Process:: ID=2 PID=31111 Type=udp receiver child=1 sock=<IP>:<PORT>
Process:: ID=3 PID=31112 Type=udp receiver child=2 sock=<IP>:<PORT>
Process:: ID=4 PID=31113 Type=udp receiver child=3 sock=<IP>:<PORT>
Process:: ID=5 PID=31114 Type=slow timer
Process:: ID=6 PID=31115 Type=timer
Process:: ID=7 PID=31116 Type=MI FIFO
Process:: ID=8 PID=31117 Type=ctl handler
Process:: ID=9 PID=31118 Type=TIMER NH
Process:: ID=10 PID=31119 Type=tcp receiver child=0
Process:: ID=11 PID=31120 Type=tcp receiver child=1
Process:: ID=12 PID=31121 Type=tcp receiver child=2
Process:: ID=13 PID=31122 Type=tcp receiver child=3
Process:: ID=14 PID=31123 Type=tcp main process
Have you tried with 3.3 branch as well or just master branch?
I've got this in master branch. haven't tried it with 3.3 branch.
On the side note similar issue was reported by a guy earlier this year
in this list which went
unnoticed. here is the link to that mail :
http://lists.sip-router.org/pipermail/sr-users/2012-April/072683.html
His issue seems similar to me.
Cheers
Cheers,
Daniel
On 7/9/12 3:04 PM, Klaus Darilion wrote:
Use wireshark to analyze the TLS handshake
regards
klaus
On 09.07.2012 13:27, Aft nix wrote:
>
>
> Hi,
>
> I have enabled tls parameters as follows:
>
> in kamailio.cfg
>
> listen = tls:<IP>:<PORT>
>
> in tls.cfg
>
> [server:<IP>:<PORT>]
> method = TLSv1
> verify_certificate = no
> require_certificate = no
> private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
> certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
>
> Now if i try to connect to this interface using openssl s_client, it
> does connects,
> but now server certificate is sent from kamailio.
>
> kamailio log shows this :
>
> <core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT
> IP>
> <core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
> <core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
> <core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
> 0xb5701580), fd_no=11
> <core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
> fd_no=12 called
> <core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
> <core> [tcp_main.c:3963]: WARNING: send2child: no free tcp
> receiver,
> connection passed to the least busy one (3289651)
> <core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity
> on
> [tls:<IP>:<PORT>], 0xb5701580
> <core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid
> 2491)
>
> I'm using kamailio from git. its updated to the latest.
> Thanks in advance.
>
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 -
http://asipto.com/u/katu
Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 -
http://asipto.com/u/kpw
9 Jul
9 Jul
7:51 p.m.
On Mon, Jul 9, 2012 at 7:04 PM, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
Use wireshark to analyze the TLS handshake
Thanks for the suggestion. I'll analyze it and post my findings.
regards
klaus
On 09.07.2012 13:27, Aft nix wrote:
--
-aft
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it
does connects,
but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
<core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
<core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
<core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
0xb5701580), fd_no=11
<core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
fd_no=12 called
<core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
<core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
connection passed to the least busy one (3289651)
<core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
[tls:<IP>:<PORT>], 0xb5701580
<core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest.
Thanks in advance.
11 Jul
11 Jul
3:56 p.m.
I just tested TLS with Kamailio 3.3.0 and Eyebeam and it works. Make
sure to specify "ca_list" if intermediate certificates are used.
regards
Klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it
does connects,
but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
<core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
<core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
<core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
0xb5701580), fd_no=11
<core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
fd_no=12 called
<core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
<core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
connection passed to the least busy one (3289651)
<core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
[tls:<IP>:<PORT>], 0xb5701580
<core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest.
Thanks in advance.
5:20 p.m.
On Wed, Jul 11, 2012 at 6:56 PM, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
I just tested TLS with Kamailio 3.3.0 and Eyebeam and
it works. Make sure to
specify "ca_list" if intermediate certificates are used.
I was working with master branch, not 3.3 branch.
regards
Klaus
On 09.07.2012 13:27, Aft nix wrote:
--
-aft
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it
does connects,
but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
<core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
<core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
<core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
0xb5701580), fd_no=11
<core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
fd_no=12 called
<core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
<core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
connection passed to the least busy one (3289651)
<core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
[tls:<IP>:<PORT>], 0xb5701580
<core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest.
Thanks in advance.
6:14 p.m.
Maybe there were some changes fore websocket support which cause
problems. Do plain TCP connections work?
klaus
On 11.07.2012 16:20, Aft nix wrote:
On Wed, Jul 11, 2012 at 6:56 PM, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
I just tested TLS with Kamailio 3.3.0 and Eyebeam
and it works. Make sure to
specify "ca_list" if intermediate certificates are used.
I was working with master branch, not 3.3 branch.
regards
Klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it
does connects,
but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
<core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
<core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
<core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
0xb5701580), fd_no=11
<core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
fd_no=12 called
<core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
<core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
connection passed to the least busy one (3289651)
<core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
[tls:<IP>:<PORT>], 0xb5701580
<core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest.
Thanks in advance.
6:37 p.m.
Hi,
WebSockets over TLS works which requires establishing a TLS connection
and exchanging an HTTP request and response. It doesn't sound like this
connection is even getting passed the TLS handshake part?
Peter
On Wed, 2012-07-11 at 17:14 +0200, Klaus Darilion wrote:
Maybe there were some changes fore websocket support
which cause
problems. Do plain TCP connections work?
klaus
On 11.07.2012 16:20, Aft nix wrote:
--
Peter Dunkley
Technical Director
Crocodile RCS Ltd
On Wed, Jul 11, 2012 at 6:56 PM, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users I just tested TLS with Kamailio 3.3.0 and Eyebeam
and it works. Make sure to
specify "ca_list" if intermediate certificates are used.
I was working with master branch, not 3.3 branch.
regards
Klaus
On 09.07.2012 13:27, Aft nix wrote:
Hi,
I have enabled tls parameters as follows:
in kamailio.cfg
listen = tls:<IP>:<PORT>
in tls.cfg
[server:<IP>:<PORT>]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
Now if i try to connect to this interface using openssl s_client, it
does connects,
but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT IP>
<core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
<core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
<core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
0xb5701580), fd_no=11
<core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
fd_no=12 called
<core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
<core> [tcp_main.c:3963]: WARNING: send2child: no free tcp receiver,
connection passed to the least busy one (3289651)
<core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity on
[tls:<IP>:<PORT>], 0xb5701580
<core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid 2491)
I'm using kamailio from git. its updated to the latest.
Thanks in advance.
9:45 p.m.
On Wed, Jul 11, 2012 at 9:37 PM, Peter Dunkley
<peter.dunkley(a)crocodile-rcs.com> wrote:
Hi,
WebSockets over TLS works which requires establishing a TLS connection and
exchanging an HTTP request and response. It doesn't sound like this
connection is even getting passed the TLS handshake part?
Peter
Hi,
That was my first guess. I will run some tests with plain tcp socket
and post update.
cheers.
On Wed, 2012-07-11 at 17:14 +0200, Klaus Darilion wrote:
Maybe there were some changes fore websocket support which cause
problems. Do plain TCP connections work?
klaus
On 11.07.2012 16:20, Aft nix wrote:
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Peter Dunkley
Technical Director
Crocodile RCS Ltd
--
-aft
On Wed, Jul 11, 2012 at 6:56 PM, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
kamailio-selfsigned.pem
I just tested TLS with Kamailio 3.3.0 and Eyebeam
and it works. Make
sure to
specify "ca_list" if intermediate certificates are used.
I was working with master branch, not 3.3 branch.
>
> regards
> Klaus
>
> On 09.07.2012 13:27, Aft nix wrote:
>>
>> Hi,
>>
>> I have enabled tls parameters as follows:
>>
>> in kamailio.cfg
>>
>> listen = tls:<IP>:<PORT>
>>
>> in tls.cfg
>>
>> [server:<IP>:<PORT>]
>> method = TLSv1
>> verify_certificate = no
>> require_certificate = no
>> private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
>> certificate = /usr/local/etc/kamailio/
Now if i try to connect to this interface using openssl s_client, it
does connects,
but now server certificate is sent from kamailio.
kamailio log shows this :
<core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT
IP>
<core> [tcp_main.c:1089]: tcpconn_new: on port 40727, type 3
<core> [tcp_main.c:1400]: tcpconn_add: hashes: 2614:2652:2494, 2
<core> [io_wait.h:390]: DBG: io_watch_add(0x82535e0, 23, 2,
0xb5701580), fd_no=11
<core> [io_wait.h:617]: DBG: io_watch_del (0x82535e0, 23, -1, 0x0)
fd_no=12 called
<core> [tcp_main.c:4296]: tcp: DBG: sending to child, events 1
<core> [tcp_main.c:3963]: WARNING: send2child: no free tcp
receiver,
connection passed to the least busy one (3289651)
<core> [tcp_main.c:3967]: selected tcp worker 0 0(8) for activity
on
[tls:<IP>:<PORT>], 0xb5701580
<core> [tcp_main.c:3576]: BUG: handle_ser_child: fd -1 for 0 (pid
2491)
I'm using kamailio from git. its updated to the latest.
Thanks in advance.
4520
days inactive
4522
days old
11 comments
4 participants
participants (4)
-
Aft nix -
Daniel-Constantin Mierla -
Klaus Darilion -
Peter Dunkley