18 Feb
2010
18 Feb
'10
10:25 a.m.
Hello friendsm,
I am testing TLS feature of both kamailio and Sipp.
I first downloaded kamailio 1.5.x TLS supported version, uncommented TLS=1
from Makefiel and then build the kamailio.
first i test kamailio without TLS with sipp for registration and
everything works file.
Then i follow "http://www.kamailio.org/docs/tls-devel.html" and creates
rootCA, user certificates and all configuration parameters to kamailio.cfg
file
Config paras are as below:
/* uncomment the following lines to enable TLS support (default off) */
disable_tls = no
listen = tls:172.16.16.218:5091
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 1
tls_method = TLSv1
tls_certificate =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-cert.pem"
tls_private_key =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-privkey.pem"
tls_ca_list =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-calist.pem"
and restart kamailio server
It works and i can see via netstat on port 5091.
but when i starts sipp it gives me following error.
[hemanshu@localhost sipp.3.1]$ ./sipp -sf ./data/rauth.xml -inf
./data/user.csv -r 1 -m 1 -trace_err -trace_stat -nd -fd 1 -i
172.16.16.218 172.16.16.218:5091 -t l1
2010-02-18 13:51:40:244 1266481300.244432: FI_init_ssl_context:
SSL_CTX_use_certificate_file failed.
I know i have built sipp with TLS support, then i can not figure out where
is the problem.
Sipp says user certification file failed ..but client doesnt need any
certification file...or does it?
i even tried with tls_verify_client = 1 , tls_require_client_certificate
= 1, playing with different combinations...but still same ans.
Can anyone suggest me what could be wrong?
Have i made any mistake in configuring kamailio or theres some problem in
SIPP.
--
Regards,
Hemanshu Patel
M: 09601295238
18 Feb
18 Feb
11:08 a.m.
i had created user certificate during process,which i set in kamailio
config file.
When i gave same certificate and private key to sipp...then it works..
but i am not sure if this is the right way.
Becaue i also for testing created another certificates signed by same
rootCA, and when imported those to sipp....they didnt work...
i am confused...that am i using TLS the way it should be or not?
can anyone suggest some nice docs/tutorials about TLS? pls dont just give
me google results..
--
Regards,
Hemanshu Patel
M: 09601295238
Hello friendsm,
I am testing TLS feature of both kamailio and Sipp.
I first downloaded kamailio 1.5.x TLS supported version, uncommented TLS=1
from Makefiel and then build the kamailio.
first i test kamailio without TLS with sipp for registration and
everything works file.
Then i follow "http://www.kamailio.org/docs/tls-devel.html" and creates
rootCA, user certificates and all configuration parameters to kamailio.cfg
file
Config paras are as below:
/* uncomment the following lines to enable TLS support (default off) */
disable_tls = no
listen = tls:172.16.16.218:5091
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 1
tls_method = TLSv1
tls_certificate =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-cert.pem"
tls_private_key =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-privkey.pem"
tls_ca_list =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-calist.pem"
and restart kamailio server
It works and i can see via netstat on port 5091.
but when i starts sipp it gives me following error.
[hemanshu@localhost sipp.3.1]$ ./sipp -sf ./data/rauth.xml -inf
./data/user.csv -r 1 -m 1 -trace_err -trace_stat -nd -fd 1 -i
172.16.16.218 172.16.16.218:5091 -t l1
2010-02-18 13:51:40:244 1266481300.244432: FI_init_ssl_context:
SSL_CTX_use_certificate_file failed.
I know i have built sipp with TLS support, then i can not figure out where
is the problem.
Sipp says user certification file failed ..but client doesnt need any
certification file...or does it?
i even tried with tls_verify_client = 1 , tls_require_client_certificate
= 1, playing with different combinations...but still same ans.
Can anyone suggest me what could be wrong?
Have i made any mistake in configuring kamailio or theres some problem in
SIPP.
--
Regards,
Hemanshu Patel
M: 09601295238
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
11:21 a.m.
though it shows everything is working fine from sipp end...
my capacity with sipp+tls is around 20% to normal sipp.
i mean normal kamailio without tls.
ant kamailio log gives this error:
18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL
i had created user certificate during process,which i set in kamailio
config file.
When i gave same certificate and private key to sipp...then it works..
but i am not sure if this is the right way.
Becaue i also for testing created another certificates signed by same
rootCA, and when imported those to sipp....they didnt work...
i am confused...that am i using TLS the way it should be or not?
can anyone suggest some nice docs/tutorials about TLS? pls dont just give
me google results..
--
Regards,
Hemanshu Patel
M: 09601295238
--
Regards,
Hemanshu Patel
M: 09601295238
Hello friendsm,
I am testing TLS feature of both kamailio and Sipp.
I first downloaded kamailio 1.5.x TLS supported version, uncommented
TLS=1
from Makefiel and then build the kamailio.
first i test kamailio without TLS with sipp for registration and
everything works file.
Then i follow "http://www.kamailio.org/docs/tls-devel.html" and creates
rootCA, user certificates and all configuration parameters to
kamailio.cfg
file
Config paras are as below:
/* uncomment the following lines to enable TLS support (default off) */
disable_tls = no
listen = tls:172.16.16.218:5091
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 1
tls_method = TLSv1
tls_certificate =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-cert.pem"
tls_private_key =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-privkey.pem"
tls_ca_list =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-calist.pem"
and restart kamailio server
It works and i can see via netstat on port 5091.
but when i starts sipp it gives me following error.
[hemanshu@localhost sipp.3.1]$ ./sipp -sf ./data/rauth.xml -inf
./data/user.csv -r 1 -m 1 -trace_err -trace_stat -nd -fd 1 -i
172.16.16.218 172.16.16.218:5091 -t l1
2010-02-18 13:51:40:244 1266481300.244432: FI_init_ssl_context:
SSL_CTX_use_certificate_file failed.
I know i have built sipp with TLS support, then i can not figure out
where
is the problem.
Sipp says user certification file failed ..but client doesnt need any
certification file...or does it?
i even tried with tls_verify_client = 1 ,
tls_require_client_certificate
= 1, playing with different combinations...but still same ans.
Can anyone suggest me what could be wrong?
Have i made any mistake in configuring kamailio or theres some problem
in
SIPP.
--
Regards,
Hemanshu Patel
M: 09601295238
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
11:50 a.m.
You could try using kamailio 3.0 which has a reworked TLS implementation
which might work better.
Also, it may be that the problem is on SIPp side. I tested sipp with TLS
some years ago and it was not stable.
You could try with pjsip-perf - it should be rather easy to extend it to
TLS (http://www.pjsip.org/pjsip/docs/html/page_pjsip_perf_c.htm)
Naother approach would be to test TLS between Kamailio and Kamailio:
sipp ---UDP----> Kamailio ----TLS-----> Kamailio
regards
klaus
Am 18.02.2010 10:21, schrieb Hemanshu Patel:
though it shows everything is working fine from sipp
end...
my capacity with sipp+tls is around 20% to normal sipp.
i mean normal kamailio without tls.
ant kamailio log gives this error:
18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL
i had created user certificate during process,which i set in kamailio
config file.
When i gave same certificate and private key to sipp...then it works..
but i am not sure if this is the right way.
Becaue i also for testing created another certificates signed by same
rootCA, and when imported those to sipp....they didnt work...
i am confused...that am i using TLS the way it should be or not?
can anyone suggest some nice docs/tutorials about TLS? pls dont just give
me google results..
--
Regards,
Hemanshu Patel
M: 09601295238
Hello friendsm,
I am testing TLS feature of both kamailio and Sipp.
I first downloaded kamailio 1.5.x TLS supported version, uncommented
TLS=1
from Makefiel and then build the kamailio.
first i test kamailio without TLS with sipp for registration and
everything works file.
Then i follow "http://www.kamailio.org/docs/tls-devel.html" and creates
rootCA, user certificates and all configuration parameters to
kamailio.cfg
file
Config paras are as below:
/* uncomment the following lines to enable TLS support (default off) */
disable_tls = no
listen = tls:172.16.16.218:5091
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 1
tls_method = TLSv1
tls_certificate =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-cert.pem"
tls_private_key =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-privkey.pem"
tls_ca_list =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-calist.pem"
and restart kamailio server
It works and i can see via netstat on port 5091.
but when i starts sipp it gives me following error.
[hemanshu@localhost sipp.3.1]$ ./sipp -sf ./data/rauth.xml -inf
./data/user.csv -r 1 -m 1 -trace_err -trace_stat -nd -fd 1 -i
172.16.16.218 172.16.16.218:5091 -t l1
2010-02-18 13:51:40:244 1266481300.244432: FI_init_ssl_context:
SSL_CTX_use_certificate_file failed.
I know i have built sipp with TLS support, then i can not figure out
where
is the problem.
Sipp says user certification file failed ..but client doesnt need any
certification file...or does it?
i even tried with tls_verify_client = 1 ,
tls_require_client_certificate
= 1, playing with different combinations...but still same ans.
Can anyone suggest me what could be wrong?
Have i made any mistake in configuring kamailio or theres some problem
in
SIPP.
--
Regards,
Hemanshu Patel
M: 09601295238
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
12:14 p.m.
One more thing i notice is that kamailio currently support TLS over TCP only.
but even when i am firing register request at cps of say 300... it doesnt
show me 300 tcp connection. It shows just 2 - 5 tcp connection.
Can anyone give any explanation about the same?
--
Regards,
Hemanshu Patel
M: 09601295238
i had created user certificate during process,which i set in kamailio
config file.
When i gave same certificate and private key to sipp...then it works..
but i am not sure if this is the right way.
Becaue i also for testing created another certificates signed by same
rootCA, and when imported those to sipp....they didnt work...
i am confused...that am i using TLS the way it should be or not?
can anyone suggest some nice docs/tutorials about TLS? pls dont just give
me google results..
--
Regards,
Hemanshu Patel
M: 09601295238
Hello friendsm,
I am testing TLS feature of both kamailio and Sipp.
I first downloaded kamailio 1.5.x TLS supported version, uncommented
TLS=1
from Makefiel and then build the kamailio.
first i test kamailio without TLS with sipp for registration and
everything works file.
Then i follow "http://www.kamailio.org/docs/tls-devel.html" and creates
rootCA, user certificates and all configuration parameters to
kamailio.cfg
file
Config paras are as below:
/* uncomment the following lines to enable TLS support (default off) */
disable_tls = no
listen = tls:172.16.16.218:5091
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 1
tls_method = TLSv1
tls_certificate =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-cert.pem"
tls_private_key =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-privkey.pem"
tls_ca_list =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-calist.pem"
and restart kamailio server
It works and i can see via netstat on port 5091.
but when i starts sipp it gives me following error.
[hemanshu@localhost sipp.3.1]$ ./sipp -sf ./data/rauth.xml -inf
./data/user.csv -r 1 -m 1 -trace_err -trace_stat -nd -fd 1 -i
172.16.16.218 172.16.16.218:5091 -t l1
2010-02-18 13:51:40:244 1266481300.244432: FI_init_ssl_context:
SSL_CTX_use_certificate_file failed.
I know i have built sipp with TLS support, then i can not figure out
where
is the problem.
Sipp says user certification file failed ..but client doesnt need any
certification file...or does it?
i even tried with tls_verify_client = 1 ,
tls_require_client_certificate
= 1, playing with different combinations...but still same ans.
Can anyone suggest me what could be wrong?
Have i made any mistake in configuring kamailio or theres some problem
in
SIPP.
--
Regards,
Hemanshu Patel
M: 09601295238
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
6:52 p.m.
Am 18.02.2010 11:14, schrieb Hemanshu Patel:
One more thing i notice is that kamailio currently
support TLS over TCP only.
but even when i am firing register request at cps of say 300... it doesnt
show me 300 tcp connection. It shows just 2 - 5 tcp connection.
Can anyone give any explanation about the same?
you can configure in sipp if it should create new TCP connections for
each scenario or not.
klaus
19 Feb
19 Feb
7:33 a.m.
yes klaus
i know a command line option
say if i use -t l1 it creates only one connection for all reg messages but
if i use -t ln it will create (at least on documents) separate connection
for each and every REGISTER message.
I am using the latter one still getting 2 - 5 connection......
--
Regards,
Hemanshu Patel
M: 09601295238
Am 18.02.2010 11:14, schrieb Hemanshu Patel:
One more thing i notice is that kamailio
currently support TLS over TCP
only.
but even when i am firing register request at cps of say 300... it
doesnt
show me 300 tcp connection. It shows just 2 - 5 tcp connection.
Can anyone give any explanation about the same?
you can configure in sipp if it should create new TCP connections for
each scenario or not.
klaus
10:58 a.m.
Am 19.02.2010 06:33, schrieb Hemanshu Patel:
yes klaus
i know a command line option
say if i use -t l1 it creates only one connection for all reg messages but
if i use -t ln it will create (at least on documents) separate connection
for each and every REGISTER message.
I am using the latter one still getting 2 - 5 connection......
Then it must be a problem within sipp, as sipp shoudl optn the TCP
connections.
klaus
5393
days inactive
5394
days old
7 comments
2 participants
participants (2)
-
Hemanshu Patel -
Klaus Darilion