6 Jan
2021
6 Jan
'21
11:47 p.m.
Hello community,
I am having trouble establishing SIP signaling between MsTeams and
Kamailio. I currently have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier
(GoDaddy), however I see these errors in the / var / log / messages of the
Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:389]: mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:392]: mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib
compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
-DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
low memory) workaround enabled (on low memory tls operations will fail
preemptively) with free memory thresholds 13107200 and 6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg
size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially
212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally
425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
handler for socket [:0], server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
*Willy Valles Rios*
*Unified Communications Specialist*
phone: +51955747343
em@il: willyvalles17(a)gmail.com
6 Jan
6 Jan
11:53 p.m.
I can confirm it works with a letsencrypt cert. you can also test with
putting the yesses to no ;)
Op wo 6 jan. 2021 om 21:48 schreef Willy Valles Rios <
willyvalles17(a)gmail.com>
Hello community,
I am having trouble establishing SIP signaling between MsTeams and
Kamailio. I currently have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier
(GoDaddy), however I see these errors in the / var / log / messages of the
Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:389]: mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:392]: mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib
compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
-DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
low memory) workaround enabled (on low memory tls operations will fail
preemptively) with free memory thresholds 13107200 and 6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg
size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially
212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally
425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
handler for socket [:0], server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
*Willy Valles Rios*
*Unified Communications Specialist*
phone: +51955747343
em@il: willyvalles17(a)gmail.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
7 Jan
7 Jan
12:09 a.m.
HI - Also make sure you have the full chain of certificates included in the
certificate file.
10:52 a.m.
Does this happen when Kamailio connects to MS Teams? The logs indicate
the received TLS certificate is not trusted:
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
You can set debug=3 in kamailio.cfg and see if the DEBUG messages
provide more hints. For me it worked fine with Letsencrypt certs in
Kamailio and accepting what ever MS sent back. I used Debian 10 and
libssl 1.1.
Cheers,
Daniel
On 06.01.21 21:47, Willy Valles Rios wrote:
Hello community,
I am having trouble establishing SIP signaling between MsTeams and
Kamailio. I currently have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier
(GoDaddy), however I see these errors in the / var / log / messages of
the Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:389]: mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:392]: mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library
version "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos
support: on, zlib compression: on#012 compiler: gcc -I. -I..
-I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
-DGHASH_ASM -DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem
leaks on low memory) workaround enabled (on low memory tls operations
will fail preemptively) with free memory thresholds 13107200 and
6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has
been changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has
been changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 -
pkg size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is
initially 212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is
finally 425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name
callback handler for socket [:0], server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSs: Client MUST present
valid certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSc: Server MUST present
valid certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO:
jsonrpcs [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child
0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt
io watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error
reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error
reading - c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error
reading - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
_Willy Valles Rios_
*Unified Communications Specialist*
*
*
phone: +51955747343
em@il: willyvalles17(a)gmail.com <mailto:willyvalles17@gmail.com>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla
4:07 p.m.
I Used this tls.cfg
Use bc2025.pem as extra, Microsoft needs this…
And works fine on different Kamailio-msteams sbcs
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
server_name = sbc.combivoipdom.nl
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
Cheers Rob
Van: sr-users <sr-users-bounces(a)lists.kamailio.org> Namens Daniel-Constantin Mierla
Verzonden: donderdag 7 januari 2021 08:53
Aan: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>rg>; Willy Valles
Rios <willyvalles17(a)gmail.com>
CC: Carlos Mestanza T. <mestacart(a)gmail.com>
Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between MsTeams and
Kamailio
Does this happen when Kamailio connects to MS Teams? The logs indicate the received TLS
certificate is not trusted:
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide more hints. For
me it worked fine with Letsencrypt certs in Kamailio and accepting what ever MS sent back.
I used Debian 10 and libssl 1.1.
Cheers,
Daniel
On 06.01.21 21:47, Willy Valles Rios wrote:
Hello community,
I am having trouble establishing SIP signaling between MsTeams and Kamailio. I currently
have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier (GoDaddy), however I
see these errors in the / var / log / messages of the Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:389]:
mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:392]:
mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:722]:
tls_h_mod_init_f(): compiled with openssl version "OpenSSL 1.0.2k-fips 26 Jan
2017" (0x100020bf), kerberos support: on, compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:730]:
tls_h_mod_init_f(): installed openssl library version "OpenSSL 1.0.2k-fips 26 Jan
2017" (0x100020bf), kerberos support: on, zlib compression: on#012 compiler: gcc -I.
-I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64
-mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls [tls_init.c:787]:
tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled
(on low memory tls operations will fail preemptively) with free memory thresholds 13107200
and 6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]:
cfg_set_now(): tls.low_mem_threshold1 has been changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]:
cfg_set_now(): tls.low_mem_threshold2 has been changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [main.c:2834]: main():
processes (at least): 25 - shm size: 67108864 - pkg size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:154]:
probe_max_receive_buffer(): SO_RCVBUF is initially 212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:206]:
probe_max_receive_buffer(): SO_RCVBUF is finally 425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]:
ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]:
ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]:
ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]:
ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]:
ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]:
ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]:
ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]:
ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]:
ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]:
ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls [tls_domain.c:1107]:
ksr_tls_fix_domain(): registered server_name callback handler for socket [:0],
server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]:
set_verification(): TLSs: Client MUST present valid certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]:
ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]:
ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]:
ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]:
ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]:
ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]:
ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]:
ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]:
ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]:
ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]:
ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]:
set_verification(): TLSc: Server MUST present valid certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl [io_listener.c:214]:
io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150
(-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242d9278 r: 0x7f45242d93a0
(-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150
(-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
Willy Valles Rios
Unified Communications Specialist
phone: +51955747343
em@il: willyvalles17(a)gmail.com <mailto:willyvalles17@gmail.com>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org <mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com>
www.twitter.com/miconda <http://www.twitter.com/miconda> --
www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
Funding: https://www.paypal.me/dcmierla
11:41 p.m.
I am a friend of Willy and we are doing this integration, today I create
wildcard certificates in letsencrypt, for this use acme.sh and integrate it
with the DNS CLOUDNS provider, the certificates were generated
successfully, we replace the old ones, in the LOGs it gives us
understanding q accept the certificates.
[image: image.png]
[image: image.png]
But he has the same messages.
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc14a8cf8 r: 0x7fdfc14a8e20 (-1)
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.7.24
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1)
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1)
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc1494d20 r: 0x7fdfc1494e48 (-1)
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Atentamente
*Adalberto Carlos Mestanza T.*
El jue, 7 ene 2021 a las 8:08, <rob.van.den.bulk(a)gmail.com> escribió:
I Used this tls.cfg
Use bc2025.pem as extra, Microsoft needs this…
And works fine on different Kamailio-msteams sbcs
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
server_name = sbc.combivoipdom.nl
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
Cheers Rob
*Van:* sr-users <sr-users-bounces(a)lists.kamailio.org> *Namens *Daniel-Constantin
Mierla
*Verzonden:* donderdag 7 januari 2021 08:53
*Aan:* Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>rg>;
Willy Valles Rios <willyvalles17(a)gmail.com>
*CC:* Carlos Mestanza T. <mestacart(a)gmail.com>
*Onderwerp:* Re: [SR-Users] Problems establishing SIP signaling between
MsTeams and Kamailio
Does this happen when Kamailio connects to MS Teams? The logs indicate the
received TLS certificate is not trusted:
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide
more hints. For me it worked fine with Letsencrypt certs in Kamailio and
accepting what ever MS sent back. I used Debian 10 and libssl 1.1.
Cheers,
Daniel
On 06.01.21 21:47, Willy Valles Rios wrote:
Hello community,
I am having trouble establishing SIP signaling between MsTeams and
Kamailio. I currently have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier
(GoDaddy), however I see these errors in the / var / log / messages of the
Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:389]: mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:392]: mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib
compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
-DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
low memory) workaround enabled (on low memory tls operations will fail
preemptively) with free memory thresholds 13107200 and 6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg
size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially
212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally
425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
handler for socket [:0], server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
*Willy Valles Rios*
*Unified Communications Specialist*
phone: +51955747343
em@il: willyvalles17(a)gmail.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla
8 Jan
8 Jan
12:32 a.m.
Thanks Cheers Rob,
Protocol error messages are no longer displayed when adding the bc2025.pem
file, but entering the command "kamcmd dispatcher.list | egrep" URI | FLAGS
"shows us:
URI: sip: sip.pstnhub.microsoft.com; transport = tls
FLAGS: IP
URI: sip:
sip2.pstnhub.microsoft.com; transport = tls
FLAGS: IP
URI: sip:
sip3.pstnhub.microsoft.com; transport = tls
FLAGS: IP
Is there something else that needs to be done?
Atentamente
*Adalberto Carlos Mestanza T.*
El jue, 7 ene 2021 a las 15:41, Carlos Mestanza T. (<mestacart(a)gmail.com>)
escribió:
I am a friend of Willy and we are doing this
integration, today I create
wildcard certificates in letsencrypt, for this use acme.sh and integrate it
with the DNS CLOUDNS provider, the certificates were generated
successfully, we replace the old ones, in the LOGs it gives us
understanding q accept the certificates.
[image: image.png]
[image: image.png]
But he has the same messages.
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc14a8cf8 r: 0x7fdfc14a8e20 (-1)
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.7.24
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1)
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc1424528 r: 0x7fdfc1424650 (-1)
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fdfc1494d20 r: 0x7fdfc1494e48 (-1)
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Atentamente
*Adalberto Carlos Mestanza T.*
El jue, 7 ene 2021 a las 8:08, <rob.van.den.bulk(a)gmail.com> escribió:
> I Used this tls.cfg
>
>
>
> Use bc2025.pem as extra, Microsoft needs this…
>
>
>
> And works fine on different Kamailio-msteams sbcs
>
>
>
>
>
> [server:default]
>
> method = TLSv1.2+
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
>
> certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
>
> ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
>
> server_name = sbc.combivoipdom.nl
>
>
>
> [client:default]
>
> method = TLSv1.2+
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
>
> certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
>
> ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
>
>
>
>
>
>
>
> Cheers Rob
>
>
>
> *Van:* sr-users <sr-users-bounces(a)lists.kamailio.org> *Namens
*Daniel-Constantin
> Mierla
> *Verzonden:* donderdag 7 januari 2021 08:53
> *Aan:* Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>rg>;
> Willy Valles Rios <willyvalles17(a)gmail.com>
> *CC:* Carlos Mestanza T. <mestacart(a)gmail.com>
> *Onderwerp:* Re: [SR-Users] Problems establishing SIP signaling between
> MsTeams and Kamailio
>
>
>
> Does this happen when Kamailio connects to MS Teams? The logs indicate
> the received TLS certificate is not trusted:
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
>
>
> You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide
> more hints. For me it worked fine with Letsencrypt certs in Kamailio and
> accepting what ever MS sent back. I used Debian 10 and libssl 1.1.
>
>
>
> Cheers,
> Daniel
>
>
>
> On 06.01.21 21:47, Willy Valles Rios wrote:
>
> Hello community,
>
>
>
> I am having trouble establishing SIP signaling between MsTeams and
> Kamailio. I currently have this configuration in my tls.cfg file
>
>
>
> [server: default]
>
> method = TLSv1.2 +
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/certificates/private-key.pem
>
> certificate = /etc/kamailio/certificates/certificate.pem
>
>
>
> [client: default]
>
> method = TLSv1.2 +
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/certificates/private-key.pem
>
> certificate = /etc/kamailio/certificates/certificate.pem
>
>
>
> My domain was certified with ssl through an authoritative certifier
> (GoDaddy), however I see these errors in the / var / log / messages of the
> Kamailio server.
>
>
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_mod.c:389]: mod_init(): With ECDH-Support!
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_mod.c:392]: mod_init(): With Diffie Hellman
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
> "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
> compression: on
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
> "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib
> compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
> -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
> -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
> -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
> -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
> -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
> -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
> -DECP_NISTZ256_ASM
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
> [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
> low memory) workaround enabled (on low memory tls operations will fail
> preemptively) with free memory thresholds 13107200 and 6553600 bytes
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
> changed to 13107200
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
> changed to 6553600
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg
> size: 4194304
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially
> 212992
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally
> 425984
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
> certificate='/etc/kamailio/certificados/certificate.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
> private_key='/etc/kamailio/certificados/private-key.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
> [tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
> handler for socket [:0], server_name='' ...
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid
> certificate
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
> certificate='/etc/kamailio/certificados/certificate.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
> private_key='/etc/kamailio/certificados/private-key.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid
> certificate
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
> [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
> [io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
> watch method (config)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
> - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
> - c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
> - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
>
>
>
> Could you help me identify the problem please.
>
>
>
> Cheers
>
>
>
> Saludos Cordiales
>
> --
>
> *Willy Valles Rios*
>
> *Unified Communications Specialist*
>
>
>
> phone: +51955747343
>
> em@il: willyvalles17(a)gmail.com
>
>
>
> _______________________________________________
>
> Kamailio (SER) - Users Mailing List
>
> sr-users(a)lists.kamailio.org
>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
>
> Daniel-Constantin Mierla -- www.asipto.com
>
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>
> Funding: https://www.paypal.me/dcmierla
>
>
9 Jan
9 Jan
5:46 p.m.
Hallo, warning from Microsoft is "normal" till the first calls are established.
Sent from mobile, with due apologies for brevity and errors. Rob van den Bulk
________________________________
From: Carlos Mestanza T. <mestacart(a)gmail.com>
Sent: Thursday, January 7, 2021 9:41:44 PM
To: rob.van.den.bulk(a)gmail.com <rob.van.den.bulk(a)gmail.com>
Cc: miconda(a)gmail.com <miconda(a)gmail.com>om>; Kamailio (SER) - Users Mailing List
<sr-users(a)lists.kamailio.org>
Subject: Re: [SR-Users] Problems establishing SIP signaling between MsTeams and Kamailio
I am a friend of Willy and we are doing this integration, today I create wildcard
certificates in letsencrypt, for this use acme.sh and integrate it with the DNS CLOUDNS
provider, the certificates were generated successfully, we replace the old ones, in the
LOGs it gives us understanding q accept the certificates.
[image.png]
[image.png]
But he has the same messages.
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.132.46
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24810]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c:
0x7fdfc14a8cf8 r: 0x7fdfc14a8e20 (-1)
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.7.24
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:32:57 Kamailio-Server /usr/sbin/kamailio[24811]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c:
0x7fdfc1424528 r: 0x7fdfc1424650 (-1)
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.75.24
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:33:06 Kamailio-Server /usr/sbin/kamailio[24804]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c:
0x7fdfc1424528 r: 0x7fdfc1424650 (-1)
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.132.46
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24805]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c:
0x7fdfc1494d20 r: 0x7fdfc1494e48 (-1)
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.14.70
Jan 7 15:33:07 Kamailio-Server /usr/sbin/kamailio[24806]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Atentamente
Adalberto Carlos Mestanza T.
El jue, 7 ene 2021 a las 8:08,
<rob.van.den.bulk@gmail.com<mailto:rob.van.den.bulk@gmail.com>> escribió:
I Used this tls.cfg
Use bc2025.pem as extra, Microsoft needs this…
And works fine on different Kamailio-msteams sbcs
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
server_name = sbc.combivoipdom.nl<http://sbc.combivoipdom.nl>
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
Cheers Rob
Van: sr-users
<sr-users-bounces@lists.kamailio.org<mailto:sr-users-bounces@lists.kamailio.org>>
Namens Daniel-Constantin Mierla
Verzonden: donderdag 7 januari 2021 08:53
Aan: Kamailio (SER) - Users Mailing List
<sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>>; Willy
Valles Rios <willyvalles17@gmail.com<mailto:willyvalles17@gmail.com>>
CC: Carlos Mestanza T. <mestacart@gmail.com<mailto:mestacart@gmail.com>>
Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between MsTeams and
Kamailio
Does this happen when Kamailio connects to MS Teams? The logs indicate the received TLS
certificate is not trusted:
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide more hints. For
me it worked fine with Letsencrypt certs in Kamailio and accepting what ever MS sent back.
I used Debian 10 and libssl 1.1.
Cheers,
Daniel
On 06.01.21 21:47, Willy Valles Rios wrote:
Hello community,
I am having trouble establishing SIP signaling between MsTeams and Kamailio. I currently
have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier (GoDaddy), however I
see these errors in the / var / log / messages of the Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:389]:
mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:392]:
mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:722]:
tls_h_mod_init_f(): compiled with openssl version "OpenSSL 1.0.2k-fips 26 Jan
2017" (0x100020bf), kerberos support: on, compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:730]:
tls_h_mod_init_f(): installed openssl library version "OpenSSL 1.0.2k-fips 26 Jan
2017" (0x100020bf), kerberos support: on, zlib compression: on#012 compiler: gcc -I.
-I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64
-mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls [tls_init.c:787]:
tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled
(on low memory tls operations will fail preemptively) with free memory thresholds 13107200
and 6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]:
cfg_set_now(): tls.low_mem_threshold1 has been changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]:
cfg_set_now(): tls.low_mem_threshold2 has been changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [main.c:2834]: main():
processes (at least): 25 - shm size: 67108864 - pkg size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:154]:
probe_max_receive_buffer(): SO_RCVBUF is initially 212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:206]:
probe_max_receive_buffer(): SO_RCVBUF is finally 425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]:
ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]:
ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]:
ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]:
ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]:
ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]:
ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]:
ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]:
ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]:
ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]:
ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls [tls_domain.c:1107]:
ksr_tls_fix_domain(): registered server_name callback handler for socket [:0],
server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]:
set_verification(): TLSs: Client MUST present valid certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]:
ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]:
ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]:
ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]:
ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]:
ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]:
ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]:
ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]:
ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]:
ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]:
ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]:
set_verification(): TLSc: Server MUST present valid certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl [io_listener.c:214]:
io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150
(-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242d9278 r: 0x7f45242d93a0
(-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150
(-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
Willy Valles Rios
Unified Communications Specialist
phone: +51955747343
em@il: willyvalles17@gmail.com<mailto:willyvalles17@gmail.com>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com<http://www.asipto.com>
www.twitter.com/miconda<http://www.twitter.com/miconda> --
www.linkedin.com/in/miconda<http://www.linkedin.com/in/miconda>
Funding: https://www.paypal.me/dcmierla
27 Jan
27 Jan
3:20 a.m.
Hello Rob and Community,
After a while, I finally got the connection from my Kamailio server to
MsTeams and I can validate that the connection to MsTeams is in AP.
[root @ kamailio-server kamailio] # kamcmd dispatcher.list | egrep "URI |
FLAGS"
URI: sip: sip.pstnhub.microsoft.com;
transport = tls
FLAGS: AP
However, from the admin panel of MsTeams (Direct Routing) I see that the
connection to my sbc "sbc.netvoiceperu.com" is with TLS connectivity status
in "Active" but the SIP options status is in "Warning".
I have made calls from MsTeams thinking that the SIP options status would
change to "active" but it is still in "Warning" state. On the other
hand, I
have enabled a siptrace in Kamailio and verify that the SIP OPTIONS from
kamailio are being sent in the following format to MsTeams.
OPTIONS sip: sip.pstnhub.microsoft.com; transport = tls SIP / 2.0
Via: SIP / 2.0 / TLS
161.35.44.66:5061;branch=z9hG4bKea07.52224687000000000000000000000000.0
To: <sip: sip.pstnhub.microsoft.com; transport = tls>
From: <sip: sbc.netvoiceperu.com>; tag =
d3569c818b500aeb8c373426e76c2884-81763c71
CSeq: 10 OPTIONS
Call-ID: 13ea237a751e0c48-9148(a)161.35.44.66
Max-Forwards: 70
Content-Length: 0
User-Agent: kamailio (5.4.0 (x86_64 / linux))
As you can see, the SIP OPTIONS sent from Kamailio to MsTeams does not
contain the "Contact" field, which in theory said "Contact" field
should
have been added by Kamailio according to the configuration added in
kamailio.cfg
event_route [tm: local-request] {
sip_trace ();
if (is_method ("OPTIONS") && $ ru = ~
"pstnhub.microsoft.com") {
append_hf ("Contact: <sip: sbc.netvoiceperu.com: 5061;
transport = tls> \ r \ n");
}
xlog ("L_INFO", "Sent out tm request: $ mb \ n");
}
As additional information, I inform you that I also managed to observe the
SIP OPTIONS that MsTeams sends to Kamailio.
OPTIONS sip: sbc.netvoiceperu.com: 5061; transport = tls SIP / 2.0
FROM: <sip: sip-du-a-eu.pstnhub.microsoft.com: 5061>; tag =
f1bdeb5f-662f-4544-a436-e9aa9ad78da4
TO: <sip: sbc.netvoiceperu.com>
CSEQ: 1 OPTIONS
CALL-ID: c47e2782-16c3-49cb-8931-24e9709d260a
MAX-FORWARDS: 70
VIA: SIP / 2.0 / TLS 52.114.75.24:5061;branch=z9hG4bK48b0e6be
CONTACT: <sip: sip-du-a-eu.pstnhub.microsoft.com: 5061>
CONTENT-LENGTH: 0
USER-AGENT: Microsoft.PSTNHub.SIPProxy v.2021.1.15.7 i.EUWE.10
ALLOW: INVITE, ACK, OPTIONS, CANCEL, BYE, NOTIFY
However I don't see the 200 OK SIP responses from Kamailio to MsTeams.
I think this may be the reason why I see the SIP OPTIONS status in "Warning"
from the MsTeams panel. Maybe the contact field is not being added in the
SIP OPTIONS messages that Kamailio sends to MsTeams and for that reason I
don't see 200OK responses from MsTeams.
Could you help me solve this please.
Cheers
--
Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
3:20 p.m.
https://skalatan.de/en/blog/kamailio-sbc-teams
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~
"pstnhub.microsoft.com") {
append_hf("Contact:
<sip:dc-sbc.skalatan.de:5061;transport=tls>\r\n");
}
xlog("L_INFO", "Sent out tm request: $mb\n");
}
-----Oorspronkelijk bericht-----
Van: sr-users <sr-users-bounces(a)lists.kamailio.org> Namens wvalles
Verzonden: woensdag 27 januari 2021 01:21
Aan: sr-users(a)lists.sip-router.org
Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between
MsTeams and Kamailio
Hello Rob and Community,
After a while, I finally got the connection from my Kamailio server to
MsTeams and I can validate that the connection to MsTeams is in AP.
[root @ kamailio-server kamailio] # kamcmd dispatcher.list | egrep "URI |
FLAGS"
URI: sip: sip.pstnhub.microsoft.com;
transport = tls
FLAGS: AP
However, from the admin panel of MsTeams (Direct Routing) I see that the
connection to my sbc "sbc.netvoiceperu.com" is with TLS connectivity status
in "Active" but the SIP options status is in "Warning".
I have made calls from MsTeams thinking that the SIP options status would
change to "active" but it is still in "Warning" state. On the other
hand, I
have enabled a siptrace in Kamailio and verify that the SIP OPTIONS from
kamailio are being sent in the following format to MsTeams.
OPTIONS sip: sip.pstnhub.microsoft.com; transport = tls SIP / 2.0
Via: SIP / 2.0 / TLS
161.35.44.66:5061;branch=z9hG4bKea07.52224687000000000000000000000000.0
To: <sip: sip.pstnhub.microsoft.com; transport = tls>
From: <sip: sbc.netvoiceperu.com>; tag =
d3569c818b500aeb8c373426e76c2884-81763c71
CSeq: 10 OPTIONS
Call-ID: 13ea237a751e0c48-9148(a)161.35.44.66
Max-Forwards: 70
Content-Length: 0
User-Agent: kamailio (5.4.0 (x86_64 / linux))
As you can see, the SIP OPTIONS sent from Kamailio to MsTeams does not
contain the "Contact" field, which in theory said "Contact" field
should
have been added by Kamailio according to the configuration added in
kamailio.cfg
event_route [tm: local-request] {
sip_trace ();
if (is_method ("OPTIONS") && $ ru = ~
"pstnhub.microsoft.com") {
append_hf ("Contact: <sip: sbc.netvoiceperu.com: 5061;
transport = tls> \ r \ n");
}
xlog ("L_INFO", "Sent out tm request: $ mb \ n"); }
As additional information, I inform you that I also managed to observe the
SIP OPTIONS that MsTeams sends to Kamailio.
OPTIONS sip: sbc.netvoiceperu.com: 5061; transport = tls SIP / 2.0
FROM: <sip: sip-du-a-eu.pstnhub.microsoft.com: 5061>; tag =
f1bdeb5f-662f-4544-a436-e9aa9ad78da4
TO: <sip: sbc.netvoiceperu.com>
CSEQ: 1 OPTIONS
CALL-ID: c47e2782-16c3-49cb-8931-24e9709d260a
MAX-FORWARDS: 70
VIA: SIP / 2.0 / TLS 52.114.75.24:5061;branch=z9hG4bK48b0e6be
CONTACT: <sip: sip-du-a-eu.pstnhub.microsoft.com: 5061>
CONTENT-LENGTH: 0
USER-AGENT: Microsoft.PSTNHub.SIPProxy v.2021.1.15.7 i.EUWE.10
ALLOW: INVITE, ACK, OPTIONS, CANCEL, BYE, NOTIFY
However I don't see the 200 OK SIP responses from Kamailio to MsTeams.
I think this may be the reason why I see the SIP OPTIONS status in "Warning"
from the MsTeams panel. Maybe the contact field is not being added in the
SIP OPTIONS messages that Kamailio sends to MsTeams and for that reason I
don't see 200OK responses from MsTeams.
Could you help me solve this please.
Cheers
--
Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
28 Jan
28 Jan
5:57 a.m.
Hello Rob and Community,
I comment that this configuration if I have it added in my kamailio.cfg in
this way.
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~
"pstnhub.microsoft.com") {
append_hf("Contact:
<sip:sbc.netvoiceperu.com:5061;transport=tls>\r\n");
}
xlog("L_INFO", "Sent out tm request: $mb\n");
}
In fact I have also followed the guide from
"https://skalatan.de/en/blog/kamailio-sbc-teams", however I still can't
establish the connection between MsTeams and Kamailio correctly. As I said
in the previous comment, from Kamailio I see that the flag towards MsTeams
is in AP. But from MsTeams I see that the "Sip Options Status" is in
Warning.
Additionally, through Kamailio's sip_trace, I don't see Kamailio's SIP
OPTIONS 200 OK responses to MsTeams. Could you help me by taking a look at
my kamailio.cfg? Maybe there is an error in the configuration or something
additional is missing to correctly complete the signaling between Kamailio
and MsTeams. I attach my "kamailio.cfg".
Please your support everyone.
Cheers
kamailio.cfg
<http://sip-router.1086192.n5.nabble.com/file/t8092/kamailio.cfg>
--
Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
7:50 p.m.
# Event route for local generated requests
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") {
append_hf("Contact: <sip:$fd:5061;transport=tls>\r\n");
}
xdbg("sent out tm request: $mb\n");
}
-----Oorspronkelijk bericht-----
Van: sr-users <sr-users-bounces(a)lists.kamailio.org> Namens wvalles
Verzonden: donderdag 28 januari 2021 03:58
Aan: sr-users(a)lists.sip-router.org
Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between
MsTeams and Kamailio
Hello Rob and Community,
I comment that this configuration if I have it added in my kamailio.cfg in
this way.
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~
"pstnhub.microsoft.com") {
append_hf("Contact:
<sip:sbc.netvoiceperu.com:5061;transport=tls>\r\n");
}
xlog("L_INFO", "Sent out tm request: $mb\n"); }
In fact I have also followed the guide from
"https://skalatan.de/en/blog/kamailio-sbc-teams", however I still can't
establish the connection between MsTeams and Kamailio correctly. As I said
in the previous comment, from Kamailio I see that the flag towards MsTeams
is in AP. But from MsTeams I see that the "Sip Options Status" is in
Warning.
Additionally, through Kamailio's sip_trace, I don't see Kamailio's SIP
OPTIONS 200 OK responses to MsTeams. Could you help me by taking a look at
my kamailio.cfg? Maybe there is an error in the configuration or something
additional is missing to correctly complete the signaling between Kamailio
and MsTeams. I attach my "kamailio.cfg".
Please your support everyone.
Cheers
kamailio.cfg
<http://sip-router.1086192.n5.nabble.com/file/t8092/kamailio.cfg>
--
Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
8 Jan
8 Jan
5:54 a.m.
That certificate should already be present under the OS's trusted
certificates directory (debian and ubuntu certs are stored under
/etc/ssl/certs), maybe under a different name, and is required for
remote endpoint's certificate validation.
One can load a particular certificate or a list of certificates.
Multiple certificates can be concatenated into one single file as
stated in the documentation:
https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.ca_list
Hope this helps a little bit in understanding of the ca_list param.
Regards,
Ovidiu Sas
On Thu, Jan 7, 2021 at 8:10 AM <rob.van.den.bulk(a)gmail.com> wrote:
I Used this tls.cfg
Use bc2025.pem as extra, Microsoft needs this…
And works fine on different Kamailio-msteams sbcs
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
server_name = sbc.combivoipdom.nl
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
Cheers Rob
Van: sr-users <sr-users-bounces(a)lists.kamailio.org> Namens Daniel-Constantin
Mierla
Verzonden: donderdag 7 januari 2021 08:53
Aan: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>rg>; Willy
Valles Rios <willyvalles17(a)gmail.com>
CC: Carlos Mestanza T. <mestacart(a)gmail.com>
Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between MsTeams and
Kamailio
Does this happen when Kamailio connects to MS Teams? The logs indicate the received TLS
certificate is not trusted:
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide more hints. For
me it worked fine with Letsencrypt certs in Kamailio and accepting what ever MS sent back.
I used Debian 10 and libssl 1.1.
Cheers,
Daniel
On 06.01.21 21:47, Willy Valles Rios wrote:
Hello community,
I am having trouble establishing SIP signaling between MsTeams and Kamailio. I currently
have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier (GoDaddy), however I
see these errors in the / var / log / messages of the Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:389]:
mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:392]:
mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:722]:
tls_h_mod_init_f(): compiled with openssl version "OpenSSL 1.0.2k-fips 26 Jan
2017" (0x100020bf), kerberos support: on, compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:730]:
tls_h_mod_init_f(): installed openssl library version "OpenSSL 1.0.2k-fips 26 Jan
2017" (0x100020bf), kerberos support: on, zlib compression: on#012 compiler: gcc -I.
-I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64
-mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls [tls_init.c:787]:
tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled
(on low memory tls operations will fail preemptively) with free memory thresholds 13107200
and 6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]:
cfg_set_now(): tls.low_mem_threshold1 has been changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]:
cfg_set_now(): tls.low_mem_threshold2 has been changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [main.c:2834]: main():
processes (at least): 25 - shm size: 67108864 - pkg size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:154]:
probe_max_receive_buffer(): SO_RCVBUF is initially 212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:206]:
probe_max_receive_buffer(): SO_RCVBUF is finally 425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]:
ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]:
ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]:
ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]:
ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]:
ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]:
ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]:
ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]:
ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]:
ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]:
ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback handler for
socket [:0], server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]:
set_verification(): TLSs: Client MUST present valid certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]:
ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]:
ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]:
ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]:
ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]:
ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]:
ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]:
ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]:
ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]:
ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]:
ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]:
set_verification(): TLSc: Server MUST present valid certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl [io_listener.c:214]:
io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150
(-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242d9278 r: 0x7f45242d93a0
(-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150
(-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
Willy Valles Rios
Unified Communications Specialist
phone: +51955747343
em@il: willyvalles17(a)gmail.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
VoIP Embedded, Inc.
http://www.voipembedded.com
6:23 a.m.
Hello Rob and Kamailio Community,
I tell you to load the .pem certificate you attached as ca_list (in the
tls.cfg file) Finally, my file was like this.
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem
certificate = /etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem
server_name = sbc.netvoiceperu.com
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem
certificate = /etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem
After doing this I no longer got any error. Next I show the logs.
Jan 7 21:52:15 Kamailio-Server systemd: Started Kamailio (OpenSER) - the
Open Source SIP Server.
Jan 7 21:52:15 Kamailio-Server kamailio: INFO: tls [tls_init.c:503]:
init_tls_compression(): disabling compression...
Jan 7 21:52:15 Kamailio-Server kamailio: Listening on
Jan 7 21:52:15 Kamailio-Server kamailio: tls: 161.35.44.66:5061
Jan 7 21:52:15 Kamailio-Server kamailio: Aliases:
Jan 7 21:52:15 Kamailio-Server kamailio: tls: kamailio-server:5061
Jan 7 21:52:15 Kamailio-Server kamailio: INFO: <core>
[core/tcp_main.c:4983]: init_tcp(): using epoll_lt as the io watch method
(auto detected)
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_mod.c:389]: mod_init(): With ECDH-Support!
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_mod.c:392]: mod_init(): With Diffie Hellman
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
compression: on
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
zlib compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC
-DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
-Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM
-DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: WARNING: tls
[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
low memory) workaround enabled (on low memory tls operations will fail
preemptively) with free memory thresholds 8912896 and 4456448 bytes
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core>
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
changed to 8912896
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core>
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
changed to 4456448
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core>
[main.c:2834]: main(): processes (at least): 17 - shm size: 67108864 - pkg
size: 4194304
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs<default>: tls_method=22
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs<default>:
certificate='/etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem&#…
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs<default>:
ca_list='/etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs<default>: crl='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs<default>:
require_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs<default>:
cipher_list='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs<default>:
private_key='/etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs<default>:
verify_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs<default>: verify_depth=9
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs<default>: verify_client=0
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
handler for socket [:0], server_name='sbc.netvoiceperu.com' ...
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSs<default>: Client MUST present
valid certificate
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc<default>: tls_method=22
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc<default>:
certificate='/etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem&#…
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc<default>:
ca_list='/etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc<default>: crl='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc<default>:
require_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc<default>:
cipher_list='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc<default>:
private_key='/etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc<default>:
verify_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc<default>: verify_depth=9
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc<default>: verify_client=0
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSc<default>: Server MUST present
valid certificate
Jan 7 21:52:16 Kamailio-Server /usr/sbin/kamailio[29306]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/29306
Jan 7 21:52:16 Kamailio-Server /usr/sbin/kamailio[29308]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
watch method (config).
Also, I attach TLS communication flow between Microsoft and Kamailio (See
attached image "Flow TLS Certificate"). As you can see, the TLS
communication of the certificates is successful, however the SIP connection
to Microsoft is still status down.
[root@kamailio-server ~]# kamcmd dispatcher.list | egrep "URI|FLAGS"
URI: sip:sip.pstnhub.microsoft.com
;transport=tls
FLAGS: IP
URI: sip:sip2.pstnhub.microsoft.com
;transport=tls
FLAGS: IP
URI: sip:sip3.pstnhub.microsoft.com
;transport=tls
FLAGS: IP
Is it possible that I have an error or I am missing a configuration
parameter in the kamailio.cfg and dispatcher.list file?. Attached
kamailio.cfg and dispatcher.list
Please your great help to solve this.
Atentamente
*Adalberto Carlos Mestanza T.*
El jue, 7 ene 2021 a las 21:54, Ovidiu Sas (<osas(a)voipembedded.com>)
escribió:
That certificate should already be present under the
OS's trusted
certificates directory (debian and ubuntu certs are stored under
/etc/ssl/certs), maybe under a different name, and is required for
remote endpoint's certificate validation.
One can load a particular certificate or a list of certificates.
Multiple certificates can be concatenated into one single file as
stated in the documentation:
https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.ca_list
Hope this helps a little bit in understanding of the ca_list param.
Regards,
Ovidiu Sas
On Thu, Jan 7, 2021 at 8:10 AM <rob.van.den.bulk(a)gmail.com> wrote:
I Used this tls.cfg
Use bc2025.pem as extra, Microsoft needs this…
And works fine on different Kamailio-msteams sbcs
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate =
/etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
server_name = sbc.combivoipdom.nl
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate =
/etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
Cheers Rob
Van: sr-users <sr-users-bounces(a)lists.kamailio.org> Namens
Daniel-Constantin
Mierla
Verzonden: donderdag 7 januari 2021 08:53
Aan: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>rg>;
Willy Valles Rios <willyvalles17(a)gmail.com>
CC: Carlos Mestanza T.
<mestacart(a)gmail.com>
Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between
MsTeams and
Kamailio
Does this happen when Kamailio connects to MS Teams? The logs indicate
the
received TLS certificate is not trusted:
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
You can set debug=3 in kamailio.cfg and see if the DEBUG messages
provide more
hints. For me it worked fine with Letsencrypt certs in
Kamailio and accepting what ever MS sent back. I used Debian 10 and libssl
1.1.
Cheers,
Daniel
On 06.01.21 21:47, Willy Valles Rios wrote:
Hello community,
I am having trouble establishing SIP signaling between MsTeams and
Kamailio. I
currently have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier
(GoDaddy),
however I see these errors in the / var / log / messages of the
Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:389]: mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:392]: mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib
compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
-DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
low memory) workaround enabled (on low memory tls operations will fail
preemptively) with free memory thresholds 13107200 and 6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[main.c:2834]:
main(): processes (at least): 25 - shm size: 67108864 - pkg
size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially
212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally
425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
handler for socket [:0], server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
Willy Valles Rios
Unified Communications Specialist
phone: +51955747343
em@il: willyvalles17(a)gmail.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
VoIP Embedded, Inc.
http://www.voipembedded.com
6:26 a.m.
Hello Rob and Kamailio Community,
I tell you to load the .pem certificate you attached as ca_list (in the
tls.cfg file) Finally, my file was like this.
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem
certificate = /etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem
server_name = sbc.netvoiceperu.com
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem
certificate = /etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem
After doing this I no longer got any error. Next I show the logs.
Jan 7 21:52:15 Kamailio-Server systemd: Started Kamailio (OpenSER) - the
Open Source SIP Server.
Jan 7 21:52:15 Kamailio-Server kamailio: INFO: tls [tls_init.c:503]:
init_tls_compression(): disabling compression...
Jan 7 21:52:15 Kamailio-Server kamailio: Listening on
Jan 7 21:52:15 Kamailio-Server kamailio: tls: 161.35.44.66:5061
Jan 7 21:52:15 Kamailio-Server kamailio: Aliases:
Jan 7 21:52:15 Kamailio-Server kamailio: tls: kamailio-server:5061
Jan 7 21:52:15 Kamailio-Server kamailio: INFO: <core>
[core/tcp_main.c:4983]: init_tcp(): using epoll_lt as the io watch method
(auto detected)
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_mod.c:389]: mod_init(): With ECDH-Support!
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_mod.c:392]: mod_init(): With Diffie Hellman
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
compression: on
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
zlib compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC
-DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
-Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM
-DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: WARNING: tls
[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
low memory) workaround enabled (on low memory tls operations will fail
preemptively) with free memory thresholds 8912896 and 4456448 bytes
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core>
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
changed to 8912896
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core>
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
changed to 4456448
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core>
[main.c:2834]: main(): processes (at least): 17 - shm size: 67108864 - pkg
size: 4194304
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs<default>: tls_method=22
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs<default>:
certificate='/etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem&#…
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs<default>:
ca_list='/etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs<default>: crl='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs<default>:
require_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs<default>:
cipher_list='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs<default>:
private_key='/etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs<default>:
verify_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs<default>: verify_depth=9
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs<default>: verify_client=0
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
handler for socket [:0], server_name='sbc.netvoiceperu.com' ...
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSs<default>: Client MUST present
valid certificate
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc<default>: tls_method=22
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc<default>:
certificate='/etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem&#…
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc<default>:
ca_list='/etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc<default>: crl='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc<default>:
require_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc<default>:
cipher_list='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc<default>:
private_key='/etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc<default>:
verify_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc<default>: verify_depth=9
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc<default>: verify_client=0
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSc<default>: Server MUST present
valid certificate
Jan 7 21:52:16 Kamailio-Server /usr/sbin/kamailio[29306]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/29306
Jan 7 21:52:16 Kamailio-Server /usr/sbin/kamailio[29308]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
watch method (config).
Also, I attach TLS communication flow between Microsoft and Kamailio (See
attached image "Flow TLS Certificate"). As you can see, the TLS
communication of the certificates is successful, however the SIP connection
to Microsoft is still status down.
[root@kamailio-server ~]# kamcmd dispatcher.list | egrep "URI|FLAGS"
URI: sip:sip.pstnhub.microsoft.com
;transport=tls
FLAGS: IP
URI: sip:sip2.pstnhub.microsoft.com
;transport=tls
FLAGS: IP
URI: sip:sip3.pstnhub.microsoft.com
;transport=tls
FLAGS: IP
Is it possible that I have an error or I am missing a configuration
parameter in the kamailio.cfg and dispatcher.list file?. Attached
kamailio.cfg and dispatcher.list
Please your great help to solve this.
Atentamente
*Adalberto Carlos Mestanza T.*
El jue, 7 ene 2021 a las 22:23, Carlos Mestanza T. (<mestacart(a)gmail.com>)
escribió:
Hello Rob and Kamailio Community,
I tell you to load the .pem certificate you attached as ca_list (in the
tls.cfg file) Finally, my file was like this.
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem
certificate = /etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem
server_name = sbc.netvoiceperu.com
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem
certificate = /etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem
After doing this I no longer got any error. Next I show the logs.
Jan 7 21:52:15 Kamailio-Server systemd: Started Kamailio (OpenSER) - the
Open Source SIP Server.
Jan 7 21:52:15 Kamailio-Server kamailio: INFO: tls [tls_init.c:503]:
init_tls_compression(): disabling compression...
Jan 7 21:52:15 Kamailio-Server kamailio: Listening on
Jan 7 21:52:15 Kamailio-Server kamailio: tls: 161.35.44.66:5061
Jan 7 21:52:15 Kamailio-Server kamailio: Aliases:
Jan 7 21:52:15 Kamailio-Server kamailio: tls: kamailio-server:5061
Jan 7 21:52:15 Kamailio-Server kamailio: INFO: <core>
[core/tcp_main.c:4983]: init_tcp(): using epoll_lt as the io watch method
(auto detected)
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_mod.c:389]: mod_init(): With ECDH-Support!
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_mod.c:392]: mod_init(): With Diffie Hellman
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
compression: on
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
zlib compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC
-DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
-Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM
-DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: WARNING: tls
[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
low memory) workaround enabled (on low memory tls operations will fail
preemptively) with free memory thresholds 8912896 and 4456448 bytes
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core>
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
changed to 8912896
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core>
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
changed to 4456448
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: <core>
[main.c:2834]: main(): processes (at least): 17 - shm size: 67108864 - pkg
size: 4194304
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs<default>: tls_method=22
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs<default>:
certificate='/etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem&#…
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs<default>:
ca_list='/etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs<default>: crl='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs<default>:
require_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs<default>:
cipher_list='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs<default>:
private_key='/etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs<default>:
verify_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs<default>: verify_depth=9
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs<default>: verify_client=0
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
handler for socket [:0], server_name='sbc.netvoiceperu.com' ...
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSs<default>: Client MUST present
valid certificate
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc<default>: tls_method=22
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc<default>:
certificate='/etc/letsencrypt/live/sbc.netvoiceperu.com/fullchain.pem&#…
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc<default>:
ca_list='/etc/letsencrypt/live/sbc.netvoiceperu.com/bc2025.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc<default>: crl='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc<default>:
require_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc<default>:
cipher_list='(null)'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc<default>:
private_key='/etc/letsencrypt/live/sbc.netvoiceperu.com/key.pem'
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc<default>:
verify_certificate=1
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc<default>: verify_depth=9
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc<default>: verify_client=0
Jan 7 21:52:15 Kamailio-Server /usr/sbin/kamailio[29301]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSc<default>: Server MUST present
valid certificate
Jan 7 21:52:16 Kamailio-Server /usr/sbin/kamailio[29306]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/29306
Jan 7 21:52:16 Kamailio-Server /usr/sbin/kamailio[29308]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
watch method (config).
Also, I attach TLS communication flow between Microsoft and Kamailio (See
attached image "Flow TLS Certificate"). As you can see, the TLS
communication of the certificates is successful, however the SIP connection
to Microsoft is still status down.
[root@kamailio-server ~]# kamcmd dispatcher.list | egrep "URI|FLAGS"
URI: sip:sip.pstnhub.microsoft.com
;transport=tls
FLAGS: IP
URI: sip:
sip2.pstnhub.microsoft.com;transport=tls
FLAGS: IP
URI: sip:
sip3.pstnhub.microsoft.com;transport=tls
FLAGS: IP
Is it possible that I have an error or I am missing a configuration
parameter in the kamailio.cfg and dispatcher.list file?. Attached
kamailio.cfg and dispatcher.list
Please your great help to solve this.
Atentamente
*Adalberto Carlos Mestanza T.*
El jue, 7 ene 2021 a las 21:54, Ovidiu Sas (<osas(a)voipembedded.com>)
escribió:
That certificate should already be present under
the OS's trusted
certificates directory (debian and ubuntu certs are stored under
/etc/ssl/certs), maybe under a different name, and is required for
remote endpoint's certificate validation.
One can load a particular certificate or a list of certificates.
Multiple certificates can be concatenated into one single file as
stated in the documentation:
https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.ca_list
Hope this helps a little bit in understanding of the ca_list param.
Regards,
Ovidiu Sas
On Thu, Jan 7, 2021 at 8:10 AM <rob.van.den.bulk(a)gmail.com> wrote:
I Used this tls.cfg
Use bc2025.pem as extra, Microsoft needs this…
And works fine on different Kamailio-msteams sbcs
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate =
/etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
server_name = sbc.combivoipdom.nl
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate =
/etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
Cheers Rob
Van: sr-users <sr-users-bounces(a)lists.kamailio.org> Namens
Daniel-Constantin
Mierla
Verzonden: donderdag 7 januari 2021 08:53
Aan: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>rg>;
Willy Valles Rios <willyvalles17(a)gmail.com>
CC: Carlos Mestanza T.
<mestacart(a)gmail.com>
Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between
MsTeams and
Kamailio
Does this happen when Kamailio connects to MS Teams? The logs indicate
the
received TLS certificate is not trusted:
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
You can set debug=3 in kamailio.cfg and see if the DEBUG messages
provide more
hints. For me it worked fine with Letsencrypt certs in
Kamailio and accepting what ever MS sent back. I used Debian 10 and libssl
1.1.
Cheers,
Daniel
On 06.01.21 21:47, Willy Valles Rios wrote:
Hello community,
I am having trouble establishing SIP signaling between MsTeams and
Kamailio. I
currently have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier
(GoDaddy),
however I see these errors in the / var / log / messages of the
Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:389]: mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:392]: mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib
compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
-DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
low memory) workaround enabled (on low memory tls operations will fail
preemptively) with free memory thresholds 13107200 and 6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[main.c:2834]:
main(): processes (at least): 25 - shm size: 67108864 - pkg
size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially
212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally
425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
handler for socket [:0], server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO:
jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
Willy Valles Rios
Unified Communications Specialist
phone: +51955747343
em@il: willyvalles17(a)gmail.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
VoIP Embedded, Inc.
http://www.voipembedded.com
9 Jan
9 Jan
3:16 a.m.
Dear Kamilio Community,
After doing several reads to our Kamailio configuration, the dispatcher
list is in AP:
URI: sip: sip.pstnhub.microsoft.com; transport = tls
FLAGS: AP
URI: sip: sip2.pstnhub.microsoft.com; transport = tls
FLAGS: AP
URI: sip: sip3.pstnhub.microsoft.com; transport = tls
FLAGS: AP
But in the MS Teams dashboard the SIP OPTIONS STATUS column is WARNING.
In the LOGs sent to OPTIONS, it gives us to understand that with sent to MS
TEAMS:
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKd25f.2835f676000000000000000000000000.0#015#012To:
<sip:sip.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-213e3c71#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d0-1444(a)10.131.245.99#015#012Max-Forwards:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKe25f.b14dc514000000000000000000000000.0#015#012To:
<sip:sip2.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-44c3af70#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d1-1444(a)10.131.245.99#015#012Max-Forwards:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKb25f.8442f914000000000000000000000000.0#015#012To:
<sip:sip3.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-fa555adb#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d2-1444(a)10.131.245.99#015#012Max-Forwards:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:42 Kamailio-Server journal: Suppressed 103 messages from
/system.slice/kamailio.service
In the kamailio.cfg configuration it is declared:
listen=tls:161.35.44.66:5061
listen=tcp:10.131.245.99:5061
modparam ("dispatcher", "list_file",
"/etc/kamailio/dispatcher.list")
modparam ("dispatcher", "ds_probing_mode", 1)
modparam ("dispatcher", "ds_ping_interval", 60)
And this fragment was also added:
event_route [tm: local-request] {
if (is_method ("OPTIONS") && $ ru = ~
"pstnhub.microsoft.com") {
append_hf ("Contact: <sip: sbc.netvoiceperu.com: 5061;
transport = tls> \ r \ n");
}
xlog ("L_INFO", "Sent out tm request: $ mb \ n");
}
There is something additional that has to be declared so that in the MS
Teams panel the SIP OPTIONS STATUS column is shown as ACTIVE and not as
WARNNING, in the MS TEAMS documentation it is a possible problem related to
OPTIONS events.
Atentamente
*Adalberto Carlos Mestanza T.*
El jue, 7 ene 2021 a las 21:54, Ovidiu Sas (<osas(a)voipembedded.com>)
escribió:
That certificate should already be present under the
OS's trusted
certificates directory (debian and ubuntu certs are stored under
/etc/ssl/certs), maybe under a different name, and is required for
remote endpoint's certificate validation.
One can load a particular certificate or a list of certificates.
Multiple certificates can be concatenated into one single file as
stated in the documentation:
https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.ca_list
Hope this helps a little bit in understanding of the ca_list param.
Regards,
Ovidiu Sas
On Thu, Jan 7, 2021 at 8:10 AM <rob.van.den.bulk(a)gmail.com> wrote:
I Used this tls.cfg
Use bc2025.pem as extra, Microsoft needs this…
And works fine on different Kamailio-msteams sbcs
[server:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate =
/etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
server_name = sbc.combivoipdom.nl
[client:default]
method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
private_key = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/privkey.pem
certificate =
/etc/letsencrypt/live/sbc.combivoipdom.nl-0001/fullchain.pem
ca_list = /etc/letsencrypt/live/sbc.combivoipdom.nl-0001/bc2025.pem
Cheers Rob
Van: sr-users <sr-users-bounces(a)lists.kamailio.org> Namens
Daniel-Constantin
Mierla
Verzonden: donderdag 7 januari 2021 08:53
Aan: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>rg>;
Willy Valles Rios <willyvalles17(a)gmail.com>
CC: Carlos Mestanza T.
<mestacart(a)gmail.com>
Onderwerp: Re: [SR-Users] Problems establishing SIP signaling between
MsTeams and
Kamailio
Does this happen when Kamailio connects to MS Teams? The logs indicate
the
received TLS certificate is not trusted:
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
You can set debug=3 in kamailio.cfg and see if the DEBUG messages
provide more
hints. For me it worked fine with Letsencrypt certs in
Kamailio and accepting what ever MS sent back. I used Debian 10 and libssl
1.1.
Cheers,
Daniel
On 06.01.21 21:47, Willy Valles Rios wrote:
Hello community,
I am having trouble establishing SIP signaling between MsTeams and
Kamailio. I
currently have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier
(GoDaddy),
however I see these errors in the / var / log / messages of the
Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:389]: mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:392]: mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib
compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
-DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
low memory) workaround enabled (on low memory tls operations will fail
preemptively) with free memory thresholds 13107200 and 6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[main.c:2834]:
main(): processes (at least): 25 - shm size: 67108864 - pkg
size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially
212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally
425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
handler for socket [:0], server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
Willy Valles Rios
Unified Communications Specialist
phone: +51955747343
em@il: willyvalles17(a)gmail.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
VoIP Embedded, Inc.
http://www.voipembedded.com
8:27 a.m.
Dear Kamilio Community,
After doing several reads to our Kamailio configuration, the dispatcher
list is in AP:
URI: sip: sip.pstnhub.microsoft.com; transport = tls
FLAGS: AP
URI: sip: sip2.pstnhub.microsoft.com; transport = tls
FLAGS: AP
URI: sip: sip3.pstnhub.microsoft.com; transport = tls
FLAGS: AP
But in the MS Teams dashboard the SIP OPTIONS STATUS column is WARNING.
In the LOGs sent to OPTIONS, it gives us to understand that with sent to MS
TEAMS:
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKd25f.2835f676000000000000000000000000.0#015#012To:
<sip:sip.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-213e3c71#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d0-1444(a)10.131.245.99#015#012Max-Forwards
<http://07561978687e60d0-1444@10.131.245.99/#015%23012Max-Forwards>:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKe25f.b14dc514000000000000000000000000.0#015#012To:
<sip:sip2.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-44c3af70#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d1-1444(a)10.131.245.99#015#012Max-Forwards
<http://07561978687e60d1-1444@10.131.245.99/#015%23012Max-Forwards>:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKb25f.8442f914000000000000000000000000.0#015#012To:
<sip:sip3.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-fa555adb#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d2-1444(a)10.131.245.99#015#012Max-Forwards
<http://07561978687e60d2-1444@10.131.245.99/#015%23012Max-Forwards>:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:42 Kamailio-Server journal: Suppressed 103 messages from
/system.slice/kamailio.service
In the kamailio.cfg configuration it is declared:
listen=tls:161.35.44.66:5061
listen=tcp:10.131.245.99:5061
modparam ("dispatcher", "list_file",
"/etc/kamailio/dispatcher.list")
modparam ("dispatcher", "ds_probing_mode", 1)
modparam ("dispatcher", "ds_ping_interval", 60)
And this fragment was also added:
event_route [tm: local-request] {
if (is_method ("OPTIONS") && $ ru = ~
"pstnhub.microsoft.com") {
append_hf ("Contact: <sip: sbc.netvoiceperu.com: 5061;
transport = tls> \ r \ n");
}
xlog ("L_INFO", "Sent out tm request: $ mb \ n");
}
There is something additional that has to be declared so that in the MS
Teams panel the SIP OPTIONS STATUS column is shown as ACTIVE and not as
WARNNING, in the MS TEAMS documentation it is a possible problem related to
OPTIONS events.
Saludos Cordiales
--
*Willy Valles Rios*
*Unified Communications Specialist*
phone: +51955747343
em@il: willyvalles17(a)gmail.com
El jue, 7 ene 2021 a las 2:53, Daniel-Constantin Mierla (<miconda(a)gmail.com>)
escribió:
Does this happen when Kamailio connects to MS Teams?
The logs indicate the
received TLS certificate is not trusted:
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide
more hints. For me it worked fine with Letsencrypt certs in Kamailio and
accepting what ever MS sent back. I used Debian 10 and libssl 1.1.
Cheers,
Daniel
On 06.01.21 21:47, Willy Valles Rios wrote:
Hello community,
I am having trouble establishing SIP signaling between MsTeams and
Kamailio. I currently have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier
(GoDaddy), however I see these errors in the / var / log / messages of the
Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:389]: mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_mod.c:392]: mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
"OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib
compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
-DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
[tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
low memory) workaround enabled (on low memory tls operations will fail
preemptively) with free memory thresholds 13107200 and 6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg
size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially
212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
[core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally
425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
[tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
handler for socket [:0], server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
[tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid
certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1283]: tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
[tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f45242be028 r: 0x7f45242be150 (-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
*Willy Valles Rios*
*Unified Communications Specialist*
phone: +51955747343
em@il: willyvalles17(a)gmail.com
_______________________________________________
Kamailio (SER) - Users Mailing
Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda --
www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla
8:30 a.m.
Dear Kamilio Community,
After doing several reads to our Kamailio configuration, the dispatcher
list is in AP:
URI: sip: sip.pstnhub.microsoft.com; transport = tls
FLAGS: AP
URI: sip: sip2.pstnhub.microsoft.com; transport = tls
FLAGS: AP
URI: sip: sip3.pstnhub.microsoft.com; transport = tls
FLAGS: AP
But in the MS Teams dashboard the SIP OPTIONS STATUS column is WARNING.
In the LOGs sent to OPTIONS, it gives us to understand that with sent to MS
TEAMS:
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKd25f.2835f676000000000000000000000000.0#015#012To:
<sip:sip.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-213e3c71#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d0-1444(a)10.131.245.99#015#012Max-Forwards
<http://07561978687e60d0-1444@10.131.245.99/#015%23012Max-Forwards>:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKe25f.b14dc514000000000000000000000000.0#015#012To:
<sip:sip2.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-44c3af70#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d1-1444(a)10.131.245.99#015#012Max-Forwards
<http://07561978687e60d1-1444@10.131.245.99/#015%23012Max-Forwards>:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKb25f.8442f914000000000000000000000000.0#015#012To:
<sip:sip3.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-fa555adb#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d2-1444(a)10.131.245.99#015#012Max-Forwards
<http://07561978687e60d2-1444@10.131.245.99/#015%23012Max-Forwards>:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:42 Kamailio-Server journal: Suppressed 103 messages from
/system.slice/kamailio.service
In the kamailio.cfg configuration it is declared:
listen=tls:161.35.44.66:5061
listen=tcp:10.131.245.99:5061
modparam ("dispatcher", "list_file",
"/etc/kamailio/dispatcher.list")
modparam ("dispatcher", "ds_probing_mode", 1)
modparam ("dispatcher", "ds_ping_interval", 60)
And this fragment was also added:
event_route [tm: local-request] {
if (is_method ("OPTIONS") && $ ru = ~
"pstnhub.microsoft.com") {
append_hf ("Contact: <sip: sbc.netvoiceperu.com: 5061;
transport = tls> \ r \ n");
}
xlog ("L_INFO", "Sent out tm request: $ mb \ n");
}
There is something additional that has to be declared so that in the MS
Teams panel the SIP OPTIONS STATUS column is shown as ACTIVE and not as
WARNNING, in the MS TEAMS documentation it is a possible problem related to
OPTIONS events.
Saludos Cordiales
--
*Willy Valles Rios*
*Unified Communications Specialist*
phone: +51955747343
em@il: willyvalles17(a)gmail.com
El sáb, 9 ene 2021 a las 0:27, Willy Valles Rios (<willyvalles17(a)gmail.com>)
escribió:
Dear Kamilio Community,
After doing several reads to our Kamailio configuration, the dispatcher
list is in AP:
URI: sip: sip.pstnhub.microsoft.com; transport = tls
FLAGS: AP
URI: sip: sip2.pstnhub.microsoft.com; transport = tls
FLAGS: AP
URI: sip: sip3.pstnhub.microsoft.com; transport = tls
FLAGS: AP
But in the MS Teams dashboard the SIP OPTIONS STATUS column is WARNING.
In the LOGs sent to OPTIONS, it gives us to understand that with sent to
MS TEAMS:
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKd25f.2835f676000000000000000000000000.0#015#012To:
<sip:sip.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-213e3c71#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d0-1444(a)10.131.245.99#015#012Max-Forwards
<http://07561978687e60d0-1444@10.131.245.99/#015%23012Max-Forwards>:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip2.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKe25f.b14dc514000000000000000000000000.0#015#012To:
<sip:sip2.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-44c3af70#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d1-1444(a)10.131.245.99#015#012Max-Forwards
<http://07561978687e60d1-1444@10.131.245.99/#015%23012Max-Forwards>:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:40 Kamailio-Server /usr/sbin/kamailio[1444]: INFO: <script>:
Sent out tm request: OPTIONS sip:sip3.pstnhub.microsoft.com;transport=tls
SIP/2.0#015#012Via: SIP/2.0/TLS
161.35.44.66:5061;branch=z9hG4bKb25f.8442f914000000000000000000000000.0#015#012To:
<sip:sip3.pstnhub.microsoft.com;transport=tls>#015#012From: <sip:
sbc.netvoiceperu.com>;tag=69ae0da9200ed8d142f2e4a69f531080-fa555adb#015#012CSeq:
10 OPTIONS#015#012Call-ID:
07561978687e60d2-1444(a)10.131.245.99#015#012Max-Forwards
<http://07561978687e60d2-1444@10.131.245.99/#015%23012Max-Forwards>:
70#015#012Content-Length: 0#015#012User-Agent: kamailio (5.4.0
(x86_64/linux))
Jan 8 19:01:42 Kamailio-Server journal: Suppressed 103 messages from
/system.slice/kamailio.service
In the kamailio.cfg configuration it is declared:
listen=tls:161.35.44.66:5061
listen=tcp:10.131.245.99:5061
modparam ("dispatcher", "list_file",
"/etc/kamailio/dispatcher.list")
modparam ("dispatcher", "ds_probing_mode", 1)
modparam ("dispatcher", "ds_ping_interval", 60)
And this fragment was also added:
event_route [tm: local-request] {
if (is_method ("OPTIONS") && $ ru = ~
"pstnhub.microsoft.com") {
append_hf ("Contact: <sip: sbc.netvoiceperu.com: 5061;
transport = tls> \ r \ n");
}
xlog ("L_INFO", "Sent out tm request: $ mb \ n");
}
There is something additional that has to be declared so that in the MS
Teams panel the SIP OPTIONS STATUS column is shown as ACTIVE and not as
WARNNING, in the MS TEAMS documentation it is a possible problem related to
OPTIONS events.
Saludos Cordiales
--
*Willy Valles Rios*
*Unified Communications Specialist*
phone: +51955747343
em@il: willyvalles17(a)gmail.com
El jue, 7 ene 2021 a las 2:53, Daniel-Constantin Mierla (<
miconda(a)gmail.com>) escribió:
> Does this happen when Kamailio connects to MS Teams? The logs indicate
> the received TLS certificate is not trusted:
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> You can set debug=3 in kamailio.cfg and see if the DEBUG messages provide
> more hints. For me it worked fine with Letsencrypt certs in Kamailio and
> accepting what ever MS sent back. I used Debian 10 and libssl 1.1.
>
> Cheers,
> Daniel
>
> On 06.01.21 21:47, Willy Valles Rios wrote:
>
> Hello community,
>
>
> I am having trouble establishing SIP signaling between MsTeams and
> Kamailio. I currently have this configuration in my tls.cfg file
>
>
> [server: default]
>
> method = TLSv1.2 +
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/certificates/private-key.pem
>
> certificate = /etc/kamailio/certificates/certificate.pem
>
>
> [client: default]
>
> method = TLSv1.2 +
>
> verify_certificate = yes
>
> require_certificate = yes
>
> private_key = /etc/kamailio/certificates/private-key.pem
>
> certificate = /etc/kamailio/certificates/certificate.pem
>
>
> My domain was certified with ssl through an authoritative certifier
> (GoDaddy), however I see these errors in the / var / log / messages of the
> Kamailio server.
>
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_mod.c:389]: mod_init(): With ECDH-Support!
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_mod.c:392]: mod_init(): With Diffie Hellman
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_init.c:722]: tls_h_mod_init_f(): compiled with openssl version
> "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on,
> compression: on
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_init.c:730]: tls_h_mod_init_f(): installed openssl library version
> "OpenSSL 1.0.2k-fips 26 Jan 2017" (0x100020bf), kerberos support: on, zlib
> compression: on#012 compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
> -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
> -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
> -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
> -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY
> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
> -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
> -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
> -DECP_NISTZ256_ASM
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls
> [tls_init.c:787]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on
> low memory) workaround enabled (on low memory tls operations will fail
> preemptively) with free memory thresholds 13107200 and 6553600 bytes
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold1 has been
> changed to 13107200
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/cfg/cfg_ctx.c:598]: cfg_set_now(): tls.low_mem_threshold2 has been
> changed to 6553600
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [main.c:2834]: main(): processes (at least): 25 - shm size: 67108864 - pkg
> size: 4194304
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially
> 212992
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO:
> [core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally
> 425984
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=22
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs:
> certificate='/etc/kamailio/certificados/certificate.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:335]: ksr_tls_fill_missing(): TLSs: require_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs:
> private_key='/etc/kamailio/certificados/private-key.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:353]: ksr_tls_fill_missing(): TLSs: verify_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls
> [tls_domain.c:1107]: ksr_tls_fix_domain(): registered server_name callback
> handler for socket [:0], server_name='' ...
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:697]: set_verification(): TLSs: Client MUST present valid
> certificate
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=22
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc:
> certificate='/etc/kamailio/certificados/certificate.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:335]: ksr_tls_fill_missing(): TLSc: require_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc:
> private_key='/etc/kamailio/certificados/private-key.pem'
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:353]: ksr_tls_fill_missing(): TLSc: verify_certificate=1
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls
> [tls_domain.c:697]: set_verification(): TLSc: Server MUST present valid
> certificate
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
> [jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
>
> Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl
> [io_listener.c:214]: io_listen_loop(): io_listen_loop: using epoll_lt io
> watch method (config)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.75.24
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
> - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.132.46
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
> - c: 0x7f45242d9278 r: 0x7f45242d93a0 (-1)
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1283]: tls_h_read_f(): protocol level error
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_util.h:42]: tls_err_ret(): TLS write:error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1287]: tls_h_read_f(): source IP: 52.114.14.70
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls
> [tls_server.c:1290]: tls_h_read_f(): destination IP: 161.35.44.66
>
> Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR:
> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
> - c: 0x7f45242be028 r: 0x7f45242be150 (-1)
>
>
> Could you help me identify the problem please.
>
>
> Cheers
>
> Saludos Cordiales
> --
> *Willy Valles Rios*
> *Unified Communications Specialist*
>
> phone: +51955747343
> em@il: willyvalles17(a)gmail.com
>
> _______________________________________________
> Kamailio (SER) - Users Mailing
Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda --
www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla
>
>
7 Jan
7 Jan
11 a.m.
You need a 3e certificate
I will send you this afternoon
Sent from mobile, with due apologies for brevity and errors. Rob van den Bulk
________________________________
From: sr-users <sr-users-bounces(a)lists.kamailio.org> on behalf of Willy Valles Rios
<willyvalles17(a)gmail.com>
Sent: Wednesday, January 6, 2021 9:47:13 PM
To: sr-users(a)lists.kamailio.org <sr-users(a)lists.kamailio.org>
Cc: Carlos Mestanza T. <mestacart(a)gmail.com>
Subject: [SR-Users] Problems establishing SIP signaling between MsTeams and Kamailio
Hello community,
I am having trouble establishing SIP signaling between MsTeams and Kamailio. I currently
have this configuration in my tls.cfg file
[server: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
[client: default]
method = TLSv1.2 +
verify_certificate = yes
require_certificate = yes
private_key = /etc/kamailio/certificates/private-key.pem
certificate = /etc/kamailio/certificates/certificate.pem
My domain was certified with ssl through an authoritative certifier (GoDaddy), however I
see these errors in the / var / log / messages of the Kamailio server.
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:389]:
mod_init(): With ECDH-Support!
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_mod.c:392]:
mod_init(): With Diffie Hellman
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:722]:
tls_h_mod_init_f(): compiled with openssl version "OpenSSL 1.0.2k-fips 26 Jan
2017" (0x100020bf), kerberos support: on, compression: on
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_init.c:730]:
tls_h_mod_init_f(): installed openssl library version "OpenSSL 1.0.2k-fips 26 Jan
2017" (0x100020bf), kerberos support: on, zlib compression: on#012 compiler: gcc -I.
-I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64
-mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: WARNING: tls [tls_init.c:787]:
tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled
(on low memory tls operations will fail preemptively) with free memory thresholds 13107200
and 6553600 bytes
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]:
cfg_set_now(): tls.low_mem_threshold1 has been changed to 13107200
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/cfg/cfg_ctx.c:598]:
cfg_set_now(): tls.low_mem_threshold2 has been changed to 6553600
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [main.c:2834]: main():
processes (at least): 25 - shm size: 67108864 - pkg size: 4194304
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:154]:
probe_max_receive_buffer(): SO_RCVBUF is initially 212992
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: [core/udp_server.c:206]:
probe_max_receive_buffer(): SO_RCVBUF is finally 425984
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]:
ksr_tls_fill_missing(): TLSs: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]:
ksr_tls_fill_missing(): TLSs:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]:
ksr_tls_fill_missing(): TLSs: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]:
ksr_tls_fill_missing(): TLSs: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]:
ksr_tls_fill_missing(): TLSs: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]:
ksr_tls_fill_missing(): TLSs: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]:
ksr_tls_fill_missing(): TLSs:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]:
ksr_tls_fill_missing(): TLSs: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]:
ksr_tls_fill_missing(): TLSs: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]:
ksr_tls_fill_missing(): TLSs: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: NOTICE: tls [tls_domain.c:1107]:
ksr_tls_fix_domain(): registered server_name callback handler for socket [:0],
server_name='' ...
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]:
set_verification(): TLSs: Client MUST present valid certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:305]:
ksr_tls_fill_missing(): TLSc: tls_method=22
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:317]:
ksr_tls_fill_missing(): TLSc:
certificate='/etc/kamailio/certificados/certificate.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:324]:
ksr_tls_fill_missing(): TLSc: ca_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:331]:
ksr_tls_fill_missing(): TLSc: crl='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:335]:
ksr_tls_fill_missing(): TLSc: require_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:342]:
ksr_tls_fill_missing(): TLSc: cipher_list='(null)'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:349]:
ksr_tls_fill_missing(): TLSc:
private_key='/etc/kamailio/certificados/private-key.pem'
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:353]:
ksr_tls_fill_missing(): TLSc: verify_certificate=1
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:356]:
ksr_tls_fill_missing(): TLSc: verify_depth=9
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:359]:
ksr_tls_fill_missing(): TLSc: verify_client=0
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32409]: INFO: tls [tls_domain.c:697]:
set_verification(): TLSc: Server MUST present valid certificate
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32422]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child 0/32422
Jan 6 15:13:45 Kamailio-Server /usr/sbin/kamailio[32424]: INFO: ctl [io_listener.c:214]:
io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.75.24
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32425]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150
(-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.132.46
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32426]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242d9278 r: 0x7f45242d93a0
(-1)
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS write:error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 52.114.14.70
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 161.35.44.66
Jan 6 15:13:55 Kamailio-Server /usr/sbin/kamailio[32427]: ERROR: [core/tcp_read.c:1493]:
tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f45242be028 r: 0x7f45242be150
(-1)
Could you help me identify the problem please.
Cheers
Saludos Cordiales
--
Willy Valles Rios
Unified Communications Specialist
phone: +51955747343
em@il: willyvalles17@gmail.com<mailto:willyvalles17@gmail.com>
1394
days inactive
1416
days old
18 comments
9 participants
participants (9)
-
Carlos Mestanza T. -
Daniel-Constantin Mierla -
davy van de moere -
Jeremy McNamara -
Ovidiu Sas -
Rob van den Bulk -
rob.van.den.bulk@gmail.com
-
Willy Valles Rios -
wvalles