18 Oct
2014
18 Oct
'14
1:53 a.m.
Hi,
Im trying to connect my WebRTC clietn
to kamailio via WSS. I successfully connected it via WS but having
trouble connecting it via WSS. My first issue is I get error messages
while i try to compile TLS module(console log in the end of the
document). But, still it creates tls.so file. So i copied the tls.so
to my kamailio modules directory and then updated my kamailio
configuration as below:
#!define WITH_TLS
.
.listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif
Now, according to this mailing
list,http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html
: “when
tls module is installed, a self signed pair of certificate-private
key is generated in /usr/local/etc/kamailio”
In
my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
to create my certificate and key. And updated my tsl.cfg, this is how
my tsl.cfg looks like:
[server:192.168.146.133:5061]
method
= TLSv1
verify_certificate
= no
require_certificate
= no
private_key
= /etc/certs/sip.192.168.146.133/key.pem
certificate
= /etc/certs/sip.192.168.146.133/cert.pem
ca_list
= /etc/certs/demoCA/cert.pem
[client:192.168.146.133:5061]
verify_certificate
= yes
require_certificate
= yes
Then I restarted my kamailio server.
And i get the following errors in my kamailio log:
Im not sure what wrong im doing. Please
help me:
Oct 17 15:44:50 ubuntu kamailio: INFO:
tls [tls_init.c:385]: init_tls_compression(): tls: init_tls:
disabling compression...
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [socket_info.c:1397]: fix_hostname(): WARNING:
fix_hostname: could not rev. resolve 192.168.146.133
Oct 17 15:44:50 ubuntu kamailio:
message repeated 2 times: [ WARNING: <core>
[socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO:
<core> [tcp_main.c:4836]: init_tcp(): init_tcp: using epoll_lt
as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [daemonize.c:352]: daemonize(): pid file
contains old pid, replacing pid
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: usrloc
[hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:197]: pres_db_init(): xcap_auth_status function is disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: tls
[tls_init.c:668]: tls_check_sockets(): TLSs<192.168.146.133:5061>:
No listening socket found
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: <core>
[sr_module.c:970]: init_mod(): init_mod(): Error while initializing
module tls (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: : tls
[tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR:
<core> [daemonize.c:307]: daemonize(): Main process exited
before writing to pipe
tls module compile log
xxx@ubuntu:/usr/local/src/kamailio-4.1/kamailio$
sudo make -C modules/tls
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Leaving directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC
(gcc) [M tls.so]
tls_bio.o
CC
(gcc) [M tls.so]
tls_cfg.o
CC
(gcc) [M tls.so]
tls_config.o
CC
(gcc) [M tls.so]
tls_ct_wrq.o
CC
(gcc) [M tls.so]
tls_domain.o
In
file included from tls_domain.c:39:0:
tls_domain.c:
In function âload_certâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:506:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_cert:");
^
tls_domain.c:
In function âload_ca_listâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:536:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:543:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_domain.c:
In function âload_crlâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:575:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_crl:");
^
tls_domain.c:
In function âload_private_keyâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:990:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:998:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:1005:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
CC
(gcc) [M tls.so]
tls_dump_vf.o
CC
(gcc) [M tls.so]
tls_init.o
CC
(gcc) [M tls.so]
tls_locking.o
CC
(gcc) [M tls.so]
tls_mod.o
CC
(gcc) [M tls.so]
tls_rpc.o
CC
(gcc) [M tls.so]
tls_select.o
CC
(gcc) [M tls.so]
tls_server.o
In
file included from tls_server.c:52:0:
tls_server.c:
In function âtls_complete_initâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:192:3:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("Failed
to create SSL or BIO structure:");
^
tls_server.c:
In function âtls_shutdownâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:521:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("SSL
error:");
^
tls_server.c:
In function âtls_encode_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:798:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:832:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_server.c:
In function âtls_read_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:1186:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:1220:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
CC
(gcc) [M tls.so]
tls_util.o
CC
(gcc) [M tls.so]
tls_verify.o
LD
(gcc) [M tls.so]
tls.so
make:
Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
18 Oct
18 Oct
1:56 a.m.
Out of curiosity, why don't you use the pre-built packaged binaries instead
of building from source?
On 17 October 2014 19:53, Kamrul Khan <dodul(a)live.com> wrote:
Hi,
Im trying to connect my WebRTC clietn to kamailio via WSS. I
successfully connected it via WS but having trouble connecting it via WSS.
My first issue is I get error messages while i try to compile TLS
module(console log in the end of the document). But, still it creates
tls.so file. So i copied the tls.so to my kamailio modules directory and
then updated my kamailio configuration as below:
#!define WITH_TLS
.
.
listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif
Now, according to this mailing list,
http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html : “*when
tls module is installed, a self signed pair of certificate-private key is
generated in /usr/local/etc/kamailio”*
In my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates to
create my certificate and key. And updated my tsl.cfg, this is how my
tsl.cfg looks like:
[server:192.168.146.133:5061]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/certs/sip.192.168.146.133/key.pem
certificate = /etc/certs/sip.192.168.146.133/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:192.168.146.133:5061]
verify_certificate = yes
require_certificate = yes
Then I restarted my kamailio server. And i get the following errors in
my kamailio log:
Im not sure what wrong im doing. Please help me:
Oct 17 15:44:50 ubuntu kamailio: INFO: tls [tls_init.c:385]:
init_tls_compression(): tls: init_tls: disabling compression...
Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [socket_info.c:1397]:
fix_hostname(): WARNING: fix_hostname: could not rev. resolve
192.168.146.133
Oct 17 15:44:50 ubuntu kamailio: message repeated 2 times: [ WARNING:
<core> [socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO: <core> [tcp_main.c:4836]:
init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [daemonize.c:352]:
daemonize(): pid file contains old pid, replacing pid
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: utils [utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: utils [utils.c:197]: pres_db_init(): xcap_auth_status function is
disabled
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs<
192.168.146.133:5061>: No listening socket found
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while
initializing module tls
(/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: :
tls [tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR: <core> [daemonize.c:307]:
daemonize(): Main process exited before writing to pipe
tls module compile log
xxx@ubuntu:/usr/local/src/kamailio-4.1/kamailio$ sudo make -C modules/tls
make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC (gcc) [M tls.so] tls_bio.o
CC (gcc) [M tls.so] tls_cfg.o
CC (gcc) [M tls.so] tls_config.o
CC (gcc) [M tls.so] tls_ct_wrq.o
CC (gcc) [M tls.so] tls_domain.o
In file included from tls_domain.c:39:0:
tls_domain.c: In function âload_certâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:506:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_cert:");
^
tls_domain.c: In function âload_ca_listâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:536:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:543:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_domain.c: In function âload_crlâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:575:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_crl:");
^
tls_domain.c: In function âload_private_keyâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:990:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:998:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:1005:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
CC (gcc) [M tls.so] tls_dump_vf.o
CC (gcc) [M tls.so] tls_init.o
CC (gcc) [M tls.so] tls_locking.o
CC (gcc) [M tls.so] tls_mod.o
CC (gcc) [M tls.so] tls_rpc.o
CC (gcc) [M tls.so] tls_select.o
CC (gcc) [M tls.so] tls_server.o
In file included from tls_server.c:52:0:
tls_server.c: In function âtls_complete_initâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:192:3: note: in expansion of macro âTLS_ERRâ
TLS_ERR("Failed to create SSL or BIO structure:");
^
tls_server.c: In function âtls_shutdownâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:521:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("SSL error:");
^
tls_server.c: In function âtls_encode_fâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:798:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:832:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_server.c: In function âtls_read_fâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:1186:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:1220:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
CC (gcc) [M tls.so] tls_util.o
CC (gcc) [M tls.so] tls_verify.o
LD (gcc) [M tls.so] tls.so
make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
2:08 a.m.
I dint find any in my installation directory. probably it doesn't come with standard
installation unless you explicitly mention for it... not sure though
Date: Fri, 17 Oct 2014 19:56:50 -0300
From: ben(a)langfeld.co.uk
To: sr-users(a)lists.sip-router.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Out of curiosity, why don't you use the pre-built packaged binaries instead of
building from source?
On 17 October 2014 19:53, Kamrul Khan <dodul(a)live.com> wrote:
Hi,
Im trying to connect my WebRTC clietn
to kamailio via WSS. I successfully connected it via WS but having
trouble connecting it via WSS. My first issue is I get error messages
while i try to compile TLS module(console log in the end of the
document). But, still it creates tls.so file. So i copied the tls.so
to my kamailio modules directory and then updated my kamailio
configuration as below:
#!define WITH_TLS
.
.listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif
Now, according to this mailing
list,http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html
: “when
tls module is installed, a self signed pair of certificate-private
key is generated in /usr/local/etc/kamailio”
In
my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
to create my certificate and key. And updated my tsl.cfg, this is how
my tsl.cfg looks like:
[server:192.168.146.133:5061]
method
= TLSv1
verify_certificate
= no
require_certificate
= no
private_key
= /etc/certs/sip.192.168.146.133/key.pem
certificate
= /etc/certs/sip.192.168.146.133/cert.pem
ca_list
= /etc/certs/demoCA/cert.pem
[client:192.168.146.133:5061]
verify_certificate
= yes
require_certificate
= yes
Then I restarted my kamailio server.
And i get the following errors in my kamailio log:
Im not sure what wrong im doing. Please
help me:
Oct 17 15:44:50 ubuntu kamailio: INFO:
tls [tls_init.c:385]: init_tls_compression(): tls: init_tls:
disabling compression...
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [socket_info.c:1397]: fix_hostname(): WARNING:
fix_hostname: could not rev. resolve 192.168.146.133
Oct 17 15:44:50 ubuntu kamailio:
message repeated 2 times: [ WARNING: <core>
[socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO:
<core> [tcp_main.c:4836]: init_tcp(): init_tcp: using epoll_lt
as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [daemonize.c:352]: daemonize(): pid file
contains old pid, replacing pid
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: usrloc
[hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:197]: pres_db_init(): xcap_auth_status function is disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: tls
[tls_init.c:668]: tls_check_sockets(): TLSs<192.168.146.133:5061>:
No listening socket found
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: <core>
[sr_module.c:970]: init_mod(): init_mod(): Error while initializing
module tls (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: : tls
[tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR:
<core> [daemonize.c:307]: daemonize(): Main process exited
before writing to pipe
tls module compile log
xxx@ubuntu:/usr/local/src/kamailio-4.1/kamailio$
sudo make -C modules/tls
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Leaving directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC
(gcc) [M tls.so]
tls_bio.o
CC
(gcc) [M tls.so]
tls_cfg.o
CC
(gcc) [M tls.so]
tls_config.o
CC
(gcc) [M tls.so]
tls_ct_wrq.o
CC
(gcc) [M tls.so]
tls_domain.o
In
file included from tls_domain.c:39:0:
tls_domain.c:
In function âload_certâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:506:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_cert:");
^
tls_domain.c:
In function âload_ca_listâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:536:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:543:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_domain.c:
In function âload_crlâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:575:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_crl:");
^
tls_domain.c:
In function âload_private_keyâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:990:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:998:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:1005:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
CC
(gcc) [M tls.so]
tls_dump_vf.o
CC
(gcc) [M tls.so]
tls_init.o
CC
(gcc) [M tls.so]
tls_locking.o
CC
(gcc) [M tls.so]
tls_mod.o
CC
(gcc) [M tls.so]
tls_rpc.o
CC
(gcc) [M tls.so]
tls_select.o
CC
(gcc) [M tls.so]
tls_server.o
In
file included from tls_server.c:52:0:
tls_server.c:
In function âtls_complete_initâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:192:3:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("Failed
to create SSL or BIO structure:");
^
tls_server.c:
In function âtls_shutdownâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:521:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("SSL
error:");
^
tls_server.c:
In function âtls_encode_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:798:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:832:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_server.c:
In function âtls_read_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:1186:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:1220:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
CC
(gcc) [M tls.so]
tls_util.o
CC
(gcc) [M tls.so]
tls_verify.o
LD
(gcc) [M tls.so]
tls.so
make:
Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
3:10 a.m.
ok. I have made some changes. rather than getting the TLS configaration from a file I
added this lines:
#!ifdef WITH_TLS# ----- tls params -----
modparam("tls", "private_key",
"/etc/certs/sip.192.168.146.133/key.pem")modparam("tls",
"certificate",
"/etc/certs/sip.192.168.146.133/cert.pem")modparam("tls",
"ca_list", "/etc/certs/demoCA/cert.pem")
now, Im getting different logs which looks good. Getting positive results from openssl
test,
openssl s_client -connect 192.168.146.133:5061 -tls1CONNECTED(00000003)^C
But when I try to connect using my webRTC client or even from web-browsers im getting
timed out. I think im close .. please help me fixing this issue.
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9Oct 17 16:35:38
ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]:
fill_missing(): TLSs<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]:
fill_missing(): TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:305]: fill_missing(): TLSs<default>: require_certificate=0Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:312]: fill_missing(): TLSs<default>: cipher_list='(null)'Oct
17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:319]: fill_missing(): TLSs<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]:
fill_missing(): TLSs<default>: verify_certificate=0Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]:
fill_missing(): TLSs<default>: verify_depth=9Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:670]:
set_verification(): TLSs<default>: No client certificate required and no checks
performedOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9Oct 17 16:35:38
ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]:
fill_missing(): TLSc<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]:
fill_missing(): TLSc<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:305]: fill_missing(): TLSc<default>: require_certificate=0Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:312]: fill_missing(): TLSc<default>: cipher_list='(null)'Oct
17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:319]: fill_missing(): TLSc<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]:
fill_missing(): TLSc<default>: verify_certificate=0Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]:
fill_missing(): TLSc<default>: verify_depth=9Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:673]:
set_verification(): TLSc<default>: Server MAY present invalid certificateOct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: INFO: ctl
[io_listener.c:225]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method
(config)
From: dodul(a)live.com
To: ben(a)langfeld.me; sr-users(a)lists.sip-router.org
Date: Sat, 18 Oct 2014 05:08:20 +0600
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
I dint find any in my installation directory. probably it doesn't come with standard
installation unless you explicitly mention for it... not sure though
Date: Fri, 17 Oct 2014 19:56:50 -0300
From: ben(a)langfeld.co.uk
To: sr-users(a)lists.sip-router.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Out of curiosity, why don't you use the pre-built packaged binaries instead of
building from source?
On 17 October 2014 19:53, Kamrul Khan <dodul(a)live.com> wrote:
Hi,
Im trying to connect my WebRTC clietn
to kamailio via WSS. I successfully connected it via WS but having
trouble connecting it via WSS. My first issue is I get error messages
while i try to compile TLS module(console log in the end of the
document). But, still it creates tls.so file. So i copied the tls.so
to my kamailio modules directory and then updated my kamailio
configuration as below:
#!define WITH_TLS
.
.listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif
Now, according to this mailing
list,http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html
: “when
tls module is installed, a self signed pair of certificate-private
key is generated in /usr/local/etc/kamailio”
In
my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
to create my certificate and key. And updated my tsl.cfg, this is how
my tsl.cfg looks like:
[server:192.168.146.133:5061]
method
= TLSv1
verify_certificate
= no
require_certificate
= no
private_key
= /etc/certs/sip.192.168.146.133/key.pem
certificate
= /etc/certs/sip.192.168.146.133/cert.pem
ca_list
= /etc/certs/demoCA/cert.pem
[client:192.168.146.133:5061]
verify_certificate
= yes
require_certificate
= yes
Then I restarted my kamailio server.
And i get the following errors in my kamailio log:
Im not sure what wrong im doing. Please
help me:
Oct 17 15:44:50 ubuntu kamailio: INFO:
tls [tls_init.c:385]: init_tls_compression(): tls: init_tls:
disabling compression...
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [socket_info.c:1397]: fix_hostname(): WARNING:
fix_hostname: could not rev. resolve 192.168.146.133
Oct 17 15:44:50 ubuntu kamailio:
message repeated 2 times: [ WARNING: <core>
[socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO:
<core> [tcp_main.c:4836]: init_tcp(): init_tcp: using epoll_lt
as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [daemonize.c:352]: daemonize(): pid file
contains old pid, replacing pid
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: usrloc
[hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:197]: pres_db_init(): xcap_auth_status function is disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: tls
[tls_init.c:668]: tls_check_sockets(): TLSs<192.168.146.133:5061>:
No listening socket found
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: <core>
[sr_module.c:970]: init_mod(): init_mod(): Error while initializing
module tls (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: : tls
[tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR:
<core> [daemonize.c:307]: daemonize(): Main process exited
before writing to pipe
tls module compile log
xxx@ubuntu:/usr/local/src/kamailio-4.1/kamailio$
sudo make -C modules/tls
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Leaving directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC
(gcc) [M tls.so]
tls_bio.o
CC
(gcc) [M tls.so]
tls_cfg.o
CC
(gcc) [M tls.so]
tls_config.o
CC
(gcc) [M tls.so]
tls_ct_wrq.o
CC
(gcc) [M tls.so]
tls_domain.o
In
file included from tls_domain.c:39:0:
tls_domain.c:
In function âload_certâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:506:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_cert:");
^
tls_domain.c:
In function âload_ca_listâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:536:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:543:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_domain.c:
In function âload_crlâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:575:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_crl:");
^
tls_domain.c:
In function âload_private_keyâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:990:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:998:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:1005:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
CC
(gcc) [M tls.so]
tls_dump_vf.o
CC
(gcc) [M tls.so]
tls_init.o
CC
(gcc) [M tls.so]
tls_locking.o
CC
(gcc) [M tls.so]
tls_mod.o
CC
(gcc) [M tls.so]
tls_rpc.o
CC
(gcc) [M tls.so]
tls_select.o
CC
(gcc) [M tls.so]
tls_server.o
In
file included from tls_server.c:52:0:
tls_server.c:
In function âtls_complete_initâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:192:3:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("Failed
to create SSL or BIO structure:");
^
tls_server.c:
In function âtls_shutdownâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:521:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("SSL
error:");
^
tls_server.c:
In function âtls_encode_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:798:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:832:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_server.c:
In function âtls_read_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:1186:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:1220:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
CC
(gcc) [M tls.so]
tls_util.o
CC
(gcc) [M tls.so]
tls_verify.o
LD
(gcc) [M tls.so]
tls.so
make:
Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
4:33 a.m.
Hi Ben,
In regards your certificates, please double check the following:
a) CN field:
In your webrtc client check the URL used for wss. and verify it matches the
CN field of the certificate installed in kamailio:
Example:
In my sipml5 client I configured wss://ramenlabs.io:5063 and my certificate
in fact contains in the cn field ramenlabs.io
Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io
openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text
b)
I have successfully configured Kamailio 4.1 with TLS and WSS using TLS port
5063
Topology:
1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)
2) sipml5 --wss---> kamailio
Relevant configurations:
kamailio.cfg
tls.cfg
certificates
Kamailio:
loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/
Listening on
udp: 172.31.27.85:5060
tcp: 172.31.27.85:5060
tcp: 172.31.27.85:5062
tls: 172.31.27.85:5061
* tls: 172.31.27.85:5063 <http://172.31.27.85:5063>*
Aliases:
* tls: ip-172-31-27-85.us-west-2.compute.internal:5063*
tls: ip-172-31-27-85.us-west-2.compute.internal:5061
tcp: ip-172-31-27-85.us-west-2.compute.internal:5062
tcp: ip-172-31-27-85.us-west-2.compute.internal:5060
udp: ip-172-31-27-85.us-west-2.compute.internal:5060
*: ramenlabs.io:*
*: 172.31.27.85:*
kamailio.cfg
tls.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg
openssl s_client -connect 172.31.27.85:5063 where this i my internal IP
address I get presented the certificates.
HTH
-G
On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <dodul(a)live.com> wrote:
ok. I have made some changes. rather than getting the
TLS configaration
from a file I added this lines:
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "private_key",
"/etc/certs/sip.192.168.146.133/key.pem")
modparam("tls", "certificate",
"/etc/certs/sip.192.168.146.133/cert.pem")
modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem")
now, Im getting different logs which looks good. Getting positive results
from openssl test,
openssl s_client -connect 192.168.146.133:5061 -tls1
CONNECTED(00000003)
^C
But when I try to connect using my webRTC client or even from web-browsers
im getting timed out. I think im close .. please help me fixing this issue.
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>:
ca_list='/etc/certs/demoCA/cert.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>:
require_certificate=0
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>:
cipher_list='(null)'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>:
verify_certificate=0
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client
certificate required and no checks performed
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>:
ca_list='/etc/certs/demoCA/cert.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>:
require_certificate=0
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>:
cipher_list='(null)'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>:
verify_certificate=0
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY
present invalid certificate
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]:
INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop: using
epoll_lt io watch method (config)
------------------------------
From: dodul(a)live.com
To: ben(a)langfeld.me; sr-users(a)lists.sip-router.org
Date: Sat, 18 Oct 2014 05:08:20 +0600
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
I dint find any in my installation directory. probably it doesn't come
with standard installation unless you explicitly mention for it... not sure
though
------------------------------
Date: Fri, 17 Oct 2014 19:56:50 -0300
From: ben(a)langfeld.co.uk
To: sr-users(a)lists.sip-router.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Out of curiosity, why don't you use the pre-built packaged binaries
instead of building from source?
On 17 October 2014 19:53, Kamrul Khan <dodul(a)live.com> wrote:
Hi,
Im trying to connect my WebRTC clietn to kamailio via WSS. I
successfully connected it via WS but having trouble connecting it via WSS.
My first issue is I get error messages while i try to compile TLS
module(console log in the end of the document). But, still it creates
tls.so file. So i copied the tls.so to my kamailio modules directory and
then updated my kamailio configuration as below:
#!define WITH_TLS
.
.
listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif
Now, according to this mailing list,
http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html : “*when
tls module is installed, a self signed pair of certificate-private key is
generated in /usr/local/etc/kamailio”*
In my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates to
create my certificate and key. And updated my tsl.cfg, this is how my
tsl.cfg looks like:
[server:192.168.146.133:5061]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/certs/sip.192.168.146.133/key.pem
certificate = /etc/certs/sip.192.168.146.133/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:192.168.146.133:5061]
verify_certificate = yes
require_certificate = yes
Then I restarted my kamailio server. And i get the following errors in
my kamailio log:
Im not sure what wrong im doing. Please help me:
Oct 17 15:44:50 ubuntu kamailio: INFO: tls [tls_init.c:385]:
init_tls_compression(): tls: init_tls: disabling compression...
Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [socket_info.c:1397]:
fix_hostname(): WARNING: fix_hostname: could not rev. resolve
192.168.146.133
Oct 17 15:44:50 ubuntu kamailio: message repeated 2 times: [ WARNING:
<core> [socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO: <core> [tcp_main.c:4836]:
init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [daemonize.c:352]:
daemonize(): pid file contains old pid, replacing pid
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: utils [utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: utils [utils.c:197]: pres_db_init(): xcap_auth_status function is
disabled
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs<
192.168.146.133:5061>: No listening socket found
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while
initializing module tls
(/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: :
tls [tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR: <core> [daemonize.c:307]:
daemonize(): Main process exited before writing to pipe
tls module compile log
xxx@ubuntu:/usr/local/src/kamailio-4.1/kamailio$ sudo make -C modules/tls
make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC (gcc) [M tls.so] tls_bio.o
CC (gcc) [M tls.so] tls_cfg.o
CC (gcc) [M tls.so] tls_config.o
CC (gcc) [M tls.so] tls_ct_wrq.o
CC (gcc) [M tls.so] tls_domain.o
In file included from tls_domain.c:39:0:
tls_domain.c: In function âload_certâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:506:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_cert:");
^
tls_domain.c: In function âload_ca_listâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:536:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:543:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_domain.c: In function âload_crlâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:575:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_crl:");
^
tls_domain.c: In function âload_private_keyâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:990:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:998:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:1005:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
CC (gcc) [M tls.so] tls_dump_vf.o
CC (gcc) [M tls.so] tls_init.o
CC (gcc) [M tls.so] tls_locking.o
CC (gcc) [M tls.so] tls_mod.o
CC (gcc) [M tls.so] tls_rpc.o
CC (gcc) [M tls.so] tls_select.o
CC (gcc) [M tls.so] tls_server.o
In file included from tls_server.c:52:0:
tls_server.c: In function âtls_complete_initâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:192:3: note: in expansion of macro âTLS_ERRâ
TLS_ERR("Failed to create SSL or BIO structure:");
^
tls_server.c: In function âtls_shutdownâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:521:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("SSL error:");
^
tls_server.c: In function âtls_encode_fâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:798:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:832:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_server.c: In function âtls_read_fâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:1186:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:1220:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
CC (gcc) [M tls.so] tls_util.o
CC (gcc) [M tls.so] tls_verify.o
LD (gcc) [M tls.so] tls.so
make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER)
and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER)
and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
21 Oct
21 Oct
2:01 a.m.
I added tls listening port in my config. Now it is working fine.
Date: Fri, 17 Oct 2014 18:33:17 -0700
From: gascagonzalo(a)gmail.com
To: sr-users(a)lists.sip-router.org
CC: ben(a)langfeld.me
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Hi Ben,
In regards your certificates, please double check the following:a) CN field:In your webrtc
client check the URL used for wss. and verify it matches the CN field of the certificate
installed in kamailio:Example:In my sipml5 client I configured wss://ramenlabs.io:5063 and
my certificate in fact contains in the cn field ramenlabs.io
Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io
openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text
b) I have successfully configured Kamailio 4.1 with TLS and WSS using TLS port
5063Topology:1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)2) sipml5
--wss---> kamailio
Relevant configurations:kamailio.cfgtls.cfgcertificates
Kamailio:
loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/
Listening on
udp: 172.31.27.85:5060
tcp: 172.31.27.85:5060
tcp: 172.31.27.85:5062
tls: 172.31.27.85:5061
tls: 172.31.27.85:5063
Aliases:
tls: ip-172-31-27-85.us-west-2.compute.internal:5063
tls: ip-172-31-27-85.us-west-2.compute.internal:5061
tcp: ip-172-31-27-85.us-west-2.compute.internal:5062
tcp: ip-172-31-27-85.us-west-2.compute.internal:5060
udp: ip-172-31-27-85.us-west-2.compute.internal:5060
*: ramenlabs.io:*
*: 172.31.27.85:*
kamailio.cfgtls.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg
openssl s_client -connect 172.31.27.85:5063 where this i my internal IP address I get
presented the certificates.
HTH
-G
On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <dodul(a)live.com> wrote:
ok. I have made some changes. rather than getting the TLS configaration from a file I
added this lines:
#!ifdef WITH_TLS# ----- tls params -----
modparam("tls", "private_key",
"/etc/certs/sip.192.168.146.133/key.pem")modparam("tls",
"certificate",
"/etc/certs/sip.192.168.146.133/cert.pem")modparam("tls",
"ca_list", "/etc/certs/demoCA/cert.pem")
now, Im getting different logs which looks good. Getting positive results from openssl
test,
openssl s_client -connect 192.168.146.133:5061 -tls1CONNECTED(00000003)^C
But when I try to connect using my webRTC client or even from web-browsers im getting
timed out. I think im close .. please help me fixing this issue.
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9Oct 17 16:35:38
ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]:
fill_missing(): TLSs<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]:
fill_missing(): TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:305]: fill_missing(): TLSs<default>: require_certificate=0Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:312]: fill_missing(): TLSs<default>: cipher_list='(null)'Oct
17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:319]: fill_missing(): TLSs<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]:
fill_missing(): TLSs<default>: verify_certificate=0Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]:
fill_missing(): TLSs<default>: verify_depth=9Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:670]:
set_verification(): TLSs<default>: No client certificate required and no checks
performedOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9Oct 17 16:35:38
ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]:
fill_missing(): TLSc<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]:
fill_missing(): TLSc<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:305]: fill_missing(): TLSc<default>: require_certificate=0Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:312]: fill_missing(): TLSc<default>: cipher_list='(null)'Oct
17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:319]: fill_missing(): TLSc<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]:
fill_missing(): TLSc<default>: verify_certificate=0Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]:
fill_missing(): TLSc<default>: verify_depth=9Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:673]:
set_verification(): TLSc<default>: Server MAY present invalid certificateOct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: INFO: ctl
[io_listener.c:225]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method
(config)
From: dodul(a)live.com
To: ben(a)langfeld.me; sr-users(a)lists.sip-router.org
Date: Sat, 18 Oct 2014 05:08:20 +0600
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
I dint find any in my installation directory. probably it doesn't come with standard
installation unless you explicitly mention for it... not sure though
Date: Fri, 17 Oct 2014 19:56:50 -0300
From: ben(a)langfeld.co.uk
To: sr-users(a)lists.sip-router.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Out of curiosity, why don't you use the pre-built packaged binaries instead of
building from source?
On 17 October 2014 19:53, Kamrul Khan <dodul(a)live.com> wrote:
Hi,
Im trying to connect my WebRTC clietn
to kamailio via WSS. I successfully connected it via WS but having
trouble connecting it via WSS. My first issue is I get error messages
while i try to compile TLS module(console log in the end of the
document). But, still it creates tls.so file. So i copied the tls.so
to my kamailio modules directory and then updated my kamailio
configuration as below:
#!define WITH_TLS
.
.
listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif
Now, according to this mailing
list,http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html
: “when
tls module is installed, a self signed pair of certificate-private
key is generated in /usr/local/etc/kamailio”
In
my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
to create my certificate and key. And updated my tsl.cfg, this is how
my tsl.cfg looks like:
[server:192.168.146.133:5061]
method
= TLSv1
verify_certificate
= no
require_certificate
= no
private_key
= /etc/certs/sip.192.168.146.133/key.pem
certificate
= /etc/certs/sip.192.168.146.133/cert.pem
ca_list
= /etc/certs/demoCA/cert.pem
[client:192.168.146.133:5061]
verify_certificate
= yes
require_certificate
= yes
Then I restarted my kamailio server.
And i get the following errors in my kamailio log:
Im not sure what wrong im doing. Please
help me:
Oct 17 15:44:50 ubuntu kamailio: INFO:
tls [tls_init.c:385]: init_tls_compression(): tls: init_tls:
disabling compression...
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [socket_info.c:1397]: fix_hostname(): WARNING:
fix_hostname: could not rev. resolve 192.168.146.133
Oct 17 15:44:50 ubuntu kamailio:
message repeated 2 times: [ WARNING: <core>
[socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO:
<core> [tcp_main.c:4836]: init_tcp(): init_tcp: using epoll_lt
as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [daemonize.c:352]: daemonize(): pid file
contains old pid, replacing pid
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: usrloc
[hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:197]: pres_db_init(): xcap_auth_status function is disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: tls
[tls_init.c:668]: tls_check_sockets(): TLSs<192.168.146.133:5061>:
No listening socket found
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: <core>
[sr_module.c:970]: init_mod(): init_mod(): Error while initializing
module tls (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: : tls
[tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR:
<core> [daemonize.c:307]: daemonize(): Main process exited
before writing to pipe
tls module compile log
xxx@ubuntu:/usr/local/src/kamailio-4.1/kamailio$
sudo make -C modules/tls
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Leaving directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC
(gcc) [M tls.so]
tls_bio.o
CC
(gcc) [M tls.so]
tls_cfg.o
CC
(gcc) [M tls.so]
tls_config.o
CC
(gcc) [M tls.so]
tls_ct_wrq.o
CC
(gcc) [M tls.so]
tls_domain.o
In
file included from tls_domain.c:39:0:
tls_domain.c:
In function âload_certâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:506:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_cert:");
^
tls_domain.c:
In function âload_ca_listâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:536:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:543:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_domain.c:
In function âload_crlâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:575:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_crl:");
^
tls_domain.c:
In function âload_private_keyâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:990:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:998:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:1005:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
CC
(gcc) [M tls.so]
tls_dump_vf.o
CC
(gcc) [M tls.so]
tls_init.o
CC
(gcc) [M tls.so]
tls_locking.o
CC
(gcc) [M tls.so]
tls_mod.o
CC
(gcc) [M tls.so]
tls_rpc.o
CC
(gcc) [M tls.so]
tls_select.o
CC
(gcc) [M tls.so]
tls_server.o
In
file included from tls_server.c:52:0:
tls_server.c:
In function âtls_complete_initâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:192:3:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("Failed
to create SSL or BIO structure:");
^
tls_server.c:
In function âtls_shutdownâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:521:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("SSL
error:");
^
tls_server.c:
In function âtls_encode_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:798:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:832:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_server.c:
In function âtls_read_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:1186:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:1220:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
CC
(gcc) [M tls.so]
tls_util.o
CC
(gcc) [M tls.so]
tls_verify.o
LD
(gcc) [M tls.so]
tls.so
make:
Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
25 Nov
25 Nov
9:09 p.m.
New subject: WSS connection is getting dropped after BYE is sent
Hi,
I have successfully configured Kamailio for WSS support using the below instructions.
Everything works perfectly except, when call is hanged up from the receiving end, Kamailio
sends BYE and the browser disconnects websocket connection right after getting response
from Kamailio with the following error message:
Firefox: WebSocket connection to 'ws://localhost:3001/websocket' failed: Invalid
frame headerChrome: The connection to ws://localhost:3001/websocket was interrupted while
the page was loading.
Everything works perfectly over plain websocket(WS). Kamailio is sending something with
the websocket that the browsers do not like. But im not sure what it is. If somebody faced
same issue before or can give any clue that would be really helpful.
Thanks in advanced!
Date: Fri, 17 Oct 2014 18:33:17 -0700
From: gascagonzalo(a)gmail.com
To: sr-users(a)lists.sip-router.org
CC: ben(a)langfeld.me
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Hi Ben,
In regards your certificates, please double check the following:a) CN field:In your webrtc
client check the URL used for wss. and verify it matches the CN field of the certificate
installed in kamailio:Example:In my sipml5 client I configured wss://ramenlabs.io:5063 and
my certificate in fact contains in the cn field ramenlabs.io
Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io
openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text
b) I have successfully configured Kamailio 4.1 with TLS and WSS using TLS port
5063Topology:1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)2) sipml5
--wss---> kamailio
Relevant configurations:kamailio.cfgtls.cfgcertificates
Kamailio:
loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/
Listening on
udp: 172.31.27.85:5060
tcp: 172.31.27.85:5060
tcp: 172.31.27.85:5062
tls: 172.31.27.85:5061
tls: 172.31.27.85:5063
Aliases:
tls: ip-172-31-27-85.us-west-2.compute.internal:5063
tls: ip-172-31-27-85.us-west-2.compute.internal:5061
tcp: ip-172-31-27-85.us-west-2.compute.internal:5062
tcp: ip-172-31-27-85.us-west-2.compute.internal:5060
udp: ip-172-31-27-85.us-west-2.compute.internal:5060
*: ramenlabs.io:*
*: 172.31.27.85:*
kamailio.cfgtls.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg
openssl s_client -connect 172.31.27.85:5063 where this i my internal IP address I get
presented the certificates.
HTH
-G
On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <dodul(a)live.com> wrote:
ok. I have made some changes. rather than getting the TLS configaration from a file I
added this lines:
#!ifdef WITH_TLS# ----- tls params -----
modparam("tls", "private_key",
"/etc/certs/sip.192.168.146.133/key.pem")modparam("tls",
"certificate",
"/etc/certs/sip.192.168.146.133/cert.pem")modparam("tls",
"ca_list", "/etc/certs/demoCA/cert.pem")
now, Im getting different logs which looks good. Getting positive results from openssl
test,
openssl s_client -connect 192.168.146.133:5061 -tls1CONNECTED(00000003)^C
But when I try to connect using my webRTC client or even from web-browsers im getting
timed out. I think im close .. please help me fixing this issue.
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9Oct 17 16:35:38
ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]:
fill_missing(): TLSs<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]:
fill_missing(): TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:305]: fill_missing(): TLSs<default>: require_certificate=0Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:312]: fill_missing(): TLSs<default>: cipher_list='(null)'Oct
17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:319]: fill_missing(): TLSs<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]:
fill_missing(): TLSs<default>: verify_certificate=0Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]:
fill_missing(): TLSs<default>: verify_depth=9Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:670]:
set_verification(): TLSs<default>: No client certificate required and no checks
performedOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9Oct 17 16:35:38
ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]:
fill_missing(): TLSc<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]:
fill_missing(): TLSc<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:305]: fill_missing(): TLSc<default>: require_certificate=0Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:312]: fill_missing(): TLSc<default>: cipher_list='(null)'Oct
17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:319]: fill_missing(): TLSc<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]:
fill_missing(): TLSc<default>: verify_certificate=0Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]:
fill_missing(): TLSc<default>: verify_depth=9Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:673]:
set_verification(): TLSc<default>: Server MAY present invalid certificateOct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: INFO: ctl
[io_listener.c:225]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method
(config)
From: dodul(a)live.com
To: ben(a)langfeld.me; sr-users(a)lists.sip-router.org
Date: Sat, 18 Oct 2014 05:08:20 +0600
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
I dint find any in my installation directory. probably it doesn't come with standard
installation unless you explicitly mention for it... not sure though
Date: Fri, 17 Oct 2014 19:56:50 -0300
From: ben(a)langfeld.co.uk
To: sr-users(a)lists.sip-router.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Out of curiosity, why don't you use the pre-built packaged binaries instead of
building from source?
On 17 October 2014 19:53, Kamrul Khan <dodul(a)live.com> wrote:
Hi,
Im trying to connect my WebRTC clietn
to kamailio via WSS. I successfully connected it via WS but having
trouble connecting it via WSS. My first issue is I get error messages
while i try to compile TLS module(console log in the end of the
document). But, still it creates tls.so file. So i copied the tls.so
to my kamailio modules directory and then updated my kamailio
configuration as below:
#!define WITH_TLS
.
.
listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif
Now, according to this mailing
list,http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html
: “when
tls module is installed, a self signed pair of certificate-private
key is generated in /usr/local/etc/kamailio”
In
my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
to create my certificate and key. And updated my tsl.cfg, this is how
my tsl.cfg looks like:
[server:192.168.146.133:5061]
method
= TLSv1
verify_certificate
= no
require_certificate
= no
private_key
= /etc/certs/sip.192.168.146.133/key.pem
certificate
= /etc/certs/sip.192.168.146.133/cert.pem
ca_list
= /etc/certs/demoCA/cert.pem
[client:192.168.146.133:5061]
verify_certificate
= yes
require_certificate
= yes
Then I restarted my kamailio server.
And i get the following errors in my kamailio log:
Im not sure what wrong im doing. Please
help me:
Oct 17 15:44:50 ubuntu kamailio: INFO:
tls [tls_init.c:385]: init_tls_compression(): tls: init_tls:
disabling compression...
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [socket_info.c:1397]: fix_hostname(): WARNING:
fix_hostname: could not rev. resolve 192.168.146.133
Oct 17 15:44:50 ubuntu kamailio:
message repeated 2 times: [ WARNING: <core>
[socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO:
<core> [tcp_main.c:4836]: init_tcp(): init_tcp: using epoll_lt
as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [daemonize.c:352]: daemonize(): pid file
contains old pid, replacing pid
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: usrloc
[hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:197]: pres_db_init(): xcap_auth_status function is disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: tls
[tls_init.c:668]: tls_check_sockets(): TLSs<192.168.146.133:5061>:
No listening socket found
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: <core>
[sr_module.c:970]: init_mod(): init_mod(): Error while initializing
module tls (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: : tls
[tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR:
<core> [daemonize.c:307]: daemonize(): Main process exited
before writing to pipe
tls module compile log
xxx@ubuntu:/usr/local/src/kamailio-4.1/kamailio$
sudo make -C modules/tls
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Leaving directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC
(gcc) [M tls.so]
tls_bio.o
CC
(gcc) [M tls.so]
tls_cfg.o
CC
(gcc) [M tls.so]
tls_config.o
CC
(gcc) [M tls.so]
tls_ct_wrq.o
CC
(gcc) [M tls.so]
tls_domain.o
In
file included from tls_domain.c:39:0:
tls_domain.c:
In function âload_certâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:506:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_cert:");
^
tls_domain.c:
In function âload_ca_listâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:536:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:543:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_domain.c:
In function âload_crlâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:575:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_crl:");
^
tls_domain.c:
In function âload_private_keyâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:990:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:998:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_domain.c:1005:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
CC
(gcc) [M tls.so]
tls_dump_vf.o
CC
(gcc) [M tls.so]
tls_init.o
CC
(gcc) [M tls.so]
tls_locking.o
CC
(gcc) [M tls.so]
tls_mod.o
CC
(gcc) [M tls.so]
tls_rpc.o
CC
(gcc) [M tls.so]
tls_select.o
CC
(gcc) [M tls.so]
tls_server.o
In
file included from tls_server.c:52:0:
tls_server.c:
In function âtls_complete_initâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:192:3:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("Failed
to create SSL or BIO structure:");
^
tls_server.c:
In function âtls_shutdownâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:521:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR("SSL
error:");
^
tls_server.c:
In function âtls_encode_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:798:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:832:5:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_server.c:
In function âtls_read_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:1186:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int
ret;
\
^
tls_server.c:1220:4:
note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
CC
(gcc) [M tls.so]
tls_util.o
CC
(gcc) [M tls.so]
tls_verify.o
LD
(gcc) [M tls.so]
tls.so
make:
Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
10:05 p.m.
New subject: WSS connection is getting dropped after BYE is sent
Hi,
I have successfully configured Kamailio for WSS support using the below instructions.
Everything works perfectly except, when call is hanged up from the receiving end, Kamailio
sends BYE and the browser disconnects websocket connection right after getting response
from Kamailio with the following error message:
Firefox: WebSocket connection to 'ws://localhost:3001/websocket' failed: Invalid
frame headerChrome: The connection to ws://localhost:3001/websocket was interrupted while
the page was loading.
Everything works perfectly over plain websocket(WS). Kamailio is sending something with
the websocket that the browsers do not like. But im not sure what it is. If somebody faced
same issue before or can give any clue that would be really helpful.
Thanks in advanced!
Date: Fri, 17 Oct 2014 18:33:17 -0700
From: gascagonzalo(a)gmail.com
To: sr-users(a)lists.sip-router.org
CC: ben(a)langfeld.me
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Hi Ben,
In regards your certificates, please double check the following:a) CN field:In your webrtc
client check the URL used for wss. and verify it matches the CN field of the certificate
installed in kamailio:Example:In my sipml5 client I configured wss://ramenlabs.io:5063 and
my certificate in fact contains in the cn field ramenlabs.io
Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io
openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text
b) I have successfully configured Kamailio 4.1 with TLS and WSS using TLS port
5063Topology:1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)2) sipml5
--wss---> kamailio
Relevant configurations:kamailio.cfgtls.cfgcertificates
Kamailio:
loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/
Listening on
udp: 172.31.27.85:5060
tcp: 172.31.27.85:5060
tcp: 172.31.27.85:5062
tls: 172.31.27.85:5061
tls: 172.31.27.85:5063
Aliases:
tls: ip-172-31-27-85.us-west-2.compute.internal:5063
tls: ip-172-31-27-85.us-west-2.compute.internal:5061
tcp: ip-172-31-27-85.us-west-2.compute.internal:5062
tcp: ip-172-31-27-85.us-west-2.compute.internal:5060
udp: ip-172-31-27-85.us-west-2.compute.internal:5060
*: ramenlabs.io:*
*: 172.31.27.85:*
kamailio.cfgtls.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg
openssl s_client -connect 172.31.27.85:5063 where this i my internal IP address I get
presented the certificates.
HTH
-G
On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <dodul(a)live.com> wrote:
ok. I have made some changes. rather than getting the TLS configaration from a file I
added this lines:
#!ifdef WITH_TLS# ----- tls params -----
modparam("tls", "private_key",
"/etc/certs/sip.192.168.146.133/key.pem")modparam("tls",
"certificate",
"/etc/certs/sip.192.168.146.133/cert.pem")modparam("tls",
"ca_list", "/etc/certs/demoCA/cert.pem")
now, Im getting different logs which looks good. Getting positive results from openssl
test,
openssl s_client -connect 192.168.146.133:5061 -tls1CONNECTED(00000003)^C
But when I try to connect using my webRTC client or even from web-browsers im getting
timed out. I think im close .. please help me fixing this issue.
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9Oct 17 16:35:38
ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]:
fill_missing(): TLSs<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]:
fill_missing(): TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:305]: fill_missing(): TLSs<default>: require_certificate=0Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:312]: fill_missing(): TLSs<default>: cipher_list='(null)'Oct
17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:319]: fill_missing(): TLSs<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]:
fill_missing(): TLSs<default>: verify_certificate=0Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]:
fill_missing(): TLSs<default>: verify_depth=9Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:670]:
set_verification(): TLSs<default>: No client certificate required and no checks
performedOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9Oct 17 16:35:38
ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]:
fill_missing(): TLSc<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]:
fill_missing(): TLSc<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:305]: fill_missing(): TLSc<default>: require_certificate=0Oct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:312]: fill_missing(): TLSc<default>: cipher_list='(null)'Oct
17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls
[tls_domain.c:319]: fill_missing(): TLSc<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]:
fill_missing(): TLSc<default>: verify_certificate=0Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]:
fill_missing(): TLSc<default>: verify_depth=9Oct 17 16:35:38 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:673]:
set_verification(): TLSc<default>: Server MAY present invalid certificateOct 17
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: INFO: ctl
[io_listener.c:225]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method
(config)
11:22 p.m.
New subject: Fwd: WSS connection is getting dropped after BYE is sent
forwarding to alias
On Tue, Nov 25, 2014 at 7:09 PM, Kamrul Khan <dodul(a)live.com> wrote:
Hi,
I have successfully configured Kamailio for WSS support using the below
instructions. Everything works perfectly except, when call is hanged up
from the receiving end, Kamailio sends BYE and the browser disconnects
websocket connection right after getting response from Kamailio with the
following error message:
Firefox: WebSocket connection to 'ws://localhost:3001/websocket' failed:
Invalid frame header
Chrome: The connection to ws://localhost:3001/websocket was interrupted
while the page was loading.
Everything works perfectly over plain websocket(WS). Kamailio is sending
something with the websocket that the browsers do not like. But im not sure
what it is. If somebody faced same issue before or can give any clue that
would be really helpful.
Thanks in advanced!
------------------------------
Date: Fri, 17 Oct 2014 18:33:17 -0700
From: gascagonzalo(a)gmail.com
To: sr-users(a)lists.sip-router.org
CC: ben(a)langfeld.me
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Hi Ben,
In regards your certificates, please double check the following:
a) CN field:
In your webrtc client check the URL used for wss. and verify it matches
the CN field of the certificate installed in kamailio:
Example:
In my sipml5 client I configured wss://ramenlabs.io:5063 and my
certificate in fact contains in the cn field ramenlabs.io
Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io
openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text
b)
I have successfully configured Kamailio 4.1 with TLS and WSS using TLS
port 5063
Topology:
1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)
2) sipml5 --wss---> kamailio
Relevant configurations:
kamailio.cfg
tls.cfg
certificates
Kamailio:
loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/
Listening on
udp: 172.31.27.85:5060
tcp: 172.31.27.85:5060
tcp: 172.31.27.85:5062
tls: 172.31.27.85:5061
* tls: 172.31.27.85:5063 <http://172.31.27.85:5063>*
Aliases:
* tls: ip-172-31-27-85.us-west-2.compute.internal:5063*
tls: ip-172-31-27-85.us-west-2.compute.internal:5061
tcp: ip-172-31-27-85.us-west-2.compute.internal:5062
tcp: ip-172-31-27-85.us-west-2.compute.internal:5060
udp: ip-172-31-27-85.us-west-2.compute.internal:5060
*: ramenlabs.io:*
*: 172.31.27.85:*
kamailio.cfg
tls.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg
openssl s_client -connect 172.31.27.85:5063 where this i my internal IP
address I get presented the certificates.
HTH
-G
On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <dodul(a)live.com> wrote:
ok. I have made some changes. rather than getting the TLS configaration
from a file I added this lines:
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "private_key",
"/etc/certs/sip.192.168.146.133/key.pem")
modparam("tls", "certificate",
"/etc/certs/sip.192.168.146.133/cert.pem")
modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem")
now, Im getting different logs which looks good. Getting positive results
from openssl test,
openssl s_client -connect 192.168.146.133:5061 -tls1
CONNECTED(00000003)
^C
But when I try to connect using my webRTC client or even from web-browsers
im getting timed out. I think im close .. please help me fixing this issue.
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>:
ca_list='/etc/certs/demoCA/cert.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>:
require_certificate=0
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>:
cipher_list='(null)'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>:
verify_certificate=0
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client
certificate required and no checks performed
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>:
certificate='/etc/certs/sip.192.168.146.133/cert.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>:
ca_list='/etc/certs/demoCA/cert.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>:
require_certificate=0
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>:
cipher_list='(null)'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>:
private_key='/etc/certs/sip.192.168.146.133/key.pem'
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>:
verify_certificate=0
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY
present invalid certificate
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]:
INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop: using
epoll_lt io watch method (config)
------------------------------
From: dodul(a)live.com
To: ben(a)langfeld.me; sr-users(a)lists.sip-router.org
Date: Sat, 18 Oct 2014 05:08:20 +0600
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
I dint find any in my installation directory. probably it doesn't come
with standard installation unless you explicitly mention for it... not sure
though
------------------------------
Date: Fri, 17 Oct 2014 19:56:50 -0300
From: ben(a)langfeld.co.uk
To: sr-users(a)lists.sip-router.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Out of curiosity, why don't you use the pre-built packaged binaries
instead of building from source?
On 17 October 2014 19:53, Kamrul Khan <dodul(a)live.com> wrote:
Hi,
Im trying to connect my WebRTC clietn to kamailio via WSS. I successfully
connected it via WS but having trouble connecting it via WSS. My first
issue is I get error messages while i try to compile TLS module(console log
in the end of the document). But, still it creates tls.so file. So i copied
the tls.so to my kamailio modules directory and then updated my kamailio
configuration as below:
#!define WITH_TLS
.
.
listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif
Now, according to this mailing list,
http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html : “*when
tls module is installed, a self signed pair of certificate-private key is
generated in /usr/local/etc/kamailio”*
In my case, I dont even have the /usr/local/etc/kamailio directory. So, I
followed http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
to create my certificate and key. And updated my tsl.cfg, this is how my
tsl.cfg looks like:
[server:192.168.146.133:5061]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/certs/sip.192.168.146.133/key.pem
certificate = /etc/certs/sip.192.168.146.133/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:192.168.146.133:5061]
verify_certificate = yes
require_certificate = yes
Then I restarted my kamailio server. And i get the following errors in my
kamailio log:
Im not sure what wrong im doing. Please help me:
Oct 17 15:44:50 ubuntu kamailio: INFO: tls [tls_init.c:385]:
init_tls_compression(): tls: init_tls: disabling compression...
Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [socket_info.c:1397]:
fix_hostname(): WARNING: fix_hostname: could not rev. resolve
192.168.146.133
Oct 17 15:44:50 ubuntu kamailio: message repeated 2 times: [ WARNING:
<core> [socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO: <core> [tcp_main.c:4836]:
init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [daemonize.c:352]:
daemonize(): pid file contains old pid, replacing pid
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: utils [utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: utils [utils.c:197]: pres_db_init(): xcap_auth_status function is
disabled
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs<
192.168.146.133:5061>: No listening socket found
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while
initializing module tls
(/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: :
tls [tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR: <core> [daemonize.c:307]:
daemonize(): Main process exited before writing to pipe
tls module compile log
xxx@ubuntu:/usr/local/src/kamailio-4.1/kamailio$ sudo make -C modules/tls
make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC (gcc) [M tls.so] tls_bio.o
CC (gcc) [M tls.so] tls_cfg.o
CC (gcc) [M tls.so] tls_config.o
CC (gcc) [M tls.so] tls_ct_wrq.o
CC (gcc) [M tls.so] tls_domain.o
In file included from tls_domain.c:39:0:
tls_domain.c: In function âload_certâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:506:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_cert:");
^
tls_domain.c: In function âload_ca_listâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:536:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:543:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_domain.c: In function âload_crlâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:575:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_crl:");
^
tls_domain.c: In function âload_private_keyâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:990:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:998:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:1005:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
CC (gcc) [M tls.so] tls_dump_vf.o
CC (gcc) [M tls.so] tls_init.o
CC (gcc) [M tls.so] tls_locking.o
CC (gcc) [M tls.so] tls_mod.o
CC (gcc) [M tls.so] tls_rpc.o
CC (gcc) [M tls.so] tls_select.o
CC (gcc) [M tls.so] tls_server.o
In file included from tls_server.c:52:0:
tls_server.c: In function âtls_complete_initâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:192:3: note: in expansion of macro âTLS_ERRâ
TLS_ERR("Failed to create SSL or BIO structure:");
^
tls_server.c: In function âtls_shutdownâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:521:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("SSL error:");
^
tls_server.c: In function âtls_encode_fâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:798:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:832:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_server.c: In function âtls_read_fâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:1186:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:1220:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
CC (gcc) [M tls.so] tls_util.o
CC (gcc) [M tls.so] tls_verify.o
LD (gcc) [M tls.so] tls.so
make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER)
and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER)
and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER)
and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
18 Oct
18 Oct
4:39 a.m.
These are distributed via package repositories. I'm not sure what you mean
by "standard installation" - you mean a source tarball?
Debian: http://www.kamailio.org/wiki/packages/debs
RH variants: http://www.kamailio.org/wiki/packages/rpms
On 17 October 2014 20:08, Kamrul Khan <dodul(a)live.com> wrote:
I dint find any in my installation directory. probably
it doesn't come
with standard installation unless you explicitly mention for it... not sure
though
------------------------------
Date: Fri, 17 Oct 2014 19:56:50 -0300
From: ben(a)langfeld.co.uk
To: sr-users(a)lists.sip-router.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
Out of curiosity, why don't you use the pre-built packaged binaries
instead of building from source?
On 17 October 2014 19:53, Kamrul Khan <dodul(a)live.com> wrote:
Hi,
Im trying to connect my WebRTC clietn to kamailio via WSS. I
successfully connected it via WS but having trouble connecting it via WSS.
My first issue is I get error messages while i try to compile TLS
module(console log in the end of the document). But, still it creates
tls.so file. So i copied the tls.so to my kamailio modules directory and
then updated my kamailio configuration as below:
#!define WITH_TLS
.
.
listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif
Now, according to this mailing list,
http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html : “*when
tls module is installed, a self signed pair of certificate-private key is
generated in /usr/local/etc/kamailio”*
In my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates to
create my certificate and key. And updated my tsl.cfg, this is how my
tsl.cfg looks like:
[server:192.168.146.133:5061]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/certs/sip.192.168.146.133/key.pem
certificate = /etc/certs/sip.192.168.146.133/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:192.168.146.133:5061]
verify_certificate = yes
require_certificate = yes
Then I restarted my kamailio server. And i get the following errors in
my kamailio log:
Im not sure what wrong im doing. Please help me:
Oct 17 15:44:50 ubuntu kamailio: INFO: tls [tls_init.c:385]:
init_tls_compression(): tls: init_tls: disabling compression...
Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [socket_info.c:1397]:
fix_hostname(): WARNING: fix_hostname: could not rev. resolve
192.168.146.133
Oct 17 15:44:50 ubuntu kamailio: message repeated 2 times: [ WARNING:
<core> [socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO: <core> [tcp_main.c:4836]:
init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [daemonize.c:352]:
daemonize(): pid file contains old pid, replacing pid
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: utils [utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
INFO: utils [utils.c:197]: pres_db_init(): xcap_auth_status function is
disabled
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs<
192.168.146.133:5061>: No listening socket found
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while
initializing module tls
(/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: :
tls [tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR: <core> [daemonize.c:307]:
daemonize(): Main process exited before writing to pipe
tls module compile log
xxx@ubuntu:/usr/local/src/kamailio-4.1/kamailio$ sudo make -C modules/tls
make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC (gcc) [M tls.so] tls_bio.o
CC (gcc) [M tls.so] tls_cfg.o
CC (gcc) [M tls.so] tls_config.o
CC (gcc) [M tls.so] tls_ct_wrq.o
CC (gcc) [M tls.so] tls_domain.o
In file included from tls_domain.c:39:0:
tls_domain.c: In function âload_certâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:506:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_cert:");
^
tls_domain.c: In function âload_ca_listâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:536:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:543:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_ca_list:");
^
tls_domain.c: In function âload_crlâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:575:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_crl:");
^
tls_domain.c: In function âload_private_keyâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:990:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:998:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_domain.c:1005:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("load_private_key:");
^
CC (gcc) [M tls.so] tls_dump_vf.o
CC (gcc) [M tls.so] tls_init.o
CC (gcc) [M tls.so] tls_locking.o
CC (gcc) [M tls.so] tls_mod.o
CC (gcc) [M tls.so] tls_rpc.o
CC (gcc) [M tls.so] tls_select.o
CC (gcc) [M tls.so] tls_server.o
In file included from tls_server.c:52:0:
tls_server.c: In function âtls_complete_initâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:192:3: note: in expansion of macro âTLS_ERRâ
TLS_ERR("Failed to create SSL or BIO structure:");
^
tls_server.c: In function âtls_shutdownâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:521:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR("SSL error:");
^
tls_server.c: In function âtls_encode_fâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:798:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:832:5: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_server.c: In function âtls_read_fâ:
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:1186:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
tls_util.h:52:6: warning: variable âretâ set but not used
[-Wunused-but-set-variable]
int ret; \
^
tls_server.c:1220:4: note: in expansion of macro âTLS_ERRâ
TLS_ERR(err_src);
^
CC (gcc) [M tls.so] tls_util.o
CC (gcc) [M tls.so] tls_verify.o
LD (gcc) [M tls.so] tls.so
make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER)
and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
3653
days inactive
3692
days old
9 comments
4 participants
participants (4)
-
Ben Langfeld -
Ben Langfeld -
Gonzalo Gasca -
Kamrul Khan