Discussion:
[SR-Users] Configuring TLS and WSS with Kamailio
(too old to reply)
Kamrul Khan
2014-10-17 22:53:40 UTC
Permalink
Raw Message
Hi,



Im trying to connect my WebRTC clietn
to kamailio via WSS. I successfully connected it via WS but having
trouble connecting it via WSS. My first issue is I get error messages
while i try to compile TLS module(console log in the end of the
document). But, still it creates tls.so file. So i copied the tls.so
to my kamailio modules directory and then updated my kamailio
configuration as below:



#!define WITH_TLS
.
.listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif



Now, according to this mailing
list,http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html
: “when
tls module is installed, a self signed pair of certificate-private
key is generated in /usr/local/etc/kamailio”



In
my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
to create my certificate and key. And updated my tsl.cfg, this is how
my tsl.cfg looks like:



[server:192.168.146.133:5061]
method
= TLSv1
verify_certificate
= no
require_certificate
= no



private_key
= /etc/certs/sip.192.168.146.133/key.pem
certificate
= /etc/certs/sip.192.168.146.133/cert.pem
ca_list
= /etc/certs/demoCA/cert.pem



[client:192.168.146.133:5061]
verify_certificate
= yes
require_certificate
= yes






Then I restarted my kamailio server.
And i get the following errors in my kamailio log:




Im not sure what wrong im doing. Please
help me:



Oct 17 15:44:50 ubuntu kamailio: INFO:
tls [tls_init.c:385]: init_tls_compression(): tls: init_tls:
disabling compression...
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [socket_info.c:1397]: fix_hostname(): WARNING:
fix_hostname: could not rev. resolve 192.168.146.133
Oct 17 15:44:50 ubuntu kamailio:
message repeated 2 times: [ WARNING: <core>
[socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO:
<core> [tcp_main.c:4836]: init_tcp(): init_tcp: using epoll_lt
as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [daemonize.c:352]: daemonize(): pid file
contains old pid, replacing pid
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: usrloc
[hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:197]: pres_db_init(): xcap_auth_status function is disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: tls
[tls_init.c:668]: tls_check_sockets(): TLSs<192.168.146.133:5061>:
No listening socket found
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: <core>
[sr_module.c:970]: init_mod(): init_mod(): Error while initializing
module tls (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: : tls
[tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR:
<core> [daemonize.c:307]: daemonize(): Main process exited
before writing to pipe





tls module compile log



***@ubuntu:/usr/local/src/kamailio-4.1/kamailio$
sudo make -C modules/tls
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Leaving directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC
(gcc) [M tls.so]
tls_bio.o
CC
(gcc) [M tls.so]
tls_cfg.o
CC
(gcc) [M tls.so]
tls_config.o
CC
(gcc) [M tls.so]
tls_ct_wrq.o
CC
(gcc) [M tls.so]
tls_domain.o
In
file included from tls_domain.c:39:0:
tls_domain.c:
In function âload_certâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:506:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_cert:");

^
tls_domain.c:
In function âload_ca_listâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:536:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_ca_list:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:543:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_ca_list:");

^
tls_domain.c:
In function âload_crlâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:575:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_crl:");

^
tls_domain.c:
In function âload_private_keyâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:990:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:998:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:1005:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
CC
(gcc) [M tls.so]
tls_dump_vf.o
CC
(gcc) [M tls.so]
tls_init.o
CC
(gcc) [M tls.so]
tls_locking.o
CC
(gcc) [M tls.so]
tls_mod.o
CC
(gcc) [M tls.so]
tls_rpc.o
CC
(gcc) [M tls.so]
tls_select.o
CC
(gcc) [M tls.so]
tls_server.o
In
file included from tls_server.c:52:0:
tls_server.c:
In function âtls_complete_initâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:192:3:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("Failed
to create SSL or BIO structure:");

^
tls_server.c:
In function âtls_shutdownâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:521:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("SSL
error:");

^
tls_server.c:
In function âtls_encode_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:798:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:832:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_server.c:
In function âtls_read_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:1186:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:1220:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
CC
(gcc) [M tls.so]
tls_util.o
CC
(gcc) [M tls.so]
tls_verify.o
LD
(gcc) [M tls.so]
tls.so
make:
Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
Ben Langfeld
2014-10-17 22:56:50 UTC
Permalink
Raw Message
Out of curiosity, why don't you use the pre-built packaged binaries instead
of building from source?

On 17 October 2014 19:53, Kamrul Khan <dodul-***@public.gmane.org> wrote:

> Hi,
>
>
> Im trying to connect my WebRTC clietn to kamailio via WSS. I
> successfully connected it via WS but having trouble connecting it via WSS.
> My first issue is I get error messages while i try to compile TLS
> module(console log in the end of the document). But, still it creates
> tls.so file. So i copied the tls.so to my kamailio modules directory and
> then updated my kamailio configuration as below:
>
>
> #!define WITH_TLS
>
> .
>
> .
>
> listen=tcp:127.0.0.1:5061
>
> listen=tcp:192.168.146.133:5061
>
> .
>
> .
>
> #!ifdef WITH_TLS
>
> enable_tls=yes
>
> #!endif
>
> .
>
> .
>
> #!ifdef WITH_TLS
>
> # ----- tls params -----
>
> modparam("tls", "config", "/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
>
> #!endif
>
>
> Now, according to this mailing list,
> http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html : “*when
> tls module is installed, a self signed pair of certificate-private key is
> generated in /usr/local/etc/kamailio”*
>
>
> In my case, I dont even have the /usr/local/etc/kamailio directory. So,
> I followed
> http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates to
> create my certificate and key. And updated my tsl.cfg, this is how my
> tsl.cfg looks like:
>
>
> [server:192.168.146.133:5061]
>
> method = TLSv1
>
> verify_certificate = no
>
> require_certificate = no
>
>
> private_key = /etc/certs/sip.192.168.146.133/key.pem
>
> certificate = /etc/certs/sip.192.168.146.133/cert.pem
>
> ca_list = /etc/certs/demoCA/cert.pem
>
>
> [client:192.168.146.133:5061]
>
> verify_certificate = yes
>
> require_certificate = yes
>
>
>
> Then I restarted my kamailio server. And i get the following errors in
> my kamailio log:
>
>
> Im not sure what wrong im doing. Please help me:
>
>
> Oct 17 15:44:50 ubuntu kamailio: INFO: tls [tls_init.c:385]:
> init_tls_compression(): tls: init_tls: disabling compression...
>
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [socket_info.c:1397]:
> fix_hostname(): WARNING: fix_hostname: could not rev. resolve
> 192.168.146.133
>
> Oct 17 15:44:50 ubuntu kamailio: message repeated 2 times: [ WARNING:
> <core> [socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
> not rev. resolve 192.168.146.133]
>
> Oct 17 15:44:50 ubuntu kamailio: INFO: <core> [tcp_main.c:4836]:
> init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected)
>
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [daemonize.c:352]:
> daemonize(): pid file contains old pid, replacing pid
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:288]: mod_init(): forward functionality disabled
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:197]: pres_db_init(): xcap_auth_status function is
> disabled
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs<
> 192.168.146.133:5061>: No listening socket found
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while
> initializing module tls
> (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: :
> tls [tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
> invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
>
> Oct 17 15:44:51 ubuntu kamailio: ERROR: <core> [daemonize.c:307]:
> daemonize(): Main process exited before writing to pipe
>
>
> tls module compile log
>
>
> ***@ubuntu:/usr/local/src/kamailio-4.1/kamailio$ sudo make -C modules/tls
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> CC (gcc) [M tls.so] tls_bio.o
> CC (gcc) [M tls.so] tls_cfg.o
> CC (gcc) [M tls.so] tls_config.o
> CC (gcc) [M tls.so] tls_ct_wrq.o
> CC (gcc) [M tls.so] tls_domain.o
> In file included from tls_domain.c:39:0:
> tls_domain.c: In function âload_certâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:506:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_cert:");
> ^
> tls_domain.c: In function âload_ca_listâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:536:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_ca_list:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:543:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_ca_list:");
> ^
> tls_domain.c: In function âload_crlâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:575:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_crl:");
> ^
> tls_domain.c: In function âload_private_keyâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:990:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:998:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:1005:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> CC (gcc) [M tls.so] tls_dump_vf.o
> CC (gcc) [M tls.so] tls_init.o
> CC (gcc) [M tls.so] tls_locking.o
> CC (gcc) [M tls.so] tls_mod.o
> CC (gcc) [M tls.so] tls_rpc.o
> CC (gcc) [M tls.so] tls_select.o
> CC (gcc) [M tls.so] tls_server.o
> In file included from tls_server.c:52:0:
> tls_server.c: In function âtls_complete_initâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:192:3: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("Failed to create SSL or BIO structure:");
> ^
> tls_server.c: In function âtls_shutdownâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:521:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("SSL error:");
> ^
> tls_server.c: In function âtls_encode_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:798:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:832:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_server.c: In function âtls_read_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:1186:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:1220:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> CC (gcc) [M tls.so] tls_util.o
> CC (gcc) [M tls.so] tls_verify.o
> LD (gcc) [M tls.so] tls.so
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
Kamrul Khan
2014-10-17 23:08:20 UTC
Permalink
Raw Message
I dint find any in my installation directory. probably it doesn't come with standard installation unless you explicitly mention for it... not sure though

Date: Fri, 17 Oct 2014 19:56:50 -0300
From: ben-***@public.gmane.org
To: sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio

Out of curiosity, why don't you use the pre-built packaged binaries instead of building from source?
On 17 October 2014 19:53, Kamrul Khan <dodul-***@public.gmane.org> wrote:



Hi,



Im trying to connect my WebRTC clietn
to kamailio via WSS. I successfully connected it via WS but having
trouble connecting it via WSS. My first issue is I get error messages
while i try to compile TLS module(console log in the end of the
document). But, still it creates tls.so file. So i copied the tls.so
to my kamailio modules directory and then updated my kamailio
configuration as below:



#!define WITH_TLS
.
.listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif



Now, according to this mailing
list,http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html
: “when
tls module is installed, a self signed pair of certificate-private
key is generated in /usr/local/etc/kamailio”



In
my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
to create my certificate and key. And updated my tsl.cfg, this is how
my tsl.cfg looks like:



[server:192.168.146.133:5061]
method
= TLSv1
verify_certificate
= no
require_certificate
= no



private_key
= /etc/certs/sip.192.168.146.133/key.pem
certificate
= /etc/certs/sip.192.168.146.133/cert.pem
ca_list
= /etc/certs/demoCA/cert.pem



[client:192.168.146.133:5061]
verify_certificate
= yes
require_certificate
= yes






Then I restarted my kamailio server.
And i get the following errors in my kamailio log:




Im not sure what wrong im doing. Please
help me:



Oct 17 15:44:50 ubuntu kamailio: INFO:
tls [tls_init.c:385]: init_tls_compression(): tls: init_tls:
disabling compression...
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [socket_info.c:1397]: fix_hostname(): WARNING:
fix_hostname: could not rev. resolve 192.168.146.133
Oct 17 15:44:50 ubuntu kamailio:
message repeated 2 times: [ WARNING: <core>
[socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO:
<core> [tcp_main.c:4836]: init_tcp(): init_tcp: using epoll_lt
as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [daemonize.c:352]: daemonize(): pid file
contains old pid, replacing pid
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: usrloc
[hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:197]: pres_db_init(): xcap_auth_status function is disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: tls
[tls_init.c:668]: tls_check_sockets(): TLSs<192.168.146.133:5061>:
No listening socket found
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: <core>
[sr_module.c:970]: init_mod(): init_mod(): Error while initializing
module tls (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: : tls
[tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR:
<core> [daemonize.c:307]: daemonize(): Main process exited
before writing to pipe





tls module compile log



***@ubuntu:/usr/local/src/kamailio-4.1/kamailio$
sudo make -C modules/tls
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Leaving directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC
(gcc) [M tls.so]
tls_bio.o
CC
(gcc) [M tls.so]
tls_cfg.o
CC
(gcc) [M tls.so]
tls_config.o
CC
(gcc) [M tls.so]
tls_ct_wrq.o
CC
(gcc) [M tls.so]
tls_domain.o
In
file included from tls_domain.c:39:0:
tls_domain.c:
In function âload_certâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:506:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_cert:");

^
tls_domain.c:
In function âload_ca_listâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:536:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_ca_list:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:543:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_ca_list:");

^
tls_domain.c:
In function âload_crlâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:575:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_crl:");

^
tls_domain.c:
In function âload_private_keyâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:990:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:998:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:1005:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
CC
(gcc) [M tls.so]
tls_dump_vf.o
CC
(gcc) [M tls.so]
tls_init.o
CC
(gcc) [M tls.so]
tls_locking.o
CC
(gcc) [M tls.so]
tls_mod.o
CC
(gcc) [M tls.so]
tls_rpc.o
CC
(gcc) [M tls.so]
tls_select.o
CC
(gcc) [M tls.so]
tls_server.o
In
file included from tls_server.c:52:0:
tls_server.c:
In function âtls_complete_initâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:192:3:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("Failed
to create SSL or BIO structure:");

^
tls_server.c:
In function âtls_shutdownâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:521:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("SSL
error:");

^
tls_server.c:
In function âtls_encode_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:798:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:832:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_server.c:
In function âtls_read_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:1186:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:1220:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
CC
(gcc) [M tls.so]
tls_util.o
CC
(gcc) [M tls.so]
tls_verify.o
LD
(gcc) [M tls.so]
tls.so
make:
Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'


_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org

http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Kamrul Khan
2014-10-18 00:10:53 UTC
Permalink
Raw Message
ok. I have made some changes. rather than getting the TLS configaration from a file I added this lines:
#!ifdef WITH_TLS# ----- tls params -----
modparam("tls", "private_key", "/etc/certs/sip.192.168.146.133/key.pem")modparam("tls", "certificate", "/etc/certs/sip.192.168.146.133/cert.pem")modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem")
now, Im getting different logs which looks good. Getting positive results from openssl test,
openssl s_client -connect 192.168.146.133:5061 -tls1CONNECTED(00000003)^C
But when I try to connect using my webRTC client or even from web-browsers im getting timed out. I think im close .. please help me fixing this issue.
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>: require_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>: cipher_list='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>: verify_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client certificate required and no checks performedOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>: require_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>: cipher_list='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>: verify_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY present invalid certificateOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)

From: dodul-***@public.gmane.org
To: ben-***@public.gmane.org; sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
Date: Sat, 18 Oct 2014 05:08:20 +0600
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio




I dint find any in my installation directory. probably it doesn't come with standard installation unless you explicitly mention for it... not sure though

Date: Fri, 17 Oct 2014 19:56:50 -0300
From: ben-***@public.gmane.org
To: sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio

Out of curiosity, why don't you use the pre-built packaged binaries instead of building from source?
On 17 October 2014 19:53, Kamrul Khan <dodul-***@public.gmane.org> wrote:



Hi,



Im trying to connect my WebRTC clietn
to kamailio via WSS. I successfully connected it via WS but having
trouble connecting it via WSS. My first issue is I get error messages
while i try to compile TLS module(console log in the end of the
document). But, still it creates tls.so file. So i copied the tls.so
to my kamailio modules directory and then updated my kamailio
configuration as below:



#!define WITH_TLS
.
.listen=tcp:127.0.0.1:5061
listen=tcp:192.168.146.133:5061
.
.
#!ifdef WITH_TLS
enable_tls=yes
#!endif
.
.
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
#!endif



Now, according to this mailing
list,http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html
: “when
tls module is installed, a self signed pair of certificate-private
key is generated in /usr/local/etc/kamailio”



In
my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
to create my certificate and key. And updated my tsl.cfg, this is how
my tsl.cfg looks like:



[server:192.168.146.133:5061]
method
= TLSv1
verify_certificate
= no
require_certificate
= no



private_key
= /etc/certs/sip.192.168.146.133/key.pem
certificate
= /etc/certs/sip.192.168.146.133/cert.pem
ca_list
= /etc/certs/demoCA/cert.pem



[client:192.168.146.133:5061]
verify_certificate
= yes
require_certificate
= yes






Then I restarted my kamailio server.
And i get the following errors in my kamailio log:




Im not sure what wrong im doing. Please
help me:



Oct 17 15:44:50 ubuntu kamailio: INFO:
tls [tls_init.c:385]: init_tls_compression(): tls: init_tls:
disabling compression...
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [socket_info.c:1397]: fix_hostname(): WARNING:
fix_hostname: could not rev. resolve 192.168.146.133
Oct 17 15:44:50 ubuntu kamailio:
message repeated 2 times: [ WARNING: <core>
[socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]
Oct 17 15:44:50 ubuntu kamailio: INFO:
<core> [tcp_main.c:4836]: init_tcp(): init_tcp: using epoll_lt
as the io watch method (auto detected)
Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [daemonize.c:352]: daemonize(): pid file
contains old pid, replacing pid
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[rr_mod.c:159]: mod_init(): outbound module not available
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: usrloc
[hslot.c:53]: ul_init_locks(): locks array size 512
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:288]: mod_init(): forward functionality disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:197]: pres_db_init(): xcap_auth_status function is disabled
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: tls
[tls_init.c:668]: tls_check_sockets(): TLSs<192.168.146.133:5061>:
No listening socket found
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: <core>
[sr_module.c:970]: init_mod(): init_mod(): Error while initializing
module tls (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: : tls
[tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
Oct 17 15:44:51 ubuntu kamailio: ERROR:
<core> [daemonize.c:307]: daemonize(): Main process exited
before writing to pipe





tls module compile log



***@ubuntu:/usr/local/src/kamailio-4.1/kamailio$
sudo make -C modules/tls
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Leaving directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC
(gcc) [M tls.so]
tls_bio.o
CC
(gcc) [M tls.so]
tls_cfg.o
CC
(gcc) [M tls.so]
tls_config.o
CC
(gcc) [M tls.so]
tls_ct_wrq.o
CC
(gcc) [M tls.so]
tls_domain.o
In
file included from tls_domain.c:39:0:
tls_domain.c:
In function âload_certâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:506:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_cert:");

^
tls_domain.c:
In function âload_ca_listâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:536:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_ca_list:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:543:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_ca_list:");

^
tls_domain.c:
In function âload_crlâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:575:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_crl:");

^
tls_domain.c:
In function âload_private_keyâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:990:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:998:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:1005:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
CC
(gcc) [M tls.so]
tls_dump_vf.o
CC
(gcc) [M tls.so]
tls_init.o
CC
(gcc) [M tls.so]
tls_locking.o
CC
(gcc) [M tls.so]
tls_mod.o
CC
(gcc) [M tls.so]
tls_rpc.o
CC
(gcc) [M tls.so]
tls_select.o
CC
(gcc) [M tls.so]
tls_server.o
In
file included from tls_server.c:52:0:
tls_server.c:
In function âtls_complete_initâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:192:3:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("Failed
to create SSL or BIO structure:");

^
tls_server.c:
In function âtls_shutdownâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:521:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("SSL
error:");

^
tls_server.c:
In function âtls_encode_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:798:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:832:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_server.c:
In function âtls_read_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:1186:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:1220:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
CC
(gcc) [M tls.so]
tls_util.o
CC
(gcc) [M tls.so]
tls_verify.o
LD
(gcc) [M tls.so]
tls.so
make:
Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'


_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org

http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Gonzalo Gasca
2014-10-18 01:33:17 UTC
Permalink
Raw Message
Hi Ben,

In regards your certificates, please double check the following:
a) CN field:
In your webrtc client check the URL used for wss. and verify it matches the
CN field of the certificate installed in kamailio:
Example:
In my sipml5 client I configured wss://ramenlabs.io:5063 and my certificate
in fact contains in the cn field ramenlabs.io

Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io

openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text


b)
I have successfully configured Kamailio 4.1 with TLS and WSS using TLS port
5063
Topology:
1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)
2) sipml5 --wss---> kamailio

Relevant configurations:
kamailio.cfg
tls.cfg
certificates

Kamailio:

loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/

Listening on

udp: 172.31.27.85:5060

tcp: 172.31.27.85:5060

tcp: 172.31.27.85:5062

tls: 172.31.27.85:5061

* tls: 172.31.27.85:5063 <http://172.31.27.85:5063>*

Aliases:

* tls: ip-172-31-27-85.us-west-2.compute.internal:5063*

tls: ip-172-31-27-85.us-west-2.compute.internal:5061

tcp: ip-172-31-27-85.us-west-2.compute.internal:5062

tcp: ip-172-31-27-85.us-west-2.compute.internal:5060

udp: ip-172-31-27-85.us-west-2.compute.internal:5060

*: ramenlabs.io:*

*: 172.31.27.85:*


kamailio.cfg
tls.cfg

https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg


openssl s_client -connect 172.31.27.85:5063 where this i my internal IP
address I get presented the certificates.
HTH

-G

On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <dodul-***@public.gmane.org> wrote:

> ok. I have made some changes. rather than getting the TLS configaration
> from a file I added this lines:
>
> #!ifdef WITH_TLS
> # ----- tls params -----
>
> modparam("tls", "private_key", "/etc/certs/sip.192.168.146.133/key.pem")
> modparam("tls", "certificate", "/etc/certs/sip.192.168.146.133/cert.pem")
> modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem")
>
> now, Im getting different logs which looks good. Getting positive results
> from openssl test,
>
> openssl s_client -connect 192.168.146.133:5061 -tls1
> CONNECTED(00000003)
> ^C
>
> But when I try to connect using my webRTC client or even from web-browsers
> im getting timed out. I think im close .. please help me fixing this issue.
>
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>:
> certificate='/etc/certs/sip.192.168.146.133/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>:
> ca_list='/etc/certs/demoCA/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>:
> require_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>:
> cipher_list='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>:
> private_key='/etc/certs/sip.192.168.146.133/key.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>:
> verify_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client
> certificate required and no checks performed
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>:
> certificate='/etc/certs/sip.192.168.146.133/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>:
> ca_list='/etc/certs/demoCA/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>:
> require_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>:
> cipher_list='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>:
> private_key='/etc/certs/sip.192.168.146.133/key.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>:
> verify_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY
> present invalid certificate
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]:
> INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop: using
> epoll_lt io watch method (config)
>
>
> ------------------------------
> From: dodul-***@public.gmane.org
> To: ben-***@public.gmane.org; sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> Date: Sat, 18 Oct 2014 05:08:20 +0600
>
> Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
>
> I dint find any in my installation directory. probably it doesn't come
> with standard installation unless you explicitly mention for it... not sure
> though
>
> ------------------------------
> Date: Fri, 17 Oct 2014 19:56:50 -0300
> From: ben-***@public.gmane.org
> To: sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
>
> Out of curiosity, why don't you use the pre-built packaged binaries
> instead of building from source?
>
> On 17 October 2014 19:53, Kamrul Khan <dodul-***@public.gmane.org> wrote:
>
> Hi,
>
>
> Im trying to connect my WebRTC clietn to kamailio via WSS. I
> successfully connected it via WS but having trouble connecting it via WSS.
> My first issue is I get error messages while i try to compile TLS
> module(console log in the end of the document). But, still it creates
> tls.so file. So i copied the tls.so to my kamailio modules directory and
> then updated my kamailio configuration as below:
>
>
> #!define WITH_TLS
>
> .
>
> .
>
> listen=tcp:127.0.0.1:5061
>
> listen=tcp:192.168.146.133:5061
>
> .
>
> .
>
> #!ifdef WITH_TLS
>
> enable_tls=yes
>
> #!endif
>
> .
>
> .
>
> #!ifdef WITH_TLS
>
> # ----- tls params -----
>
> modparam("tls", "config", "/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
>
> #!endif
>
>
> Now, according to this mailing list,
> http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html : “*when
> tls module is installed, a self signed pair of certificate-private key is
> generated in /usr/local/etc/kamailio”*
>
>
> In my case, I dont even have the /usr/local/etc/kamailio directory. So,
> I followed
> http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates to
> create my certificate and key. And updated my tsl.cfg, this is how my
> tsl.cfg looks like:
>
>
> [server:192.168.146.133:5061]
>
> method = TLSv1
>
> verify_certificate = no
>
> require_certificate = no
>
>
> private_key = /etc/certs/sip.192.168.146.133/key.pem
>
> certificate = /etc/certs/sip.192.168.146.133/cert.pem
>
> ca_list = /etc/certs/demoCA/cert.pem
>
>
> [client:192.168.146.133:5061]
>
> verify_certificate = yes
>
> require_certificate = yes
>
>
>
> Then I restarted my kamailio server. And i get the following errors in
> my kamailio log:
>
>
> Im not sure what wrong im doing. Please help me:
>
>
> Oct 17 15:44:50 ubuntu kamailio: INFO: tls [tls_init.c:385]:
> init_tls_compression(): tls: init_tls: disabling compression...
>
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [socket_info.c:1397]:
> fix_hostname(): WARNING: fix_hostname: could not rev. resolve
> 192.168.146.133
>
> Oct 17 15:44:50 ubuntu kamailio: message repeated 2 times: [ WARNING:
> <core> [socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
> not rev. resolve 192.168.146.133]
>
> Oct 17 15:44:50 ubuntu kamailio: INFO: <core> [tcp_main.c:4836]:
> init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected)
>
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [daemonize.c:352]:
> daemonize(): pid file contains old pid, replacing pid
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:288]: mod_init(): forward functionality disabled
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:197]: pres_db_init(): xcap_auth_status function is
> disabled
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs<
> 192.168.146.133:5061>: No listening socket found
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while
> initializing module tls
> (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: :
> tls [tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
> invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
>
> Oct 17 15:44:51 ubuntu kamailio: ERROR: <core> [daemonize.c:307]:
> daemonize(): Main process exited before writing to pipe
>
>
> tls module compile log
>
>
> ***@ubuntu:/usr/local/src/kamailio-4.1/kamailio$ sudo make -C modules/tls
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> CC (gcc) [M tls.so] tls_bio.o
> CC (gcc) [M tls.so] tls_cfg.o
> CC (gcc) [M tls.so] tls_config.o
> CC (gcc) [M tls.so] tls_ct_wrq.o
> CC (gcc) [M tls.so] tls_domain.o
> In file included from tls_domain.c:39:0:
> tls_domain.c: In function âload_certâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:506:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_cert:");
> ^
> tls_domain.c: In function âload_ca_listâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:536:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_ca_list:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:543:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_ca_list:");
> ^
> tls_domain.c: In function âload_crlâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:575:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_crl:");
> ^
> tls_domain.c: In function âload_private_keyâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:990:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:998:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:1005:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> CC (gcc) [M tls.so] tls_dump_vf.o
> CC (gcc) [M tls.so] tls_init.o
> CC (gcc) [M tls.so] tls_locking.o
> CC (gcc) [M tls.so] tls_mod.o
> CC (gcc) [M tls.so] tls_rpc.o
> CC (gcc) [M tls.so] tls_select.o
> CC (gcc) [M tls.so] tls_server.o
> In file included from tls_server.c:52:0:
> tls_server.c: In function âtls_complete_initâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:192:3: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("Failed to create SSL or BIO structure:");
> ^
> tls_server.c: In function âtls_shutdownâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:521:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("SSL error:");
> ^
> tls_server.c: In function âtls_encode_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:798:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:832:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_server.c: In function âtls_read_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:1186:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:1220:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> CC (gcc) [M tls.so] tls_util.o
> CC (gcc) [M tls.so] tls_verify.o
> LD (gcc) [M tls.so] tls.so
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________ SIP Express Router (SER)
> and Kamailio (OpenSER) - sr-users mailing list
> sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________ SIP Express Router (SER)
> and Kamailio (OpenSER) - sr-users mailing list
> sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
Ben Langfeld
2014-10-18 01:39:52 UTC
Permalink
Raw Message
These are distributed via package repositories. I'm not sure what you mean
by "standard installation" - you mean a source tarball?

Debian: http://www.kamailio.org/wiki/packages/debs
RH variants: http://www.kamailio.org/wiki/packages/rpms

On 17 October 2014 20:08, Kamrul Khan <dodul-***@public.gmane.org> wrote:

> I dint find any in my installation directory. probably it doesn't come
> with standard installation unless you explicitly mention for it... not sure
> though
>
> ------------------------------
> Date: Fri, 17 Oct 2014 19:56:50 -0300
> From: ben-***@public.gmane.org
> To: sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
>
>
> Out of curiosity, why don't you use the pre-built packaged binaries
> instead of building from source?
>
> On 17 October 2014 19:53, Kamrul Khan <dodul-***@public.gmane.org> wrote:
>
> Hi,
>
>
> Im trying to connect my WebRTC clietn to kamailio via WSS. I
> successfully connected it via WS but having trouble connecting it via WSS.
> My first issue is I get error messages while i try to compile TLS
> module(console log in the end of the document). But, still it creates
> tls.so file. So i copied the tls.so to my kamailio modules directory and
> then updated my kamailio configuration as below:
>
>
> #!define WITH_TLS
>
> .
>
> .
>
> listen=tcp:127.0.0.1:5061
>
> listen=tcp:192.168.146.133:5061
>
> .
>
> .
>
> #!ifdef WITH_TLS
>
> enable_tls=yes
>
> #!endif
>
> .
>
> .
>
> #!ifdef WITH_TLS
>
> # ----- tls params -----
>
> modparam("tls", "config", "/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
>
> #!endif
>
>
> Now, according to this mailing list,
> http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html : “*when
> tls module is installed, a self signed pair of certificate-private key is
> generated in /usr/local/etc/kamailio”*
>
>
> In my case, I dont even have the /usr/local/etc/kamailio directory. So,
> I followed
> http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates to
> create my certificate and key. And updated my tsl.cfg, this is how my
> tsl.cfg looks like:
>
>
> [server:192.168.146.133:5061]
>
> method = TLSv1
>
> verify_certificate = no
>
> require_certificate = no
>
>
> private_key = /etc/certs/sip.192.168.146.133/key.pem
>
> certificate = /etc/certs/sip.192.168.146.133/cert.pem
>
> ca_list = /etc/certs/demoCA/cert.pem
>
>
> [client:192.168.146.133:5061]
>
> verify_certificate = yes
>
> require_certificate = yes
>
>
>
> Then I restarted my kamailio server. And i get the following errors in
> my kamailio log:
>
>
> Im not sure what wrong im doing. Please help me:
>
>
> Oct 17 15:44:50 ubuntu kamailio: INFO: tls [tls_init.c:385]:
> init_tls_compression(): tls: init_tls: disabling compression...
>
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [socket_info.c:1397]:
> fix_hostname(): WARNING: fix_hostname: could not rev. resolve
> 192.168.146.133
>
> Oct 17 15:44:50 ubuntu kamailio: message repeated 2 times: [ WARNING:
> <core> [socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
> not rev. resolve 192.168.146.133]
>
> Oct 17 15:44:50 ubuntu kamailio: INFO: <core> [tcp_main.c:4836]:
> init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected)
>
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [daemonize.c:352]:
> daemonize(): pid file contains old pid, replacing pid
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:288]: mod_init(): forward functionality disabled
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:197]: pres_db_init(): xcap_auth_status function is
> disabled
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs<
> 192.168.146.133:5061>: No listening socket found
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while
> initializing module tls
> (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: :
> tls [tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
> invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
>
> Oct 17 15:44:51 ubuntu kamailio: ERROR: <core> [daemonize.c:307]:
> daemonize(): Main process exited before writing to pipe
>
>
> tls module compile log
>
>
> ***@ubuntu:/usr/local/src/kamailio-4.1/kamailio$ sudo make -C modules/tls
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> CC (gcc) [M tls.so] tls_bio.o
> CC (gcc) [M tls.so] tls_cfg.o
> CC (gcc) [M tls.so] tls_config.o
> CC (gcc) [M tls.so] tls_ct_wrq.o
> CC (gcc) [M tls.so] tls_domain.o
> In file included from tls_domain.c:39:0:
> tls_domain.c: In function âload_certâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:506:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_cert:");
> ^
> tls_domain.c: In function âload_ca_listâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:536:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_ca_list:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:543:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_ca_list:");
> ^
> tls_domain.c: In function âload_crlâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:575:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_crl:");
> ^
> tls_domain.c: In function âload_private_keyâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:990:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:998:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:1005:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> CC (gcc) [M tls.so] tls_dump_vf.o
> CC (gcc) [M tls.so] tls_init.o
> CC (gcc) [M tls.so] tls_locking.o
> CC (gcc) [M tls.so] tls_mod.o
> CC (gcc) [M tls.so] tls_rpc.o
> CC (gcc) [M tls.so] tls_select.o
> CC (gcc) [M tls.so] tls_server.o
> In file included from tls_server.c:52:0:
> tls_server.c: In function âtls_complete_initâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:192:3: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("Failed to create SSL or BIO structure:");
> ^
> tls_server.c: In function âtls_shutdownâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:521:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("SSL error:");
> ^
> tls_server.c: In function âtls_encode_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:798:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:832:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_server.c: In function âtls_read_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:1186:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:1220:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> CC (gcc) [M tls.so] tls_util.o
> CC (gcc) [M tls.so] tls_verify.o
> LD (gcc) [M tls.so] tls.so
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________ SIP Express Router (SER)
> and Kamailio (OpenSER) - sr-users mailing list
> sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
dodul
2014-10-18 03:32:26 UTC
Permalink
Raw Message
Hi

Thanks a lot for your reply. I'll check the cn and let you know. In my configuration I'm listening to tcp port but no tls port? Can that be the reason? Otherthan that if it was rejected because of the certificate shouldn't I get some errors in the log? Every time I'm trying it's getting request timed out.




Sent from my Samsung Galaxy smartphone.


-------- Original message --------
From: Gonzalo Gasca <gascagonzalo-***@public.gmane.org>
Date:10-17-2014 19:33 (GMT-06:00)
To: "Kamailio (SER) - Users Mailing List" <sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org>
Cc: ben-***@public.gmane.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio

Hi Ben,

In regards your certificates, please double check the following:
a) CN field:
In your webrtc client check the URL used for wss. and verify it matches the
CN field of the certificate installed in kamailio:
Example:
In my sipml5 client I configured wss://ramenlabs.io:5063 and my certificate
in fact contains in the cn field ramenlabs.io

Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io

openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text


b)
I have successfully configured Kamailio 4.1 with TLS and WSS using TLS port
5063
Topology:
1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)
2) sipml5 --wss---> kamailio

Relevant configurations:
kamailio.cfg
tls.cfg
certificates

Kamailio:

loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/

Listening on

udp: 172.31.27.85:5060

tcp: 172.31.27.85:5060

tcp: 172.31.27.85:5062

tls: 172.31.27.85:5061

* tls: 172.31.27.85:5063 <http://172.31.27.85:5063>*

Aliases:

* tls: ip-172-31-27-85.us-west-2.compute.internal:5063*

tls: ip-172-31-27-85.us-west-2.compute.internal:5061

tcp: ip-172-31-27-85.us-west-2.compute.internal:5062

tcp: ip-172-31-27-85.us-west-2.compute.internal:5060

udp: ip-172-31-27-85.us-west-2.compute.internal:5060

*: ramenlabs.io:*

*: 172.31.27.85:*


kamailio.cfg
tls.cfg

https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg


openssl s_client -connect 172.31.27.85:5063 where this i my internal IP
address I get presented the certificates.
HTH

-G

On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <dodul-***@public.gmane.org> wrote:

> ok. I have made some changes. rather than getting the TLS configaration
> from a file I added this lines:
>
> #!ifdef WITH_TLS
> # ----- tls params -----
>
> modparam("tls", "private_key", "/etc/certs/sip.192.168.146.133/key.pem")
> modparam("tls", "certificate", "/etc/certs/sip.192.168.146.133/cert.pem")
> modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem")
>
> now, Im getting different logs which looks good. Getting positive results
> from openssl test,
>
> openssl s_client -connect 192.168.146.133:5061 -tls1
> CONNECTED(00000003)
> ^C
>
> But when I try to connect using my webRTC client or even from web-browsers
> im getting timed out. I think im close .. please help me fixing this issue.
>
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>:
> certificate='/etc/certs/sip.192.168.146.133/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>:
> ca_list='/etc/certs/demoCA/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>:
> require_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>:
> cipher_list='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>:
> private_key='/etc/certs/sip.192.168.146.133/key.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>:
> verify_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client
> certificate required and no checks performed
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>:
> certificate='/etc/certs/sip.192.168.146.133/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>:
> ca_list='/etc/certs/demoCA/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>:
> require_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>:
> cipher_list='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>:
> private_key='/etc/certs/sip.192.168.146.133/key.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>:
> verify_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY
> present invalid certificate
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]:
> INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop: using
> epoll_lt io watch method (config)
>
>
> ------------------------------
> From: dodul-***@public.gmane.org
> To: ben-***@public.gmane.org; sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> Date: Sat, 18 Oct 2014 05:08:20 +0600
>
> Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
>
> I dint find any in my installation directory. probably it doesn't come
> with standard installation unless you explicitly mention for it... not sure
> though
>
> ------------------------------
> Date: Fri, 17 Oct 2014 19:56:50 -0300
> From: ben-***@public.gmane.org
> To: sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
>
> Out of curiosity, why don't you use the pre-built packaged binaries
> instead of building from source?
>
> On 17 October 2014 19:53, Kamrul Khan <dodul-***@public.gmane.org> wrote:
>
> Hi,
>
>
> Im trying to connect my WebRTC clietn to kamailio via WSS. I
> successfully connected it via WS but having trouble connecting it via WSS.
> My first issue is I get error messages while i try to compile TLS
> module(console log in the end of the document). But, still it creates
> tls.so file. So i copied the tls.so to my kamailio modules directory and
> then updated my kamailio configuration as below:
>
>
> #!define WITH_TLS
>
> .
>
> .
>
> listen=tcp:127.0.0.1:5061
>
> listen=tcp:192.168.146.133:5061
>
> .
>
> .
>
> #!ifdef WITH_TLS
>
> enable_tls=yes
>
> #!endif
>
> .
>
> .
>
> #!ifdef WITH_TLS
>
> # ----- tls params -----
>
> modparam("tls", "config", "/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
>
> #!endif
>
>
> Now, according to this mailing list,
> http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html : “*when
> tls module is installed, a self signed pair of certificate-private key is
> generated in /usr/local/etc/kamailio”*
>
>
> In my case, I dont even have the /usr/local/etc/kamailio directory. So,
> I followed
> http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates to
> create my certificate and key. And updated my tsl.cfg, this is how my
> tsl.cfg looks like:
>
>
> [server:192.168.146.133:5061]
>
> method = TLSv1
>
> verify_certificate = no
>
> require_certificate = no
>
>
> private_key = /etc/certs/sip.192.168.146.133/key.pem
>
> certificate = /etc/certs/sip.192.168.146.133/cert.pem
>
> ca_list = /etc/certs/demoCA/cert.pem
>
>
> [client:192.168.146.133:5061]
>
> verify_certificate = yes
>
> require_certificate = yes
>
>
>
> Then I restarted my kamailio server. And i get the following errors in
> my kamailio log:
>
>
> Im not sure what wrong im doing. Please help me:
>
>
> Oct 17 15:44:50 ubuntu kamailio: INFO: tls [tls_init.c:385]:
> init_tls_compression(): tls: init_tls: disabling compression...
>
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [socket_info.c:1397]:
> fix_hostname(): WARNING: fix_hostname: could not rev. resolve
> 192.168.146.133
>
> Oct 17 15:44:50 ubuntu kamailio: message repeated 2 times: [ WARNING:
> <core> [socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
> not rev. resolve 192.168.146.133]
>
> Oct 17 15:44:50 ubuntu kamailio: INFO: <core> [tcp_main.c:4836]:
> init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected)
>
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [daemonize.c:352]:
> daemonize(): pid file contains old pid, replacing pid
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:288]: mod_init(): forward functionality disabled
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:197]: pres_db_init(): xcap_auth_status function is
> disabled
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs<
> 192.168.146.133:5061>: No listening socket found
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while
> initializing module tls
> (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
>
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: :
> tls [tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
> invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
>
> Oct 17 15:44:51 ubuntu kamailio: ERROR: <core> [daemonize.c:307]:
> daemonize(): Main process exited before writing to pipe
>
>
> tls module compile log
>
>
> ***@ubuntu:/usr/local/src/kamailio-4.1/kamailio$ sudo make -C modules/tls
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> CC (gcc) [M tls.so] tls_bio.o
> CC (gcc) [M tls.so] tls_cfg.o
> CC (gcc) [M tls.so] tls_config.o
> CC (gcc) [M tls.so] tls_ct_wrq.o
> CC (gcc) [M tls.so] tls_domain.o
> In file included from tls_domain.c:39:0:
> tls_domain.c: In function âload_certâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:506:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_cert:");
> ^
> tls_domain.c: In function âload_ca_listâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:536:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_ca_list:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:543:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_ca_list:");
> ^
> tls_domain.c: In function âload_crlâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:575:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_crl:");
> ^
> tls_domain.c: In function âload_private_keyâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:990:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:998:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:1005:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> CC (gcc) [M tls.so] tls_dump_vf.o
> CC (gcc) [M tls.so] tls_init.o
> CC (gcc) [M tls.so] tls_locking.o
> CC (gcc) [M tls.so] tls_mod.o
> CC (gcc) [M tls.so] tls_rpc.o
> CC (gcc) [M tls.so] tls_select.o
> CC (gcc) [M tls.so] tls_server.o
> In file included from tls_server.c:52:0:
> tls_server.c: In function âtls_complete_initâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:192:3: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("Failed to create SSL or BIO structure:");
> ^
> tls_server.c: In function âtls_shutdownâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:521:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("SSL error:");
> ^
> tls_server.c: In function âtls_encode_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:798:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:832:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_server.c: In function âtls_read_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:1186:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:1220:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> CC (gcc) [M tls.so] tls_util.o
> CC (gcc) [M tls.so] tls_verify.o
> LD (gcc) [M tls.so] tls.so
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________ SIP Express Router (SER)
> and Kamailio (OpenSER) - sr-users mailing list
> sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________ SIP Express Router (SER)
> and Kamailio (OpenSER) - sr-users mailing list
> sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
Kamrul Khan
2014-10-20 23:01:24 UTC
Permalink
Raw Message
I added tls listening port in my config. Now it is working fine.

Date: Fri, 17 Oct 2014 18:33:17 -0700
From: gascagonzalo-***@public.gmane.org
To: sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
CC: ben-***@public.gmane.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio

Hi Ben,
In regards your certificates, please double check the following:a) CN field:In your webrtc client check the URL used for wss. and verify it matches the CN field of the certificate installed in kamailio:Example:In my sipml5 client I configured wss://ramenlabs.io:5063 and my certificate in fact contains in the cn field ramenlabs.io







Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io
openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text
b) I have successfully configured Kamailio 4.1 with TLS and WSS using TLS port 5063Topology:1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)2) sipml5 --wss---> kamailio
Relevant configurations:kamailio.cfgtls.cfgcertificates
Kamailio:







loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/









Listening on

udp: 172.31.27.85:5060

tcp: 172.31.27.85:5060

tcp: 172.31.27.85:5062

tls: 172.31.27.85:5061

tls: 172.31.27.85:5063

Aliases:

tls: ip-172-31-27-85.us-west-2.compute.internal:5063

tls: ip-172-31-27-85.us-west-2.compute.internal:5061

tcp: ip-172-31-27-85.us-west-2.compute.internal:5062

tcp: ip-172-31-27-85.us-west-2.compute.internal:5060

udp: ip-172-31-27-85.us-west-2.compute.internal:5060

*: ramenlabs.io:*

*: 172.31.27.85:*


kamailio.cfgtls.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg










openssl s_client -connect 172.31.27.85:5063 where this i my internal IP address I get presented the certificates.
HTH
-G
On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <dodul-***@public.gmane.org> wrote:



ok. I have made some changes. rather than getting the TLS configaration from a file I added this lines:
#!ifdef WITH_TLS# ----- tls params -----
modparam("tls", "private_key", "/etc/certs/sip.192.168.146.133/key.pem")modparam("tls", "certificate", "/etc/certs/sip.192.168.146.133/cert.pem")modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem")
now, Im getting different logs which looks good. Getting positive results from openssl test,
openssl s_client -connect 192.168.146.133:5061 -tls1CONNECTED(00000003)^C
But when I try to connect using my webRTC client or even from web-browsers im getting timed out. I think im close .. please help me fixing this issue.
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>: require_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>: cipher_list='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>: verify_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client certificate required and no checks performedOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>: require_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>: cipher_list='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>: verify_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY present invalid certificateOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)

From: dodul-***@public.gmane.org
To: ben-***@public.gmane.org; sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
Date: Sat, 18 Oct 2014 05:08:20 +0600
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio




I dint find any in my installation directory. probably it doesn't come with standard installation unless you explicitly mention for it... not sure though

Date: Fri, 17 Oct 2014 19:56:50 -0300
From: ben-***@public.gmane.org
To: sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio

Out of curiosity, why don't you use the pre-built packaged binaries instead of building from source?
On 17 October 2014 19:53, Kamrul Khan <dodul-***@public.gmane.org> wrote:



Hi,





Im trying to connect my WebRTC clietn
to kamailio via WSS. I successfully connected it via WS but having
trouble connecting it via WSS. My first issue is I get error messages
while i try to compile TLS module(console log in the end of the
document). But, still it creates tls.so file. So i copied the tls.so
to my kamailio modules directory and then updated my kamailio
configuration as below:





#!define WITH_TLS

.

.
listen=tcp:127.0.0.1:5061

listen=tcp:192.168.146.133:5061

.

.

#!ifdef WITH_TLS

enable_tls=yes

#!endif

.

.

#!ifdef WITH_TLS

# ----- tls params -----

modparam("tls", "config",
"/usr/local/kamailio-devel/etc/kamailio/tls.cfg")

#!endif





Now, according to this mailing
list,http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html
: “when
tls module is installed, a self signed pair of certificate-private
key is generated in /usr/local/etc/kamailio”





In
my case, I dont even have the /usr/local/etc/kamailio directory. So,
I followed
http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
to create my certificate and key. And updated my tsl.cfg, this is how
my tsl.cfg looks like:





[server:192.168.146.133:5061]

method
= TLSv1

verify_certificate
= no

require_certificate
= no





private_key
= /etc/certs/sip.192.168.146.133/key.pem

certificate
= /etc/certs/sip.192.168.146.133/cert.pem

ca_list
= /etc/certs/demoCA/cert.pem





[client:192.168.146.133:5061]

verify_certificate
= yes

require_certificate
= yes









Then I restarted my kamailio server.
And i get the following errors in my kamailio log:






Im not sure what wrong im doing. Please
help me:





Oct 17 15:44:50 ubuntu kamailio: INFO:
tls [tls_init.c:385]: init_tls_compression(): tls: init_tls:
disabling compression...

Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [socket_info.c:1397]: fix_hostname(): WARNING:
fix_hostname: could not rev. resolve 192.168.146.133

Oct 17 15:44:50 ubuntu kamailio:
message repeated 2 times: [ WARNING: <core>
[socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
not rev. resolve 192.168.146.133]

Oct 17 15:44:50 ubuntu kamailio: INFO:
<core> [tcp_main.c:4836]: init_tcp(): init_tcp: using epoll_lt
as the io watch method (auto detected)

Oct 17 15:44:50 ubuntu kamailio:
WARNING: <core> [daemonize.c:352]: daemonize(): pid file
contains old pid, replacing pid

Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob

Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: rr
[rr_mod.c:159]: mod_init(): outbound module not available

Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: usrloc
[hslot.c:53]: ul_init_locks(): locks array size 512

Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:288]: mod_init(): forward functionality disabled

Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: INFO: utils
[utils.c:197]: pres_db_init(): xcap_auth_status function is disabled

Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: tls
[tls_init.c:668]: tls_check_sockets(): TLSs<192.168.146.133:5061>:
No listening socket found

Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: ERROR: <core>
[sr_module.c:970]: init_mod(): init_mod(): Error while initializing
module tls (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)

Oct 17 15:44:50 ubuntu
/usr/local/kamailio-devel//sbin/kamailio[11013]: : tls
[tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
invalid lock number: 30 (range 0 - 0), called from eng_table.c:227

Oct 17 15:44:51 ubuntu kamailio: ERROR:
<core> [daemonize.c:307]: daemonize(): Main process exited
before writing to pipe






tls module compile log




***@ubuntu:/usr/local/src/kamailio-4.1/kamailio$
sudo make -C modules/tls
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Leaving directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
make:
Entering directory
`/usr/local/src/kamailio-4.1/kamailio/modules/tls'
CC
(gcc) [M tls.so]
tls_bio.o
CC
(gcc) [M tls.so]
tls_cfg.o
CC
(gcc) [M tls.so]
tls_config.o
CC
(gcc) [M tls.so]
tls_ct_wrq.o
CC
(gcc) [M tls.so]
tls_domain.o
In
file included from tls_domain.c:39:0:
tls_domain.c:
In function âload_certâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:506:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_cert:");

^
tls_domain.c:
In function âload_ca_listâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:536:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_ca_list:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:543:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_ca_list:");

^
tls_domain.c:
In function âload_crlâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:575:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_crl:");

^
tls_domain.c:
In function âload_private_keyâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:990:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:998:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_domain.c:1005:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("load_private_key:");

^
CC
(gcc) [M tls.so]
tls_dump_vf.o
CC
(gcc) [M tls.so]
tls_init.o
CC
(gcc) [M tls.so]
tls_locking.o
CC
(gcc) [M tls.so]
tls_mod.o
CC
(gcc) [M tls.so]
tls_rpc.o
CC
(gcc) [M tls.so]
tls_select.o
CC
(gcc) [M tls.so]
tls_server.o
In
file included from tls_server.c:52:0:
tls_server.c:
In function âtls_complete_initâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:192:3:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("Failed
to create SSL or BIO structure:");

^
tls_server.c:
In function âtls_shutdownâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:521:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR("SSL
error:");

^
tls_server.c:
In function âtls_encode_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:798:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:832:5:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_server.c:
In function âtls_read_fâ:
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:1186:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
tls_util.h:52:6:
warning: variable âretâ set but not used
[-Wunused-but-set-variable]

int
ret;
\

^
tls_server.c:1220:4:
note: in expansion of macro âTLS_ERRâ

TLS_ERR(err_src);

^
CC
(gcc) [M tls.so]
tls_util.o
CC
(gcc) [M tls.so]
tls_verify.o
LD
(gcc) [M tls.so]
tls.so
make:
Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'


_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org

http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users





_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

sr-users-cR8azDVoa3IcDhw6gZKtMWD2FQJk+8+***@public.gmane.org

http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Loading...