subject:"Re\: \[OpenSIPS\-Users\] TLS issue with WSS"

Re: [OpenSIPS-Users] TLS issue with WSS

2019-03-12 Thread Volkan Oransoy

Hi Bogdan,

I have tried so many things to solve the issue and I can confirm that this
is a Chrome related one.  I use this js phone
https://collecttix.github.io/ctxSip/ to test my environment and it works
well on Firefox.

Thank you for your help.

Bogdan-Andrei Iancu , 5 Mar 2019 Sal, 18:59 tarihinde
şunu yazdı:

> Hi Volkan,
>
> The SSL_accept() fails (part of the SSL lib), meaning that the SSL
> handshake failed (maybe the incoming conn was not actually TLS??). I have
> to admit the log does not give more details on the error, but are you sure
> the incoming connection is a TLS valid one ?
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   https://www.opensips-solutions.com
> OpenSIPS Summit 2019
>   https://www.opensips.org/events/Summit-2019Amsterdam/
>
> On 02/27/2019 03:21 PM, Volkan Oransoy wrote:
>
> Hi all,
>
> I am trying to apply this tutorial to my test environment but I couldn't
> solve a problem with TLS handshake.
> https://www.opensips.org/Documentation/Tutorials-WebSocket-2-2
>
> My configuration is simply like that.
>
> listen=ws:10.10.10.10:8080
> listen=wss:10.10.10.10:443
> ...
> loadmodule "proto_tls.so"
> loadmodule "proto_wss.so"
> loadmodule "proto_ws.so"
> loadmodule "tls_mgm.so"
> modparam("tls_mgm", "certificate","/etc/letsencrypt/live/
> testserver.example.net/fullchain.pem")
> modparam("tls_mgm", "private_key","/etc/letsencrypt/live/
> testserver.example.net/privkey.pem")
>
>
>
> When I try to connect the server via a websocket client like SIP.js or
> jssip, I got this error.
>
> Feb 27 15:22:39 [26842] DBG:core:probe_max_sock_buff: getsockopt: snd is
> initially 425984
> Feb 27 15:22:39 [26842] INFO:core:probe_max_sock_buff: using snd buffer
> of 416 kb
> Feb 27 15:22:39 [26842] INFO:core:init_sock_keepalive: TCP keepalive
> enabled on socket 49
> Feb 27 15:22:39 [26842] DBG:core:print_ip: tcpconn_new: new tcp connection
> to: 192.168.100.100
> Feb 27 15:22:39 [26842] DBG:core:tcpconn_new: on port 34560, proto 6
> Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: entered: Creating a
> whole new ssl connection
> Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: looking up socket
> based TLS server domain [10.10.10.10:443]
> Feb 27 15:22:39 [26842] DBG:tls_mgm:tls_find_server_domain: virtual TLS
> server domain not found, Using default TLS server domain settings
> Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: found socket based
> TLS server domain [0.0.0.0:0]
> Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: Setting in ACCEPT
> mode (server)
> Feb 27 15:22:39 [26842] DBG:core:tcpconn_add: hashes: 607, 660
> Feb 27 15:22:39 [26842] DBG:core:handle_new_connect: new connection:
> 0x7fd6a55d8240 49 flags: 001c
> Feb 27 15:22:39 [26842] DBG:core:send2child: to tcp child 0 (26839),
> 0x7fd6a55d8240 rw 1
> Feb 27 15:22:39 [26839] DBG:core:handle_io: We have received conn
> 0x7fd6a55d8240 with rw 1 on fd 5
> Feb 27 15:22:39 [26839] DBG:core:io_watch_add: [TCP_worker] io_watch_add
> op (5 on 46) (0x563321968480, 5, 19, 0x7fd6a55d8240,1), fd_no=4/1024
> Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5
> Feb 27 15:22:39 [26839] DBG:proto_wss:ws_server_handshake: Using the
> global ( per process ) buff
> Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5
> Feb 27 15:22:39 [26839] DBG:proto_wss:ws_server_handshake: ws_read end
> Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5
> Feb 27 15:22:39 [26839] ERROR:proto_wss:tls_accept: New TLS connection
> from 192.168.100.100:34560 failed to accept
> Feb 27 15:22:39 [26839] ERROR:proto_wss:wss_read_req: cannot fix read
> connection
> Feb 27 15:22:39 [26839] DBG:core:io_watch_del: [TCP_worker] io_watch_del
> op on index 0 5 (0x563321968480, 5, 0, 0x10,0x3) fd_no=5 called
> Feb 27 15:22:39 [26839] DBG:core:tcpconn_release:  releasing con
> 0x7fd6a55d8240, state -2, fd=-1, id=1151231636
> Feb 27 15:22:39 [26839] DBG:core:tcpconn_release:  extra_data
> 0x7fd6a55d8438
> Feb 27 15:22:39 [26842] DBG:core:handle_tcp_worker: response=
> 7fd6a55d8240, -2 from tcp worker 26839 (0)
> Feb 27 15:22:39 [26842] DBG:core:tcpconn_destroy: destroying connection
> 0x7fd6a55d8240, flags 001c
> Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_clean: entered
> Feb 27 15:22:39 [26842] DBG:proto_wss:tls_update_fd: New fd is 49
>
>
>
> I have tried to test my installation with openssl client and I think it
> has an issue with the setup because there is an error message.
>
> ➜ openssl s_client -connect testserver.example.net:443
> CONNECTED(0005)
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> verify return:1
> depth=0 CN = testserver.example.net
> verify return:1
> 4499986028:error:14020410:SSL routines:CONNECT_CR_SESSION_TICKET:sslv3
> alert handshake
> failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.230.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL
> aler

Re: [OpenSIPS-Users] TLS issue with WSS

2019-03-05 Thread Bogdan-Andrei Iancu


Hi Volkan,

The SSL_accept() fails (part of the SSL lib), meaning that the SSL 
handshake failed (maybe the incoming conn was not actually TLS??). I 
have to admit the log does not give more details on the error, but are 
you sure the incoming connection is a TLS valid one ?


Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Summit 2019
  https://www.opensips.org/events/Summit-2019Amsterdam/

On 02/27/2019 03:21 PM, Volkan Oransoy wrote:

Hi all,

I am trying to apply this tutorial to my test environment but I 
couldn't solve a problem with TLS handshake.

https://www.opensips.org/Documentation/Tutorials-WebSocket-2-2

My configuration is simply like that.

listen=ws:10.10.10.10:8080 
listen=wss:10.10.10.10:443 
...
loadmodule "proto_tls.so"
loadmodule "proto_wss.so"
loadmodule "proto_ws.so"
loadmodule "tls_mgm.so"
modparam("tls_mgm",
"certificate","/etc/letsencrypt/live/testserver.example.net/fullchain.pem
")
modparam("tls_mgm",
"private_key","/etc/letsencrypt/live/testserver.example.net/privkey.pem
")



When I try to connect the server via a websocket client like SIP.js or 
jssip, I got this error.


Feb 27 15:22:39 [26842] DBG:core:probe_max_sock_buff: getsockopt:
snd is initially 425984
Feb 27 15:22:39 [26842] INFO:core:probe_max_sock_buff: using snd
buffer of 416 kb
Feb 27 15:22:39 [26842] INFO:core:init_sock_keepalive: TCP
keepalive enabled on socket 49
Feb 27 15:22:39 [26842] DBG:core:print_ip: tcpconn_new: new tcp
connection to: 192.168.100.100
Feb 27 15:22:39 [26842] DBG:core:tcpconn_new: on port 34560, proto 6
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: entered:
Creating a whole new ssl connection
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: looking up
socket based TLS server domain [10.10.10.10:443
]
Feb 27 15:22:39 [26842] DBG:tls_mgm:tls_find_server_domain:
virtual TLS server domain not found, Using default TLS server
domain settings
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: found socket
based TLS server domain [0.0.0.0:0 ]
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_init: Setting in
ACCEPT mode (server)
Feb 27 15:22:39 [26842] DBG:core:tcpconn_add: hashes: 607, 660
Feb 27 15:22:39 [26842] DBG:core:handle_new_connect: new
connection: 0x7fd6a55d8240 49 flags: 001c
Feb 27 15:22:39 [26842] DBG:core:send2child: to tcp child 0
(26839), 0x7fd6a55d8240 rw 1
Feb 27 15:22:39 [26839] DBG:core:handle_io: We have received conn
0x7fd6a55d8240 with rw 1 on fd 5
Feb 27 15:22:39 [26839] DBG:core:io_watch_add: [TCP_worker]
io_watch_add op (5 on 46) (0x563321968480, 5, 19,
0x7fd6a55d8240,1), fd_no=4/1024
Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5
Feb 27 15:22:39 [26839] DBG:proto_wss:ws_server_handshake: Using
the global ( per process ) buff
Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5
Feb 27 15:22:39 [26839] DBG:proto_wss:ws_server_handshake: ws_read end
Feb 27 15:22:39 [26839] DBG:proto_wss:tls_update_fd: New fd is 5
Feb 27 15:22:39 [26839] ERROR:proto_wss:tls_accept: New TLS
connection from 192.168.100.100:34560
 failed to accept
Feb 27 15:22:39 [26839] ERROR:proto_wss:wss_read_req: cannot fix
read connection
Feb 27 15:22:39 [26839] DBG:core:io_watch_del: [TCP_worker]
io_watch_del op on index 0 5 (0x563321968480, 5, 0, 0x10,0x3)
fd_no=5 called
Feb 27 15:22:39 [26839] DBG:core:tcpconn_release: releasing con
0x7fd6a55d8240, state -2, fd=-1, id=1151231636
Feb 27 15:22:39 [26839] DBG:core:tcpconn_release: extra_data
0x7fd6a55d8438
Feb 27 15:22:39 [26842] DBG:core:handle_tcp_worker: response=
7fd6a55d8240, -2 from tcp worker 26839 (0)
Feb 27 15:22:39 [26842] DBG:core:tcpconn_destroy: destroying
connection 0x7fd6a55d8240, flags 001c
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_conn_clean: entered
Feb 27 15:22:39 [26842] DBG:proto_wss:tls_update_fd: New fd is 49



I have tried to test my installation with openssl client and I think 
it has an issue with the setup because there is an error message.


➜ openssl s_client -connect testserver.example.net:443

CONNECTED(0005)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = testserver.example.net 
verify return:1
4499986028:error:14020410:SSL
routines:CONNECT_CR_SESSION_TICKET:sslv3 alert handshake

failure:/BuildRoot/Library/Caches

Re: [OpenSIPS-Users] TLS issue with WSS

Re: [OpenSIPS-Users] TLS issue with WSS

2 matches

Site Navigation

Mail list logo

Footer information