Hi Fred, i do not need client to present cert as well. i think that is your last question.
BTW, my kamailio is in NAT and has advertise on public IP. So, does it effect on websocket and tls configuration ? I have something in kamailio.cfg like: #!substdef "!LOCALHOST_WSS4_ADDR!tls:IP4_LOCALHOST:MY_WSS_PORT advertise mydomain.com:MY_WSS_PORT!g" Thanks ThanhTruong > On Jul 15, 2021, at 22:28, ThanhTruong <[email protected]> wrote: > > Hello Fred and all, > > I set to no and try again, same issue. > > this is tls.cfg > > [server:default] > method = TLSv1+ > verify_certificate = no > require_certificate = no > private_key = /etc/letsencrypt/live/mydomain.com/privkey.pem > <http://mydomain.com/privkey.pem> > certificate = /etc/letsencrypt/live/mydomain.com/fullchain.pem > <http://mydomain.com/fullchain.pem> > > [client:default] > verify_certificate = no > require_certificate = no > > > > > and log is same > > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> > [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: > 27.65.214.194 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> > [core/tcp_main.c:1174]: tcpconn_new(): on port 64742, type 3, socket 40 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> > [core/tcp_main.c:1493]: tcpconn_add(): hashes: 303:768:633, 1 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> > [core/io_wait.h:375]: io_watch_add(): DBG: io_watch_add(0x558c2e300aa0, 40, > 2, 0x7fb1a8451258), fd_no=32 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> > [core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x558c2e300aa0, 40, > -1, 0x0) fd_no=33 called > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> > [core/tcp_main.c:4456]: handle_tcpconn_ev(): sending to child, events 1 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> > [core/tcp_main.c:4126]: send2child(): selected tcp worker idx:0 proc:10 > pid:24060 for activity on [tls:172.31.44.170:4443], 0x7fb1a8451258 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> > [core/tcp_read.c:1749]: handle_io(): received n=8 con=0x7fb1a8451258, fd=9 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_server.c:199]: tls_complete_init(): completing tls connection > initialization > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_server.c:228]: tls_complete_init(): Using initial TLS domain > TLSs<default> (dom 0x7fb1a82d20a8 ctx 0x7fb1a83242e8 sn []) > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:1177]: tls_lookup_private_key(): Private key lookup for > SSL_CTX-0x7fb1a83242e8: (nil) > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:948]: tls_server_name_cb(): received server_name (TLS > extension): 'mydomain.com <http://mydomain.com/>' > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:967]: tls_server_name_cb(): TLS cfg domain selected for > received server name [mydomain.com <http://mydomain.com/>]: socket [:0] > server name='' - switching SSL CTX to 0x7fb1a83242e8 dom 0x7fb1a82d20a8 > (default) > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> > [core/tcp_main.c:2705]: tcpconn_do_send(): sending... > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> > [core/tcp_main.c:2738]: tcpconn_do_send(): after real write: c= > 0x7fb1a8451258 n=4593 fd=9 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> > [core/tcp_main.c:2739]: tcpconn_do_send(): buf=#012#026#003#003 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> > [core/io_wait.h:375]: io_watch_add(): DBG: io_watch_add(0x558c2e36c740, 9, 2, > 0x7fb1a8451258), fd_no=1 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:1177]: tls_lookup_private_key(): Private key lookup for > SSL_CTX-0x7fb1a83242e8: (nil) > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:751]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated > by client > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:751]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated > by client > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_server.c:424]: tls_accept(): TLS accept successful > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_server.c:431]: tls_accept(): tls_accept: new connection from > 27.65.214.194:64742 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_server.c:434]: tls_accept(): tls_accept: local socket: 172.31.44.170:4443 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_server.c:445]: tls_accept(): tls_accept: client did not present a > certificate > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls > [tls_server.c:1199]: tls_h_read_f(): Reading on a renegotiation of connection > (n:569) (0) > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> > [core/tcp_read.c:1515]: tcp_read_req(): EOF > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> > [core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x558c2e36c740, 9, > -1, 0x10) fd_no=2 called > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> > [core/tcp_read.c:1884]: handle_io(): removing from list 0x7fb1a8451258 id 1 > fd 9, state 2, flags 4018, main fd 40, refcnt 2 ([27.65.214.194]:64742 -> > [27.65.214.194]:4443) > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> > [core/tcp_read.c:1668]: release_tcpconn(): releasing con 0x7fb1a8451258, > state -1, fd=9, id=1 ([27.65.214.194]:64742 -> [27.65.214.194]:4443) > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> > [core/tcp_read.c:1672]: release_tcpconn(): extra_data 0x7fb1a8431bc8 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> > [core/tcp_main.c:3558]: handle_tcp_child(): reader response= 7fb1a8451258, -1 > from 0 > Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: tls > [tls_server.c:683]: tls_h_tcpconn_close_f(): Closing SSL connection > 0x7fb1a8431bc8 > > > > :) > > Thanks, > Thanhtruong > >> On Jul 15, 2021, at 22:17, Fred Posner <[email protected] >> <mailto:[email protected]>> wrote: >> >> On 7/15/21 11:12 AM, ThanhTruong wrote: >>> i am not sure what is the issue. >> >> Well, you are currently requiring a client certificate. If you are not >> meaning to do this, set that to no. >> >> -- >> Fred Posner -- www.palner.com <http://www.palner.com/> >> Matrix: @fred:matrix.lod.com <http://matrix.lod.com/> >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
