Hello everyone, Could a good SSL work on my case ? Like if i got it from Comodo or something like that. Could it work ?
I really need it work, if someone can help me, ping me on skype : voipmanvn Thank you in advance. ThanhTruong > On Jul 16, 2021, at 00:04, ThanhTruong <[email protected]> wrote: > > > Hi Fred, > > i do not need client to present cert as well. i think that is your last > question. > > BTW, my kamailio is in NAT and has advertise on public IP. > > So, does it effect on websocket and tls configuration ? > > I have something in kamailio.cfg like: > > > #!substdef "!LOCALHOST_WSS4_ADDR!tls:IP4_LOCALHOST:MY_WSS_PORT advertise > mydomain.com <http://mydomain.com/>:MY_WSS_PORT!g" > > Thanks > ThanhTruong > > >> On Jul 15, 2021, at 22:28, ThanhTruong <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hello Fred and all, >> >> I set to no and try again, same issue. >> >> this is tls.cfg >> >> [server:default] >> method = TLSv1+ >> verify_certificate = no >> require_certificate = no >> private_key = /etc/letsencrypt/live/mydomain.com/privkey.pem >> <http://mydomain.com/privkey.pem> >> certificate = /etc/letsencrypt/live/mydomain.com/fullchain.pem >> <http://mydomain.com/fullchain.pem> >> >> [client:default] >> verify_certificate = no >> require_certificate = no >> >> >> >> >> and log is same >> >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> >> [core/ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: >> 27.65.214.194 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> >> [core/tcp_main.c:1174]: tcpconn_new(): on port 64742, type 3, socket 40 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> >> [core/tcp_main.c:1493]: tcpconn_add(): hashes: 303:768:633, 1 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> >> [core/io_wait.h:375]: io_watch_add(): DBG: io_watch_add(0x558c2e300aa0, 40, >> 2, 0x7fb1a8451258), fd_no=32 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> >> [core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x558c2e300aa0, 40, >> -1, 0x0) fd_no=33 called >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> >> [core/tcp_main.c:4456]: handle_tcpconn_ev(): sending to child, events 1 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> >> [core/tcp_main.c:4126]: send2child(): selected tcp worker idx:0 proc:10 >> pid:24060 for activity on [tls:172.31.44.170:4443], 0x7fb1a8451258 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> >> [core/tcp_read.c:1749]: handle_io(): received n=8 con=0x7fb1a8451258, fd=9 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_server.c:199]: tls_complete_init(): completing tls connection >> initialization >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_server.c:228]: tls_complete_init(): Using initial TLS domain >> TLSs<default> (dom 0x7fb1a82d20a8 ctx 0x7fb1a83242e8 sn []) >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:1177]: tls_lookup_private_key(): Private key lookup for >> SSL_CTX-0x7fb1a83242e8: (nil) >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:948]: tls_server_name_cb(): received server_name (TLS >> extension): 'mydomain.com <http://mydomain.com/>' >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:967]: tls_server_name_cb(): TLS cfg domain selected for >> received server name [mydomain.com <http://mydomain.com/>]: socket [:0] >> server name='' - switching SSL CTX to 0x7fb1a83242e8 dom 0x7fb1a82d20a8 >> (default) >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> >> [core/tcp_main.c:2705]: tcpconn_do_send(): sending... >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> >> [core/tcp_main.c:2738]: tcpconn_do_send(): after real write: c= >> 0x7fb1a8451258 n=4593 fd=9 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> >> [core/tcp_main.c:2739]: tcpconn_do_send(): buf=#012#026#003#003 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> >> [core/io_wait.h:375]: io_watch_add(): DBG: io_watch_add(0x558c2e36c740, 9, >> 2, 0x7fb1a8451258), fd_no=1 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:1177]: tls_lookup_private_key(): Private key lookup for >> SSL_CTX-0x7fb1a83242e8: (nil) >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:751]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated >> by client >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:747]: sr_ssl_ctx_info_callback(): SSL handshake started >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:751]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated >> by client >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_domain.c:759]: sr_ssl_ctx_info_callback(): SSL handshake done >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_server.c:424]: tls_accept(): TLS accept successful >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_server.c:431]: tls_accept(): tls_accept: new connection from >> 27.65.214.194:64742 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_server.c:434]: tls_accept(): tls_accept: local socket: >> 172.31.44.170:4443 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_server.c:445]: tls_accept(): tls_accept: client did not present a >> certificate >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: tls >> [tls_server.c:1199]: tls_h_read_f(): Reading on a renegotiation of >> connection (n:569) (0) >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> >> [core/tcp_read.c:1515]: tcp_read_req(): EOF >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> >> [core/io_wait.h:600]: io_watch_del(): DBG: io_watch_del (0x558c2e36c740, 9, >> -1, 0x10) fd_no=2 called >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> >> [core/tcp_read.c:1884]: handle_io(): removing from list 0x7fb1a8451258 id 1 >> fd 9, state 2, flags 4018, main fd 40, refcnt 2 ([27.65.214.194]:64742 -> >> [27.65.214.194]:4443) >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> >> [core/tcp_read.c:1668]: release_tcpconn(): releasing con 0x7fb1a8451258, >> state -1, fd=9, id=1 ([27.65.214.194]:64742 -> [27.65.214.194]:4443) >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24060]: DEBUG: <core> >> [core/tcp_read.c:1672]: release_tcpconn(): extra_data 0x7fb1a8431bc8 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: <core> >> [core/tcp_main.c:3558]: handle_tcp_child(): reader response= 7fb1a8451258, >> -1 from 0 >> Jul 15 15:27:51 ip-172-31-44-170 sbin/kamailio[24072]: DEBUG: tls >> [tls_server.c:683]: tls_h_tcpconn_close_f(): Closing SSL connection >> 0x7fb1a8431bc8 >> >> >> >> :) >> >> Thanks, >> Thanhtruong >> >>> On Jul 15, 2021, at 22:17, Fred Posner <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> On 7/15/21 11:12 AM, ThanhTruong wrote: >>>> i am not sure what is the issue. >>> >>> Well, you are currently requiring a client certificate. If you are not >>> meaning to do this, set that to no. >>> >>> -- >>> Fred Posner -- www.palner.com <http://www.palner.com/> >>> Matrix: @fred:matrix.lod.com <http://matrix.lod.com/> >> >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
