Re: wap 1.x and wtls

Thu, 21 Jul 2011 13:05:55 -0700 

That took a while...;-)
If you remove the password from you key, you should also comment out the privatekey-password from your configuration. 


With respect to your key questions, I will submit a patch to the 
documentation for wtls, which should answer your questions.



Also, where did you download this kannel version from? Your gdb trace 
doesn't correspond to the latest svn:



wap/wtls.c 820:  static void wtls_event_handle(WTLSMachine * wtls_machine, 
WAPEvent * event)


Verify that you have this line at this position in your sources.

Your gdb stack shows a completely different built:


#8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480



wtls_event_handle is called with the wrong number of arguments (1 <-> 2). 
Besides, wtls_event_handle  is not called from the state in 
wap/wtls_state-decl.h:480.



For instructions on how to download the latest svn go to kannel's site. Else 
make sure that you run (and gdb) the correct binary.


BR,
Nikos

----- Original Message ----- 
From: "Alvaro Cornejo" <[email protected]>

To: "Armindo Antunes" <[email protected]>
Cc: "Nikos Balkanas" <[email protected]>; <[email protected]>
Sent: Thursday, July 21, 2011 9:38 PM
Subject: Re: wap 1.x and wtls


might be obvious but have you chequed permissions on your key file for
the user running kannel?

|-----------------------------------------------------------------------------------------------------------------|
Envνe y Reciba Datos y mensajes de Texto (SMS) hacia y desde cualquier
celular y Nextel
en el Perϊ, Mιxico y en mas de 180 paises. Use aplicaciones 2 vias via
SMS y GPRS online
Visitenos en www.perusms.NET www.smsglobal.com.mx y
www.pravcom.com



On Thu, Jul 21, 2011 at 1:22 PM, Armindo Antunes
<[email protected]> wrote:

Hi again,
I'm now using openssl v0.9.8.h but it still crashes:

(gdb) where
#0 0x0012d422 in __kernel_vsyscall ()
#1 0x0030a651 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0x0030da82 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x0034149d in ?? () from /lib/tls/i686/cmov/libc.so.6
#4 0x003c2350 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6
#5 0x003c22fa in __stack_chk_fail () from /lib/tls/i686/cmov/libc.so.6
#6 0x080c977e in wtls_choose_ciphersuite (ciphersuites=0x82d8ac0) at
wap/wtls_statesupport.c:1190
#7 0x080c018a in clientHello (event=<value optimized out>,
wtls_machine=0x82d8550) at wap/wtls.c:458
#8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480
#9 main_thread (arg=0x0) at wap/wtls.c:397

#10 0x080ea82d in new_thread (arg=0x82ce7e8) at 
gwlib/gwthread-pthread.c:362

#11 0x001a196e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#12 0x003ada0e in clone () from /lib/tls/i686/cmov/libc.so.6
(gdb)

Can you provide the openssl commands you have used to create your
certificate?
I've created my the SSL certificate with the following commands:
openssl req -new -newkey rsa:1024 -keyout server.key -out server.req
openssl ca -policy policy_anything -notext -in server.req -out server.crt

And the following configuration:
group = wtls
certificate-file = "/etc/kannel/server.crt"
privatekey-file = "/etc/kannel/server.key"
privatekey-password = "password"

I've tried to remove the password from the private key file with the
command:
openssl x509 -in server.crt -out nopass.crt

but it hasn't worked either:
2011-07-21 19:18:59 [27074] [0] WARNING: Can't read private key
/app/users/vgw1.0/install/etc/kannel/nopass.key

Any other idea?
Thanks in advance,
Armindo Antunes


On 06-07-2011 21:17, Nikos Balkanas wrote:

Hmmm. I had tested it also with Openwave simulator, with no problems. Same
code is used in my commercial gateway in major ISPs (real mobile traffic)
without such problems either. It has been tested and developed using
openssh-0.9.8.[g,h]. Maybe there is something there.
Does this happen only with Openwave, and the 2 mobiles you mentioned, or
with just about anything you have tried?

Please post new detailed wapbox logs of 1 failed attempt. Compile with 
debug

CFLAGS (-g -Wall -- remove -s or -Ox) and if possible upload somewhere the

core for me (can send details personally). If not post the gdb core 
function

stack (use: where)

BR,
Nikos
2011/7/6 Armindo Antunes <[email protected]>


Nikos, thanks for the feedback!
See my questions below.
Best regards,
Armindo Antunes

On 06-07-2011 17:27, Nikos Balkanas wrote:


Hi,


Look at the openssl site for certificate instructions. It is not 
kannel's

responsibility.


Make sure that certificates are self-signed and without password. 
Comment

out privatekey-password from wtls configuration and retry.


Still the same behavior... any other idea?




Alex:

There was a section in UG about wtls configuration. It even included

certificate generation instructions. Apparently this was removed. Now, 
that

wtls is supported again, it should be put back.


Is it possible to recover this information? At least the certificate
generation instructions?

Thanks again,
Armindo






























					Reply via email to