Hi, The code you are describing is general wap code and doesn't have anything to do with the wtls patch. This is part of the wap_event_assert() function and should be there. If you use buggy emulators that send NULL data, you should disable assertions, not introduce bugs to wap_event_support. In production you should also not use assertions anyway.
As far as the MAC length goes, I have been using the Openwave 6.2.2 emulator, among others. I am not getting the problem you stet, however, I am getting "Invalid WSP packet received" by kannel. Therefore, I do not use Openwave for wtls tests, rather I use the Nokia NMBS 4.0 and Winwap. What version Openwave are you using? The mac[10] used there is just for printing purposes in debug logs, not the algos. That's why propably I've never had it in production, since I don't use debug level in production logs, for performance reasons. Largest names are "SHA_NOLIMIT" and "MD5_NOLIMIT", each 11 bytes long. So mac[15] should be fine. Can you submit a patch to devel, or should I do it? BR, Nikos ----- Original Message ----- From: Armindo Antunes To: Nikos Balkanas Cc: [email protected] Sent: Friday, July 22, 2011 5:02 PM Subject: Re: wap 1.x and wtls Ops, wrong line numbering. wap/wap_events.c: 229: #define OCTSTR(name) 230: //gw_assert(p->name != NULL); 231: /* This is a trick to make the Octstr module run its assertions */ 232: //gw_assert(octstr_len(p->name) >= 0); On 22-07-2011 14:57, Armindo Antunes wrote: Hi again :) I'm now able to use WTLS with the openwave simulator. I've commented the `p->user_data != NULL' assert section in the code wap/wap_events.c 233: #define OCTSTR(name) 234: //gw_assert(p->name != NULL); 235: /* This is a trick to make the Octstr module run its assertions */ 236: //gw_assert(octstr_len(p->name) >= 0); I'm not sure why this was null but removing the null assertion seems to work. Best regards, Armindo Antunes On 22-07-2011 12:15, Armindo Antunes wrote: Hi all @Nikos: Thanks for posting the WTLS documentation and for all the support! :) About the code, I'me using the version 1.5 from a yesterday "daily snapshot", so I have the right code. By analyzing the code, I've solved the crash: In the file wap/wtls_statesupport.c:1174, mac size of 10 is too small for macs like: SHA_NOLIMIT, MD5_NOLIMIT I've fixed this issue by increasing mac size: 1174: char cipher[20], mac[15]; But now, I have another crash :-( 2011-07-22 12:02:25 [20568] [5] PANIC: wap/wap_events.def:142: wap_event_assert: Assertion `p->user_data != NULL' failed. Detailed logs: 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: decoded headers: 2011-07-22 12:02:25 [20568] [1] DEBUG: Encoding-version: 1.3 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept: application/vnd.wap.wmlc, application/vnd.wap.wmlscriptc, application/vnd.wap.multipart.related, application/vnd.wap.multipart.mixed, application/vnd.phonecom.mmc-wbxml, application/octet-stream, application/vnd.oma.drm.message, text/plain, text/css, image/bmp, image/gif, image/jpeg, image/png, image/vnd.wap.wbmp, application/vnd.wap.sic, application/vnd.wap.slc, application/vnd.wap.coc, application/vnd.wap.connectivity-wbxml, application/vnd.wap.xhtml+xml, application/xhtml+xml;profile="http://www.wapforum.org/xhtml";, text/html, application/smil, application/vnd.wap.mms-message, application/vnd.oma.drm.content, application/vnd.oma.drm.message, application/vnd.oma.drm.rights+xml, application/vnd.oma.drm.rights+wbxml, image/svg+xml, image/pjpeg, application/x-shockwave-flash, image/x-vnd.openwave.lzrw1, application/vnd.openwave.svg, text/vnd.sun.j2me.app-descriptor, application/java-archive, application/java, application/vnd.oma.dd+xml, text/x-vmessage, image/ems, audio/wav, audio/x-wav, audio/midi, audio/x-midi, application/vnd.uplanet.bearer-choice-wbxml 2011-07-22 12:02:25 [20568] [1] DEBUG: User-Agent: OPWV-SDK UP.Browser/7.0.2.3.119 (GUI) MMP/2.0 Push/PO 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en-GB 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en; q=0.8 2011-07-22 12:02:25 [20568] [1] DEBUG: Profile: http://devgate2.openwave.com/uaprof/OPWVSDK70.xml 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: End of decoded headers. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: Session machine: Encoding-Version: 1.3 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP 0: New state CONNECTING 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: machine 0x88521d0, state CONNECTING, event S-Connect.res 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: Mapping `Encoding-Version', WSP 1.3 to 0x0043. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP 0: New state CONNECTING_2 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: resp_machine 0, state RESULT_WAIT, event TR-Result.req. 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: begin_sar_result(): data len = 27 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: dispath_to_wdp(): psn = 0 2011-07-22 12:02:25 [20568] [5] DEBUG: wtls_dispatch_resp ~> Dispatching datagram to bearerbox 2011-07-22 12:02:25 [20568] [5] DEBUG: Sending Response PDU: 2011-07-22 12:02:25 [20568] [5] DEBUG: PDU type: Application 2011-07-22 12:02:25 [20568] [5] DEBUG: Reserved bit: 0 2011-07-22 12:02:25 [20568] [5] DEBUG: Cipher in use: 1 2011-07-22 12:02:25 [20568] [5] DEBUG: Sequence number in use: -1 2011-07-22 12:02:25 [20568] [5] DEBUG: Record field length present: 1 2011-07-22 12:02:25 [20568] [5] DEBUG: Application: 2011-07-22 12:02:25 [20568] [5] DEBUG: Octet string at 0x8850888: 2011-07-22 12:02:25 [20568] [5] DEBUG: len: 30 2011-07-22 12:02:25 [20568] [5] DEBUG: size: 1024 2011-07-22 12:02:25 [20568] [5] DEBUG: immutable: 0 2011-07-22 12:02:25 [20568] [5] DEBUG: data: 12 86 b9 02 00 15 02 04 80 94 80 00 04 81 94 80 ................ 2011-07-22 12:02:25 [20568] [5] DEBUG: data: 00 02 82 00 02 83 03 02 84 01 01 86 c3 93 .............. 2011-07-22 12:02:25 [20568] [5] DEBUG: Octet string dump ends. 2011-07-22 12:02:25 [20568] [5] DEBUG: Packed PDU Length: 56 2011-07-22 12:02:25 [20568] [5] DEBUG: adding address 2011-07-22 12:02:25 [20568] [5] PANIC: wap/wap_events.def:142: wap_event_assert: Assertion `p->user_data != NULL' failed. 2011-07-22 12:02:25 [20568] [5] PANIC: wapbox(gw_panic+0xcd) [0x80f4b3d] 2011-07-22 12:02:25 [20568] [5] PANIC: wapbox(wap_event_assert+0x2712) [0x80aa842] 2011-07-22 12:02:25 [20568] [5] PANIC: wapbox(wap_event_destroy+0x16) [0x80b0ee6] 2011-07-22 12:02:25 [20568] [5] PANIC: wapbox() [0x80cfa8c] 2011-07-22 12:02:25 [20568] [5] PANIC: wapbox() [0x80d0414] 2011-07-22 12:02:25 [20568] [5] PANIC: wapbox() [0x80eb02d] 2011-07-22 12:02:25 [20568] [5] PANIC: /lib/tls/i686/cmov/libpthread.so.0(+0x596e) [0xc9896e] 2011-07-22 12:02:25 [20568] [5] PANIC: /lib/tls/i686/cmov/libc.so.6(clone+0x5e) [0x525a0e] gdb is not helping here (it doesn't show the callstack). Attached is a wireshark capture of the WTLS + WTP session. I'm currently using openwave simulator to test WTLS. Any idea why this p->user_data is null? Thanks, Armindo Antunes On 21-07-2011 21:05, Nikos Balkanas wrote: That took a while...;-) If you remove the password from you key, you should also comment out the privatekey-password from your configuration. With respect to your key questions, I will submit a patch to the documentation for wtls, which should answer your questions. Also, where did you download this kannel version from? Your gdb trace doesn't correspond to the latest svn: wap/wtls.c 820: static void wtls_event_handle(WTLSMachine * wtls_machine, WAPEvent * event) Verify that you have this line at this position in your sources. Your gdb stack shows a completely different built: #8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480 wtls_event_handle is called with the wrong number of arguments (1 <-> 2). Besides, wtls_event_handle is not called from the state in wap/wtls_state-decl.h:480. For instructions on how to download the latest svn go to kannel's site. Else make sure that you run (and gdb) the correct binary. BR, Nikos ----- Original Message ----- From: "Alvaro Cornejo" <[email protected]> To: "Armindo Antunes" <[email protected]> Cc: "Nikos Balkanas" <[email protected]>; <[email protected]> Sent: Thursday, July 21, 2011 9:38 PM Subject: Re: wap 1.x and wtls might be obvious but have you chequed permissions on your key file for the user running kannel? |-----------------------------------------------------------------------------------------------------------------| Envνe y Reciba Datos y mensajes de Texto (SMS) hacia y desde cualquier celular y Nextel en el Perϊ, Mιxico y en mas de 180 paises. Use aplicaciones 2 vias via SMS y GPRS online Visitenos en www.perusms.NET www.smsglobal.com.mx y www.pravcom.com On Thu, Jul 21, 2011 at 1:22 PM, Armindo Antunes <[email protected]> wrote: Hi again, I'm now using openssl v0.9.8.h but it still crashes: (gdb) where #0 0x0012d422 in __kernel_vsyscall () #1 0x0030a651 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0x0030da82 in abort () from /lib/tls/i686/cmov/libc.so.6 #3 0x0034149d in ?? () from /lib/tls/i686/cmov/libc.so.6 #4 0x003c2350 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6 #5 0x003c22fa in __stack_chk_fail () from /lib/tls/i686/cmov/libc.so.6 #6 0x080c977e in wtls_choose_ciphersuite (ciphersuites=0x82d8ac0) at wap/wtls_statesupport.c:1190 #7 0x080c018a in clientHello (event=<value optimized out>, wtls_machine=0x82d8550) at wap/wtls.c:458 #8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480 #9 main_thread (arg=0x0) at wap/wtls.c:397 #10 0x080ea82d in new_thread (arg=0x82ce7e8) at gwlib/gwthread-pthread.c:362 #11 0x001a196e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #12 0x003ada0e in clone () from /lib/tls/i686/cmov/libc.so.6 (gdb) Can you provide the openssl commands you have used to create your certificate? I've created my the SSL certificate with the following commands: openssl req -new -newkey rsa:1024 -keyout server.key -out server.req openssl ca -policy policy_anything -notext -in server.req -out server.crt And the following configuration: group = wtls certificate-file = "/etc/kannel/server.crt" privatekey-file = "/etc/kannel/server.key" privatekey-password = "password" I've tried to remove the password from the private key file with the command: openssl x509 -in server.crt -out nopass.crt but it hasn't worked either: 2011-07-21 19:18:59 [27074] [0] WARNING: Can't read private key /app/users/vgw1.0/install/etc/kannel/nopass.key Any other idea? Thanks in advance, Armindo Antunes On 06-07-2011 21:17, Nikos Balkanas wrote: Hmmm. I had tested it also with Openwave simulator, with no problems. Same code is used in my commercial gateway in major ISPs (real mobile traffic) without such problems either. It has been tested and developed using openssh-0.9.8.[g,h]. Maybe there is something there. Does this happen only with Openwave, and the 2 mobiles you mentioned, or with just about anything you have tried? Please post new detailed wapbox logs of 1 failed attempt. Compile with debug CFLAGS (-g -Wall -- remove -s or -Ox) and if possible upload somewhere the core for me (can send details personally). If not post the gdb core function stack (use: where) BR, Nikos 2011/7/6 Armindo Antunes <[email protected]> Nikos, thanks for the feedback! See my questions below. Best regards, Armindo Antunes On 06-07-2011 17:27, Nikos Balkanas wrote: Hi, Look at the openssl site for certificate instructions. It is not kannel's responsibility. Make sure that certificates are self-signed and without password. Comment out privatekey-password from wtls configuration and retry. Still the same behavior... any other idea? Alex: There was a section in UG about wtls configuration. It even included certificate generation instructions. Apparently this was removed. Now, that wtls is supported again, it should be put back. Is it possible to recover this information? At least the certificate generation instructions? Thanks again, Armindo
