You could try using kamailio 3.0 which has a reworked TLS implementation
which might work better.
Also, it may be that the problem is on SIPp side. I tested sipp with TLS
some years ago and it was not stable.
You could try with pjsip-perf - it should be rather easy to extend it to
TLS (http://www.pjsip.org/pjsip/docs/html/page_pjsip_perf_c.htm)
Naother approach would be to test TLS between Kamailio and Kamailio:
sipp ---UDP----> Kamailio ----TLS-----> Kamailio
regards
klaus
Am 18.02.2010 10:21, schrieb Hemanshu Patel:
though it shows everything is working fine from sipp end...
my capacity with sipp+tls is around 20% to normal sipp.
i mean normal kamailio without tls.
ant kamailio log gives this error:
18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16991]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:_tls_read:
something wrong in SSL: 5
Feb 18 14:52:43 localhost ./sbin/kamailio[16987]: ERROR:core:tcp_read_req:
failed to read
Feb 18 14:52:43 localhost ./sbin/kamailio[16989]: ERROR:core:_tls_read:
something wrong in SSL
i had created user certificate during process,which i set in kamailio
config file.
When i gave same certificate and private key to sipp...then it works..
but i am not sure if this is the right way.
Becaue i also for testing created another certificates signed by same
rootCA, and when imported those to sipp....they didnt work...
i am confused...that am i using TLS the way it should be or not?
can anyone suggest some nice docs/tutorials about TLS? pls dont just give
me google results..
--
Regards,
Hemanshu Patel
M: 09601295238
Hello friendsm,
I am testing TLS feature of both kamailio and Sipp.
I first downloaded kamailio 1.5.x TLS supported version, uncommented
TLS=1
from Makefiel and then build the kamailio.
first i test kamailio without TLS with sipp for registration and
everything works file.
Then i follow "http://www.kamailio.org/docs/tls-devel.html"; and creates
rootCA, user certificates and all configuration parameters to
kamailio.cfg
file
Config paras are as below:
/* uncomment the following lines to enable TLS support (default off) */
disable_tls = no
listen = tls:172.16.16.218:5091
tls_verify_server = 1
tls_verify_client = 1
tls_require_client_certificate = 1
tls_method = TLSv1
tls_certificate =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-cert.pem"
tls_private_key =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-privkey.pem"
tls_ca_list =
"/data/hemanshu/install/kam-tls/etc/kamailio/tls/user/user-calist.pem"
and restart kamailio server
It works and i can see via netstat on port 5091.
but when i starts sipp it gives me following error.
[heman...@localhost sipp.3.1]$ ./sipp -sf ./data/rauth.xml -inf
./data/user.csv -r 1 -m 1 -trace_err -trace_stat -nd -fd 1 -i
172.16.16.218 172.16.16.218:5091 -t l1
2010-02-18 13:51:40:244 1266481300.244432: FI_init_ssl_context:
SSL_CTX_use_certificate_file failed.
I know i have built sipp with TLS support, then i can not figure out
where
is the problem.
Sipp says user certification file failed ..but client doesnt need any
certification file...or does it?
i even tried with tls_verify_client = 1 ,
tls_require_client_certificate
= 1, playing with different combinations...but still same ans.
Can anyone suggest me what could be wrong?
Have i made any mistake in configuring kamailio or theres some problem
in
SIPP.
--
Regards,
Hemanshu Patel
M: 09601295238
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users@lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users@lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
