[Freeswitch-users] wss conection closed
Javier Menendez
menendez.garcia at gmail.com
Fri Jul 11 12:08:19 MSD 2014
wss endpoint looks fine,I have included the cert chain,and the test looks
fine
Result Check Information Valid To 07 Jun 2016 ( 697 days ) Weak
Key <http://certlogik.com/ssl-checker/#> Does not use a key on our
blacklist ( this is good ) Key-Size <http://certlogik.com/ssl-checker/#>
2048 Signature Algorithm Strong (sha256WithRSAEncryption) Site
Listed Yes (website:myhost is listed in the certifcate) Trusted Yes
(certificate verified to a trusted root)
Is there any new config param from 1.4 to 1.5 regarding wss? I know there
were issues with browsers and I am using same config files from 1.4 in
1.5...may be?
On Thu, Jul 10, 2014 at 6:53 PM, Ciprian Dosoftei <
ciprian.dosoftei at gmail.com> wrote:
> Then it's a server side thing issue. Have you validated the WSS endpoint
> here: http://www.sslshopper.com/ssl-checker.html?
>
> It may be able to point of some soft errors
>
> -Ciprian
>
>
> On 10 July 2014 17:48, Javier Menendez <menendez.garcia at gmail.com> wrote:
>
>> You are right, nothing relevant, the socket is closed before.
>>
>>
>> I think it must be something related with chrome, in latest version 35 it
>> is not working but in version 26 it works.. but webrtc.freeswitch.org
>> works with version 35! what am I missing?
>>
>>
>> On Thu, Jul 10, 2014 at 6:28 PM, Ciprian Dosoftei <
>> ciprian.dosoftei at gmail.com> wrote:
>>
>>> You may be able to pull more info from the connection's entry on the
>>> Network tab of the developer's console. In normal circumstances, it should
>>> show a HTTP response code of 101 and a negotiation response like:
>>>
>>> Connection:Upgrade
>>> Sec-WebSocket-Accept:oVcPX2zhUVgae46nZWQT3WyOOQ0=
>>> Upgrade:websocket
>>>
>>> I bet the latter is not coming through since the connection is reset.
>>>
>>> If you cannot get any relevant info from this angle, I think a packet
>>> capture is the next step.
>>>
>>> -C
>>>
>>>
>>>
>>>
>>> On 10 July 2014 17:07, Javier Menendez <menendez.garcia at gmail.com>
>>> wrote:
>>>
>>>> Thanks ciprian,
>>>> I am trying to debug this with chrome, I tryed to make a raw websocket
>>>> connection
>>>> conn = new WebSocket("wss://myhost:10081")
>>>>
>>>> and I got a readyState 3. that's all I can debug :/
>>>>
>>>> If I access to https://myhost:10081/ it says verified, and its green...
>>>>
>>>>
>>>> On Thu, Jul 10, 2014 at 5:40 PM, Ciprian Dosoftei <
>>>> ciprian.dosoftei at gmail.com> wrote:
>>>>
>>>>> Javier,
>>>>>
>>>>> It looks like the client is resetting the connection, it may after all
>>>>> be a SSL issue.
>>>>>
>>>>> Best way to start debugging is to pop up the developer console (I use
>>>>> Chrome and it never disappoints me when it comes down to tracking down
>>>>> issues) and see what's unusual with that WSS connection.
>>>>>
>>>>> -Ciprian
>>>>>
>>>>>
>>>>> On 10 July 2014 12:27, Javier Menendez <menendez.garcia at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I am trying to get the wss connection work, tried everything and
>>>>>> still doesn't work, I don't think it is a certificate problem because if I
>>>>>> try this manually:
>>>>>>
>>>>>> curl -v https://myhost.com:10081/ -H "Upgrade: WebSocket" -H
>>>>>> "Connection: Upgrade" -H "Sec-WebSocket-Protocol: sip" -H
>>>>>> "Sec-WebSocket-Key: +LLGYSDSKelND6UVF9z71w==" -H "Sec-WebSocket-Version:
>>>>>> 13"
>>>>>> * About to connect() to myhost.com port 10081 (#0)
>>>>>> * Trying X.X.X.X... connected
>>>>>> * Connected to myhost.com (X.X.X.X) port 10081 (#0)
>>>>>> * successfully set certificate verify locations:
>>>>>> * CAfile: none
>>>>>> CApath: /etc/ssl/certs
>>>>>> * SSLv3, TLS handshake, Client hello (1):
>>>>>> * SSLv3, TLS handshake, Server hello (2):
>>>>>> * SSLv3, TLS handshake, CERT (11):
>>>>>> * SSLv3, TLS handshake, Server finished (14):
>>>>>> * SSLv3, TLS handshake, Client key exchange (16):
>>>>>> * SSLv3, TLS change cipher, Client hello (1):
>>>>>> * SSLv3, TLS handshake, Finished (20):
>>>>>> * SSLv3, TLS change cipher, Client hello (1):
>>>>>> * SSLv3, TLS handshake, Finished (20):
>>>>>> * SSL connection using AES256-SHA
>>>>>> * Server certificate:
>>>>>> * subject: OU=Domain Control Validated; CN=myhost.com
>>>>>> * start date: 2014-06-16 10:09:42 GMT
>>>>>> * expire date: 2016-06-07 11:02:46 GMT
>>>>>> * subjectAltName: myhost.com matched
>>>>>> * issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.;
>>>>>> OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure
>>>>>> Certificate Authority - G2
>>>>>> * SSL certificate verify ok.
>>>>>> > GET / HTTP/1.1
>>>>>> > User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.19.7
>>>>>> OpenSSL/0.9.8o zlib/1.2.3.3 libidn/1.15
>>>>>> > Host: myhost.com:10081
>>>>>> > Accept: */*
>>>>>> > Upgrade: WebSocket
>>>>>> > Connection: Upgrade
>>>>>> > Sec-WebSocket-Protocol: sip
>>>>>> > Sec-WebSocket-Key: +LLGYSDSKelND6UVF9z71w==
>>>>>> > Sec-WebSocket-Version: 13
>>>>>> >
>>>>>> < HTTP/1.1 101 Switching Protocols
>>>>>> < Upgrade: websocket
>>>>>> < Connection: Upgrade
>>>>>> < Sec-WebSocket-Accept: CQsVOMdurBA
>>>>>>
>>>>>>
>>>>>> so it seems to work, but if I try with jssip or sipml5 library I got
>>>>>> this trace log and the socket gets disconnected within half second
>>>>>>
>>>>>> freeswitch at internal> tport.c:2749 tport_wakeup_pri()
>>>>>> tport_wakeup_pri(0x7f2198004f20): events IN
>>>>>> tport.c:862 tport_alloc_secondary()
>>>>>> tport_alloc_secondary(0x7f2198004f20): new secondary tport 0x7f21980afb20
>>>>>> tport.c:2640 tport_accept() tport_accept(0x7f21980afb20): new
>>>>>> connection from wss/130.117.88.33:62056/sips
>>>>>> tport.c:2773 tport_wakeup() tport_wakeup(0x7f21980afb20): events IN
>>>>>> tport.c:2864 tport_recv_event() tport_recv_event(0x7f21980afb20)
>>>>>> tport.c:2296 tport_set_secondary_timer() tport(0x7f21980afb20): reset
>>>>>> timer
>>>>>> tport.c:2773 tport_wakeup() tport_wakeup(0x7f21980afb20): events IN
>>>>>> HUP ERR
>>>>>> nta.c:2719 agent_tp_error() nta_agent: tport: Conexión reinicializada
>>>>>> por la máquina remota
>>>>>> tport.c:2090 tport_close() tport_close(0x7f21980afb20): wss/
>>>>>> 130.117.88.33:62056/sips
>>>>>>
>>>>>> I am using last version from git and I also tried with 1.4 versions.
>>>>>> I have accept-blind-auth and accept-blind-reg to true, any clue?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org
>>>>>> http://www.freeswitchsolutions.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org
>>>>>> http://wiki.freeswitch.org
>>>>>> http://www.cluecon.com
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best Regards,
>>>>> Ciprian Dosoftei
>>>>>
>>>>> The information transmitted is intended only for the addressee and may
>>>>> contain privileged and/or confidential material. If you are not the
>>>>> intended recipient, kindly contact the sender and delete the message.
>>>>>
>>>>> Any disclosure, distribution or copying of this message is strictly
>>>>> prohibited without the expressed permission of the sender.
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>>
>>>>
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>>
>>> --
>>> Best Regards,
>>> Ciprian Dosoftei
>>>
>>> The information transmitted is intended only for the addressee and may
>>> contain privileged and/or confidential material. If you are not the
>>> intended recipient, kindly contact the sender and delete the message.
>>>
>>> Any disclosure, distribution or copying of this message is strictly
>>> prohibited without the expressed permission of the sender.
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>>
>>>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>>
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
>
> --
> Best Regards,
> Ciprian Dosoftei
>
> The information transmitted is intended only for the addressee and may
> contain privileged and/or confidential material. If you are not the
> intended recipient, kindly contact the sender and delete the message.
>
> Any disclosure, distribution or copying of this message is strictly
> prohibited without the expressed permission of the sender.
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140711/44e2d251/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list