self singed ssl certificate webrtc2sip

[Andrey Loginov]

Hello
How do I generate self-signed ssl certificate to work with webrtc2sip?
Please advice.

[andy424]

I followed this guide from code ghar to create a certificate authority, generate a private key, public key csr and then signed it using the CA certificate

and voila it started working

So I highly recommend this set of steps documented at code ghar to get your certificate credentials in order for those of you struggling to make it work with firefox which uses dtls for srtp.

http://codeghar.wordpress.com/2013/04/16/create-private-certificate-authority-on-linux/

http://codeghar.wordpress.com/2013/04/16/generate-certificate-signing-request-on-linux/

http://codeghar.wordpress.com/2013/04/16/use-private-certificate-authority-to-sign-certificate-signing-request-on-linux/

[Aryn Nakaoka]

Do you have this working? Would you let me see your site? 

[Jean Silva]

I did as described, however when I conectarme the server, it does not release connection,
I have a CentOS server (Elastix) WEBRTC2SIP use a gateway, and let the output certificate.
when I connect through a browser it does not release the machine's browser is a windows 8, and I exported the certificates for crt (windows) installed but still does not work.

[Yaniv Nahoum]

After struggling with the configuration on webrtc2sip's config.xml. I'd like to post the correct configuration for all those trying to make DTLS work (either for FireFox or for Chrome v35+):

Assuming you followed the tutorials above and created the following:

* private key:  /home/user/myca/private/key.ca.cg.pem 

* root certificate: /home/user/myca/certs/crt.ca.cg.pem

* new private key: /home/user/mycert/private/key.csr.server1.pem

* certificate signing request: /home/user/mycert/csr/csr.server1.pem

* self signed certificate: /home/user/myca/certs/crt.server1.pem

The following configuration for the ssl-certificates element works:

<ssl-certificates>

    /home/user/mycert/private/key.csr.server1.pem; <!-- new private key -->

    /home/user/myca/certs/crt.server1.pem; <!-- self signed certificate -->

    *;

    no

</ssl-certificates>

[andre...@gmail.com]

I build telepresence with doubango, where require private key, public key, and ca.

you show the steps of get ca and private key. how to get public key?

[Yaniv Nahoum]

No need, just follow the tutorials and configure as I wrote.

--
You received this message because you are subscribed to a topic in the Google Groups "discuss-doubango" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/doubango/asAfP5ZCgdI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to doubango+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jani]

Hey Yaniv,

I've followed the same instructions but now get this ssl error:

warning: The VAD has been replaced by a hack pending a complete rewrite

warning: The VAD has been replaced by a hack pending a complete rewrite

***ERROR: function: "tnet_dtls_socket_do_handshake()" 

file: "src/tls/tnet_dtls.c" 

line: "510" 

MSG: DTLS handshake failed [error:060A209F:digital envelope routines:EVP_MD_size:message digest is null]

I'm using the latest source codes on Ubuntu 12.04 with latest openssl 1.0.1h and client has the latest Chrome installed.

Appreciate any help, cause I've been struggling with this problem for a few days.

[Jani]

I've rebuilt the doubango and webrtc2sip and everything works just fine :-)

[Yaniv Nahoum]

Glad to hear! Sorry I couldn't answer before.

[Alberto Calvo]

Hi,

I'm also having issues with SSL certificates.

I've generated them following this links:

http://codeghar.wordpress.com/2013/04/16/create-private-certificate-authority-on-linux/

http://codeghar.wordpress.com/2013/04/16/generate-certificate-signing-request-on-linux/

http://codeghar.wordpress.com/2013/04/16/use-private-certificate-authority-to-sign-certificate-signing-request-on-linux/

My config.xml file is as follows:

  <ssl-certificates>

        /root/mycert/private/key.csr.server1.pem; <!-- private key -->

        /root/myca/certs/crt.server1.pem; <!-- self signed certificate -->

        *;

        no

  </ssl-certificates>

And all the files are there.

But when I try to place a call from SIPml5 webphone I get this messages in the webrtc2sip screen:

SSL is enabled :)

DTLS supported: yes

DTLS-SRTP supported: yes

**WARN: function: "tdav_session_av_prepare()"

file: "src/tdav_session_av.c"

line: "434"

MSG: DTLS-SRTP requested but no SSL certificates provided, disabling this option :(

***ERROR: function: "tdav_session_av_set_ro()"

file: "src/tdav_session_av.c"

line: "1284"

MSG: Remote party requesting DTLS-DTLS (UDP/TLS/RTP/SAVPF) but this option is not enabled

***ERROR: function: "tdav_session_audio_set_ro()"

file: "src/audio/tdav_session_audio.c"

line: "623"

MSG: tdav_session_av_set_ro(audio) failed

**WARN: function: "tmedia_session_mgr_set_ro()"

file: "src/tmedia_session.c"

line: "1429"

MSG: _tmedia_session_set_ro() failed

 

It says  "no SSL certificates provided". What could be the problem here?

The call cannot be established and in the sipml5 log I get a 488 error:

recv=SIP/2.0 488 Not Acceptable

Many thanks for your help!!

[Yaniv Nahoum]

Do you see this in your log:

INFO: ssl-certificates = 

<your ssl-cetificate here>

?

[Yusuf Siddiqui]

I don't want to disappoint you but,it will never work.I have tried all permutation and combination and never worked.My all hard work went in vain,i had to  trash the app finally.

Regards

Mohd Yusuf Siddiqui
email: yusuf.s...@fiyutech.com

www.fiyutech.com

Mob. +91.987.338.044.3

Off:+91.120.437.209.3

U.S. +120.975.347.57

__________________________________________________________________________________________________________________________________________________________________

This communication & accompanying documents ("this e-mail") contains confidential and/or privileged information for exclusive    use of the individual to whom it is addressed. If you are not the intended recipient, please immediately notify the company & delete this e-mail. Any unauthorized use or disclosure of this e-mail is strictly prohibited. Representations in this e-mail are subject to contract. As an e-mail user please be cautious of the technical & other vulnerabilities of the internet which may result in malicious and/or unauthorized access to / use / alteration of e-mails/e-mail IDs. Thank you.

_______________________________________________________________________________________________________________________________________________________________

--

You received this message because you are subscribed to the Google Groups "discuss-doubango" group.
To unsubscribe from this group and stop receiving emails from it, send an email to doubango+u...@googlegroups.com.

[Alberto Calvo]

Hi Yaniv, thanks for your answer!

Nope, I don't see that INFO message.

I'm using OpenSSL 1.0.1 14 Mar 2012 if it helps.

[Yaniv Nahoum]

Same SSL version I'm using. So right now I'd focus on making sure webrtc2sip is reading your config.xml file.

[Alberto Calvo]

Hi Yusuf!! How is that possible?!

I can stablish calls using the webrtc2sip hosted here: ws://ns313841.ovh.net:10060

and everyting works just fine, but I cannot get the same phones to work with my own instance of webrtc2sip.

It has to be some issue with my configuration, but I don't know where the problem might be :(

[Yaniv Nahoum]

Guys, i can assure you that I have my own webrtc2sip server up and running WITH dtls.

--
You received this message because you are subscribed to a topic in the Google Groups "discuss-doubango" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/doubango/asAfP5ZCgdI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to doubango+u...@googlegroups.com.

[Yusuf Siddiqui]

Yes from web to web it works fine but with Third party calls or other app support you may require webrtc2sip where it requires ssl cert,it never works. Try if you suceed,i owe a drink party.

Regards

Mohd Yusuf Siddiqui
email: yusuf.s...@fiyutech.com

www.fiyutech.com

Mob. +91.987.338.044.3

Off:+91.120.437.209.3

U.S. +120.975.347.57

__________________________________________________________________________________________________________________________________________________________________

This communication & accompanying documents ("this e-mail") contains confidential and/or privileged information for exclusive    use of the individual to whom it is addressed. If you are not the intended recipient, please immediately notify the company & delete this e-mail. Any unauthorized use or disclosure of this e-mail is strictly prohibited. Representations in this e-mail are subject to contract. As an e-mail user please be cautious of the technical & other vulnerabilities of the internet which may result in malicious and/or unauthorized access to / use / alteration of e-mails/e-mail IDs. Thank you.

_______________________________________________________________________________________________________________________________________________________________

[Alberto Calvo]

I start the webrtc2sip like this:

~# screen -dmSL webrtc2sip webrtc2sip --config=/usr/local/etc/webrtc2sip/config.xml

And it seems to be reading the file, because if I edit the transport ports, the appear changed in the logs...

[Alberto Calvo]

To be sure what we're trying to do:

• I have a Sipml5 phone on one side
• I have this Java SIP webhone on the other end: http://www.mizu-voip.com/Software/WebPhone.aspx
  
• I have a SIP and Media Proxy where both phones are registered.
• So I'm able to send the register message through the webrtc2sip and my proxy receives it and send the ACK and the sipml5 phone receives the ACK
• But when I try to start a call:  Sipml5 -> Java SIP phone I get that error.

But all this works with this ws://ns313841.ovh.net:10060  instance.

Yaniv, could you tell me where your webrtc2sip gateway is hosted, so I can try if everything works using your gateway?

Thank you very much for your help, guys! Yusuf, I hope this finally will work, and you'll have to pay for those drinks! ;)

[Yusuf Siddiqui]

I wish i could :-). 
Its a valid question to ask Yaniv to share the Gateway Ip so that not only you but many may check the up and running server.

Regards

Mohd Yusuf Siddiqui
email: yusuf.s...@fiyutech.com

www.fiyutech.com

Mob. +91.987.338.044.3

Off:+91.120.437.209.3

U.S. +120.975.347.57

__________________________________________________________________________________________________________________________________________________________________

This communication & accompanying documents ("this e-mail") contains confidential and/or privileged information for exclusive    use of the individual to whom it is addressed. If you are not the intended recipient, please immediately notify the company & delete this e-mail. Any unauthorized use or disclosure of this e-mail is strictly prohibited. Representations in this e-mail are subject to contract. As an e-mail user please be cautious of the technical & other vulnerabilities of the internet which may result in malicious and/or unauthorized access to / use / alteration of e-mails/e-mail IDs. Thank you.

_______________________________________________________________________________________________________________________________________________________________

--

You received this message because you are subscribed to the Google Groups "discuss-doubango" group.

To unsubscribe from this group and stop receiving emails from it, send an email to doubango+u...@googlegroups.com.

[Yaniv Nahoum]

Alberto,

Your setup sounds reasonable, and is similar to mine. Currently our webrtc2sip server is not accessible from outside, so I'm afraid you won't be able to try it.

I execute the binary file from its folder where the config file resides as well (config.xml). I output the logs to a log file in the same directory:

# ./webrtc2sip > ./webrtc2sip.log 2>&1

I'm running version 2.6.0 -

[root@webrtccentos2 sbin]# ./webrtc2sip --version

*******************************************************************

Copyright (C) 2012-2013 Doubango Telecom <http://www.doubango.org>

PRODUCT: webrtc2sip

HOME PAGE: http://webrtc2sip.org

LICENCE: GPLv3 or proprietary

VERSION: 2.6.0

'quit' to quit the application.

*******************************************************************

2.6.0

[Alberto Calvo]

Hi Yaniv,

I've tried running with your method and get the same result.

I'm also using version 2.6.0

I still don't see the INFO message about sll that you said before :(

Also, I see these INFO messages about codecs:

*INFO: codecs = pcmu;pcma

*INFO: UnRegister codec: PCMU, G.711u codec (native)

*INFO: UnRegister codec: PCMA, G.711a codec (native)

 

Do you know what do they mean? Why is it "unregistering" all the codecs?

Also, if it helps, I'm using a Ubunto 12.04 Server LTS and followed this tutorial to install and configure everything:

http://nil.uniza.sk/sip/installing-webrtc2sip-gateway-tutorial

[Yaniv Nahoum]

I see the same. Here's my log:

*INFO: transport = udp://172.20.12.191:5060

*INFO: transport = ws://172.20.12.191:10060

*INFO: enable-rtp-symetric = yes

*INFO: enable-100rel = no

*INFO: enable-media-coder = yes

*INFO: enable-videojb = yes

*INFO: video-size-pref = cif

*INFO: rtp-buffsize = 65535

*INFO: avpf-tail-length = [100-400]

*INFO: srtp-mode = optional

*INFO: srtp-type = sdes;dtls

*INFO: dtmf-type = rfc4733

*INFO: codecs = vp8;pcmu

*INFO: UnRegister codec: VP8, VP8 codec (libvpx)

*INFO: UnRegister codec: PCMU, G.711u codec (native)

*INFO: codec-opus-maxrates = 48000;48000

*INFO: enable-icestun = yes

*INFO: max-fds = -1

*INFO: ssl-certificates = 

/home/mycert/private/key.csr.server1.pem;

/home/myca/certs/crt.server1.pem;

*;

no

*INFO: transport = c2c://*:10070

*INFO: transport = c2cs://*:10072

*INFO: database = sqlite;*

*INFO: sqlite3_threadsafe = 1

*INFO: Database opened = TRUE

*INFO: tnet_transport_prepare()

*INFO: pipeR fd=8, pipeW=9

*INFO: Socket added[TCP/IPv4 transport]: fd=8, tail.count=1

*INFO: master fd=3

*INFO: Socket added[TCP/IPv4 transport]: fd=3, tail.count=2

*INFO: Transport::run() - enter

*INFO: Starting [TCP/IPv4 transport] server with IP {0.0.0.0} on port {10070} using fd {3} with type {9}...

[Mamadou DIOP]

@Alberto

Share your config.xml and when reporting an issue please always share the full logs.

@Yusuf

“never work” -> very funny. 

You received this message because you are subscribed to the Google Groups "discuss-doubango" group.

To unsubscribe from this group and stop receiving emails from it, send an email to doubango+u...@googlegroups.com.

[Mamadou DIOP]

On Oct 30, 2014, at 6:09 PM, Mamadou DIOP <diopm...@doubango.org> wrote:

@Alberto

Share your config.xml and when reporting an issue please always share the full logs.

If you check the archive you’ll see that a developer already reported such issue and I’ve recommended to remove the embedded xml comments. You should have:

<ssl-certificates>

        /root/mycert/private/key.csr.server1.pem; 

        /root/myca/certs/crt.server1.pem;

        *;

        no

  </ssl-certificates>

[Yusuf Siddiqui]

I see,even mine ws worked but not wss.wss was mandatory in my case as i was transferring the call to another Polycom Bridge.

Regards

Mohd Yusuf Siddiqui
email: yusuf.s...@fiyutech.com

www.fiyutech.com

Mob. +91.987.338.044.3

Off:+91.120.437.209.3

U.S. +120.975.347.57

__________________________________________________________________________________________________________________________________________________________________

This communication & accompanying documents ("this e-mail") contains confidential and/or privileged information for exclusive    use of the individual to whom it is addressed. If you are not the intended recipient, please immediately notify the company & delete this e-mail. Any unauthorized use or disclosure of this e-mail is strictly prohibited. Representations in this e-mail are subject to contract. As an e-mail user please be cautious of the technical & other vulnerabilities of the internet which may result in malicious and/or unauthorized access to / use / alteration of e-mails/e-mail IDs. Thank you.

_______________________________________________________________________________________________________________________________________________________________

--

You received this message because you are subscribed to the Google Groups "discuss-doubango" group.

To unsubscribe from this group and stop receiving emails from it, send an email to doubango+u...@googlegroups.com.

[Yusuf Siddiqui]

I have been modest in reporting,it never worked with ssl/dtls support.always threw error whenever call transferred to third party app or another Server for instance. I reported at that time 2-3 months back and i came to know that i have to disable this Warning and error from the JS code. Was that the appropriate move? Unfortunately this error aroused after Chrome's new version.

Regards

Mohd Yusuf Siddiqui
email: yusuf.s...@fiyutech.com

www.fiyutech.com

Mob. +91.987.338.044.3

Off:+91.120.437.209.3

U.S. +120.975.347.57

__________________________________________________________________________________________________________________________________________________________________

This communication & accompanying documents ("this e-mail") contains confidential and/or privileged information for exclusive    use of the individual to whom it is addressed. If you are not the intended recipient, please immediately notify the company & delete this e-mail. Any unauthorized use or disclosure of this e-mail is strictly prohibited. Representations in this e-mail are subject to contract. As an e-mail user please be cautious of the technical & other vulnerabilities of the internet which may result in malicious and/or unauthorized access to / use / alteration of e-mails/e-mail IDs. Thank you.

_______________________________________________________________________________________________________________________________________________________________

[Mamadou DIOP]

On Oct 30, 2014, at 6:43 PM, Yusuf Siddiqui <jose...@gmail.com> wrote:

I see,even mine ws worked but not wss.wss was mandatory in my case as i was transferring the call to another Polycom Bridge.

DTLS, WSS and all SSL features are working. Off course you have to know how to configure and use them.

For WSS I guess you’re using self-signed certs.

[Alberto Calvo]

Oh my good! the comments really are the problem!!

Now it's working OK!!  Thank you very much, Mamadou!

I would have never thouht of that.

I guess this configuration is enough for me, but wss still don't work. Probably the same thing happening to Yusuf.

I get this error in my Chrome console:

WebSocket connection to 'wss://my.ip:10062/' failed: WebSocket opening handshake was canceled 

I'm also using self-signed certs for wss. This is the webrtc2sip log:

...

*INFO: SIP STACK -- START

*INFO: Transport::run() - enter

*INFO: Transport::run() - enter

*INFO: Transport::run() - enter

*INFO: Transport::run() - enter

*INFO: Transport::run() - enter

*INFO: Starting [SIP transport] server with IP {10.100.11.46} on port {10063} using fd {4} with type {8}...

*INFO: Starting [SIP transport] server with IP {10.100.11.46} on port {10064} using fd {5} with type {16}...

*INFO: Starting [SIP transport] server with IP {10.100.11.46} on port {10060} using fd {6} with type {64}...

*INFO: Starting [SIP transport] server with IP {10.100.11.46} on port {10062} using fd {7} with type {128}...

*INFO: Starting [SIP transport] server with IP {10.100.11.46} on port {10060} using fd {3} with type {2}...

*INFO: ioctlt(7), len=0 returned zero or failed                         <--- Here on is when my sipml5phone tryes to connecto to 10062 port

*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=18)

*INFO: Socket added[SIP transport]: fd=18, tail.count=3

*INFO: WebSocket Peer accepted/connected with fd = 18

*INFO: #1 peers in the 'SIP transport' transport

*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- TNET_POLLOUT

*INFO: WebSocket Peer accepted/connected with fd = 18

*INFO: *** Stream Peer destroyed ***

*INFO: #0 peers in the 'SIP transport' transport

*INFO: #1 peers in the 'SIP transport' transport

*INFO: ioctlt(18), len=0 returned zero or failed

*INFO: Closing socket with fd = 18 because ioctlt() returned zero or failed

*INFO: Removing socket 18

*INFO: Socket to remove: fd=18, index=2, tail.count=3

*INFO: CloseSocket(18)

*INFO: WebSocket Peer closed with fd = 18

*INFO: #0 peers in the 'SIP transport' transport

*INFO: *** Stream Peer destroyed ***

*INFO: WebSocket Peer closed with fd = 18

*INFO: PipeR event = 1

[Nicolas BROCHARD]

The solution for wss is to accespt the self signed cert.
For me it works in firefox and chrome.

Try for you:
https://my.ip:100062/ws in the navigator to add an exception.

Regards

[Yusuf Siddiqui]

Yes,self signed Certs only.

Regards

Mohd Yusuf Siddiqui
email: yusuf.s...@fiyutech.com

www.fiyutech.com

Mob. +91.987.338.044.3

Off:+91.120.437.209.3

U.S. +120.975.347.57

__________________________________________________________________________________________________________________________________________________________________

This communication & accompanying documents ("this e-mail") contains confidential and/or privileged information for exclusive    use of the individual to whom it is addressed. If you are not the intended recipient, please immediately notify the company & delete this e-mail. Any unauthorized use or disclosure of this e-mail is strictly prohibited. Representations in this e-mail are subject to contract. As an e-mail user please be cautious of the technical & other vulnerabilities of the internet which may result in malicious and/or unauthorized access to / use / alteration of e-mails/e-mail IDs. Thank you.

_______________________________________________________________________________________________________________________________________________________________

[Mamadou DIOP]

On Oct 31, 2014, at 11:45 AM, Nicolas BROCHARD <nicolas....@ubicentrex.fr> wrote:

The solution for wss is to accespt the self signed cert.
For me it works in firefox and chrome.

Try for you:

https://yourip:port/ws in the navigator to add an exception.

Yep, this is the workaround to have self-signed certs working with WSS:

- open https://my.ip:port in your browser and accept the warning

- then use wss://yourip:port to connect to webrtc2sip

Please note that this is not an issue in webrtc2sip.

a ssl certs cost less than €20

[Alberto Calvo]

Yes! this workaround works.

It works in Firefox, but not in Chrome, it does not give me the choice to add an exception, just blocks the site.

But you're right, as you say this is not a webrtc2sip issue. I'll get a valid certificate to get it working ;)

Thx!!

...

[Alberto Calvo]

Hi!

Now I can see the calls stablishing, but there's no audio being transmitted :(

It seems like it has something to do with the stun servers, but I'm not sure. Do I really need to use any stun server?

In wireshark I cannot see the UDP streaming in the caller PC while using the doubango webrtc everything works.

I can see in wireshark, STUN2 packages being sent from Sipml5 phone to my server ip (where the webrtc2sip gw is) and towards random ports like 49770 and 52740 which are not forwarded anywhere.

Is this normal? Why is this happening? I have this parameter in my phone intialization:

 

ice_servers: [{ url: 'stun:stun.l.google.com:19302'}],

Is this correct? Should it work this way?

Many thanks!! Regards,

[leew...@163.com]

Hi,

  I want to know how to create certificate.I have tried many methods ,but it didn't work.Thank you for your help.

在 2014年5月28日星期三 UTC+8下午5:22:03，Yaniv Nahoum写道：

After struggling with the configuration on webrtc2sip's config.xml. I'd like to post the correct configuration for all those trying to make DTLS work (either for FireFox or for Chrome v35+):

Assuming you followed the tutorials above and created the following:

* private key:  /home/user/myca/private/key.ca.cg.pem 

* root certificate: /home/user/myca/certs/crt.ca.cg.pem

* new private key: /home/user/mycert/private/key.csr.server1.pem

* certificate signing request: /home/user/mycert/csr/csr.server1.pem

* self signed certificate: /home/user/myca/certs/crt.server1.pem

The following configuration for the ssl-certificates element works:

<ssl-certificates>

    /home/user/mycert/private/key.csr.server1.pem; <!-- new private key -->

    /home/user/myca/certs/crt.server1.pem; <!-- self signed certificate -->

    *;

    no

</ssl-certificates>

On Friday, July 12, 2013 11:17:00 PM UTC+3, andy424 wrote:

I followed this guide from code ghar to create a certificate authority, generate a private key, public key csr and then signed it using the CA certificate

and voila it started working

So I highly recommend this set of steps documented at code ghar to get your certificate credentials in order for those of you struggling to make it work with firefox which uses dtls for srtp.

http://codeghar.wordpress.com/2013/04/16/create-private-certificate-authority-on-linux/

http://codeghar.wordpress.com/2013/04/16/generate-certificate-signing-request-on-linux/

http://codeghar.wordpress.com/2013/04/16/use-private-certificate-authority-to-sign-certificate-signing-request-on-linux/

[Drew Eidt]

Hello

I am trying to get WSS working. I have unsuccessfully attempted with a signed certificate. I am now trying with a self-signed and am still receiving the same error.

Any suggestions would be greatly appreciated.

Thank you!

Drew

*******************************************************************

Copyright (C) 2012-2015 Doubango Telecom <http://www.doubango.org>

PRODUCT: webrtc2sip

HOME PAGE: http://webrtc2sip.org

LICENCE: GPLv3 or proprietary

VERSION: 2.6.0

'quit' to quit the application.

*******************************************************************

SSL is enabled :)

DTLS supported: yes

DTLS-SRTP supported: yes

*[DOUBANGO INFO]: transport = udp://*:10060

*[DOUBANGO INFO]: transport = ws://*:10060

*[DOUBANGO INFO]: transport = wss://*:10062

*[DOUBANGO INFO]: enable-rtp-symetric = yes

*[DOUBANGO INFO]: enable-100rel = no

*[DOUBANGO INFO]: enable-media-coder = no

*[DOUBANGO INFO]: enable-videojb = yes

*[DOUBANGO INFO]: video-size-pref = vga

*[DOUBANGO INFO]: rtp-buffsize = 65535

*[DOUBANGO INFO]: avpf-tail-length = [100-400]

*[DOUBANGO INFO]: srtp-mode = optional

*[DOUBANGO INFO]: srtp-type = sdes;dtls

*[DOUBANGO INFO]: dtmf-type = rfc4733

*[DOUBANGO INFO]: codecs = opus;pcma;pcmu;gsm;vp8;h264-bp;h264-mp;h263;h263+

*[DOUBANGO INFO]: UnRegister codec: PCMA, G.711a codec (native)

*[DOUBANGO INFO]: UnRegister codec: PCMU, G.711u codec (native)

*[DOUBANGO INFO]: UnRegister codec: GSM, GSM Full Rate (libgsm)

*[DOUBANGO INFO]: UnRegister codec: VP8, VP8 codec (libvpx)

*[DOUBANGO INFO]: 'h264-bp' codec enabled but not supported

*[DOUBANGO INFO]: 'h264-mp' codec enabled but not supported

*[DOUBANGO INFO]: 'h263' codec enabled but not supported

*[DOUBANGO INFO]: 'h263+' codec enabled but not supported

*[DOUBANGO INFO]: codec-opus-maxrates = 48000;48000

*[DOUBANGO INFO]: stun-server = stun.l.google.com;19302;-;-

*[DOUBANGO INFO]: enable-icestun = yes

*[DOUBANGO INFO]: max-fds = -1

*[DOUBANGO INFO]: transport = c2c://*:10070

*[DOUBANGO INFO]: transport = c2cs://*:10072

*[DOUBANGO INFO]: database = sqlite;*

*[DOUBANGO INFO]: sqlite3_threadsafe = 1

*[DOUBANGO INFO]: Database opened = TRUE

*[DOUBANGO INFO]: tnet_transport_prepare()

*[DOUBANGO INFO]: pipeR fd=8, pipeW=9

*[DOUBANGO INFO]: Socket added[TCP/IPv4 transport]: fd=8, tail.count=1

*[DOUBANGO INFO]: master fd=3

*[DOUBANGO INFO]: Socket added[TCP/IPv4 transport]: fd=3, tail.count=2

*[DOUBANGO INFO]: tnet_transport_prepare()

*[DOUBANGO INFO]: pipeR fd=10, pipeW=11

*[DOUBANGO INFO]: Socket added[TLS/IPv4 transport]: fd=10, tail.count=1

*[DOUBANGO INFO]: master fd=4

*[DOUBANGO INFO]: Socket added[TLS/IPv4 transport]: fd=4, tail.count=2

*[DOUBANGO INFO]: Stack running in SERVER mode

*[DOUBANGO INFO]: tsk_timer_manager_start

*[DOUBANGO INFO]: Timer manager run()::enter

*[DOUBANGO INFO]: Transport::run(TLS/IPv4 transport) - enter

*[DOUBANGO INFO]: Transport::run(TCP/IPv4 transport) - enter

*[DOUBANGO INFO]: TIMER MANAGER -- START

*[DOUBANGO INFO]: Starting [TLS/IPv4 transport] server with IP {0.0.0.0} on port {10072} using fd {4} with type {17}...

*[DOUBANGO INFO]: Starting [TCP/IPv4 transport] server with IP {0.0.0.0} on port {10070} using fd {3} with type {9}...

*[DOUBANGO INFO]: tnet_transport_prepare()

*[DOUBANGO INFO]: pipeR fd=15, pipeW=16

*[DOUBANGO INFO]: Socket added[SIP transport]: fd=15, tail.count=1

*[DOUBANGO INFO]: master fd=12

*[DOUBANGO INFO]: Socket added[SIP transport]: fd=12, tail.count=2

*[DOUBANGO INFO]: tnet_transport_prepare()

*[DOUBANGO INFO]: pipeR fd=17, pipeW=18

*[DOUBANGO INFO]: Socket added[SIP transport]: fd=17, tail.count=1

*[DOUBANGO INFO]: master fd=13

*[DOUBANGO INFO]: Socket added[SIP transport]: fd=13, tail.count=2

*[DOUBANGO INFO]: tnet_transport_prepare()

*[DOUBANGO INFO]: pipeR fd=19, pipeW=20

*[DOUBANGO INFO]: Socket added[SIP transport]: fd=19, tail.count=1

*[DOUBANGO INFO]: master fd=14

*[DOUBANGO INFO]: Socket added[SIP transport]: fd=14, tail.count=2

*[DOUBANGO INFO]: SIP STACK -- START

*[DOUBANGO INFO]: Transport::run(SIP transport) - enter

*[DOUBANGO INFO]: Transport::run(SIP transport) - enter

*[DOUBANGO INFO]: Transport::run(SIP transport) - enter

*[DOUBANGO INFO]: SIP STACK::run -- START

*[DOUBANGO INFO]: Starting [SIP transport] server with IP {199.59.82.24} on port {10062} using fd {14} with type {128}...

*[DOUBANGO INFO]: Starting [SIP transport] server with IP {199.59.82.24} on port {10060} using fd {13} with type {64}...

*[DOUBANGO INFO]: Starting [SIP transport] server with IP {199.59.82.24} on port {10060} using fd {12} with type {2}...

*[DOUBANGO INFO]: ioctlt(14), len=0 returned zero or failed

*[DOUBANGO INFO]: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=21)

*[DOUBANGO INFO]: Socket added[SIP transport]: fd=21, tail.count=3

*[DOUBANGO INFO]: WebSocket Peer accepted/connected with fd = 21

*[DOUBANGO INFO]: #1 peers in the 'SIP transport' transport

***[DOUBANGO ERROR]: function: "tnet_tls_socket_accept()" 

file: "src/tls/tnet_tls.c" 

line: "168" 

MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher]

*[DOUBANGO INFO]: WebSocket Peer closed with fd = 21

*[DOUBANGO INFO]: #0 peers in the 'SIP transport' transport

*[DOUBANGO INFO]: *** Stream Peer destroyed ***

*[DOUBANGO INFO]: Removing socket 21

*[DOUBANGO INFO]: Socket to remove: fd=21, index=2, tail.count=3

*[DOUBANGO INFO]: CloseSocket(21)

*[DOUBANGO INFO]: WebSocket Peer closed with fd = 21

***[DOUBANGO ERROR]: function: "tnet_transport_mainthread()" 

file: "src/tnet_transport_poll.c" 

line: "708" 

MSG: SSL_accept() failed

***[DOUBANGO ERROR]: function: "tnet_transport_mainthread()" 

file: "src/tnet_transport_poll.c" 

line: "708" 

MSG: (SYSTEM)NETWORK ERROR ==>Success

*[DOUBANGO INFO]: PipeR event = 1

*[DOUBANGO INFO]: ioctlt(14), len=0 returned zero or failed

*[DOUBANGO INFO]: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=21)

*[DOUBANGO INFO]: Socket added[SIP transport]: fd=21, tail.count=3

*[DOUBANGO INFO]: WebSocket Peer accepted/connected with fd = 21

*[DOUBANGO INFO]: #1 peers in the 'SIP transport' transport

***[DOUBANGO ERROR]: function: "tnet_tls_socket_accept()" 

file: "src/tls/tnet_tls.c" 

line: "168" 

MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher]

*[DOUBANGO INFO]: WebSocket Peer closed with fd = 21

*[DOUBANGO INFO]: #0 peers in the 'SIP transport' transport

*[DOUBANGO INFO]: *** Stream Peer destroyed ***

*[DOUBANGO INFO]: Removing socket 21

*[DOUBANGO INFO]: Socket to remove: fd=21, index=2, tail.count=3

*[DOUBANGO INFO]: CloseSocket(21)

*[DOUBANGO INFO]: WebSocket Peer closed with fd = 21

***[DOUBANGO ERROR]: function: "tnet_transport_mainthread()" 

file: "src/tnet_transport_poll.c" 

line: "708" 

MSG: SSL_accept() failed

***[DOUBANGO ERROR]: function: "tnet_transport_mainthread()" 

file: "src/tnet_transport_poll.c" 

line: "708" 

MSG: (SYSTEM)NETWORK ERROR ==>Success

*[DOUBANGO INFO]: PipeR event = 1

*[DOUBANGO INFO]: ioctlt(14), len=0 returned zero or failed

*[DOUBANGO INFO]: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=21)

*[DOUBANGO INFO]: Socket added[SIP transport]: fd=21, tail.count=3

*[DOUBANGO INFO]: WebSocket Peer accepted/connected with fd = 21

*[DOUBANGO INFO]: #1 peers in the 'SIP transport' transport

***[DOUBANGO ERROR]: function: "tnet_tls_socket_accept()" 

file: "src/tls/tnet_tls.c" 

line: "168" 

MSG: SSL_accept() failed with error code [1, error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback]

*[DOUBANGO INFO]: WebSocket Peer closed with fd = 21

*[DOUBANGO INFO]: #0 peers in the 'SIP transport' transport

*[DOUBANGO INFO]: *** Stream Peer destroyed ***

*[DOUBANGO INFO]: Removing socket 21

*[DOUBANGO INFO]: Socket to remove: fd=21, index=2, tail.count=3

*[DOUBANGO INFO]: CloseSocket(21)

*[DOUBANGO INFO]: WebSocket Peer closed with fd = 21

***[DOUBANGO ERROR]: function: "tnet_transport_mainthread()" 

file: "src/tnet_transport_poll.c" 

line: "708" 

MSG: SSL_accept() failed

***[DOUBANGO ERROR]: function: "tnet_transport_mainthread()" 

file: "src/tnet_transport_poll.c" 

line: "708" 

MSG: (SYSTEM)NETWORK ERROR ==>Success

*[DOUBANGO INFO]: PipeR event = 1

[jzin...@gmail.com]

New browsers reject the self signed certificates, you need to browse a page with wss:// address replacing the wss part with https and accept the invalid certificate for each session(every time you open the new browser process)