[sr-dev] [kamailio/kamailio] WSS-connections show up as in $tls_version and $tls_cypher_info (Issue #4167)

Christian Berger via sr-dev Fri, 07 Mar 2025 02:11:00 -0800

ChristianBergerSipgate created an issue (kamailio/kamailio#4167)

Hi,


we have found a potential bug. The pseudo variables return null for WSS 
connections.

Example config:
`xlog("L_INFO", "<mainLogic> REGISTER: TLS or WSS detected: fU=$fU 
tls_version=$tls_version tls_cipher_info=$tls_cipher_info ua=$ua\n");`

Log output:
`Mar  7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": 
"ERROR", "module": "tls", "file": "tls_select.c", "line": 131, "function": 
"get_cur_connection", "message": "Transport protocol is not TLS (bug in 
config)\n" }
Mar  7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": 
"INFO", "module": "tls", "file": "tls_select.c", "line": 310, "function": 
"get_version", "message": "TLS connection not found in select_version\n" }
Mar  7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": 
"ERROR", "module": "tls", "file": "tls_select.c", "line": 131, "function": 
"get_cur_connection", "message": "Transport protocol is not TLS (bug in 
config)\n" }
Mar  7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": 
"INFO", "module": "tls", "file": "tls_select.c", "line": 201, "function": 
"get_cipher", "message": "TLS connection not found in select_cipher\n" }
Mar  7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": 
"INFO", "module": "xlog", "file": "xlog.c", "line": 278, "function": "", 
"message": "<mainLogic> REGISTER: TLS or WSS detected: fU=1125411e0 
tls_version=<null> tls_cipher_info=<null> ua=webphone\n" }`

As you can see both tls_version and tls_cipher_info return <null> even though 
the underlying connection is via WSS.

We have looked into it, and it seems like `get_cur_connection` in 
`modules/tls/tls_select.c` only checks for TLS, but not WSS.

```
struct tcp_connection *get_cur_connection(struct sip_msg *msg)
{
        struct tcp_connection *c;

        if(_tls_pv_con != 0)
                return _tls_pv_con;

        if(msg->rcv.proto != PROTO_TLS) {
                ERR("Transport protocol is not TLS (bug in config)\n");
                return 0;
        }

        c = tcpconn_get(msg->rcv.proto_reserved1, 0, 0, 0,
                        cfg_get(tls, tls_cfg, con_lifetime));
        if(c && c->type != PROTO_TLS) {
                ERR("Connection found but is not TLS\n");
                tcpconn_put(c);
                return 0;
        }
        return c;
}
```

We think that checking for `PROTO_WSS` might solve the issue.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/4167
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/issues/4...@github.com>

_______________________________________________
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!

[sr-dev] [kamailio/kamailio] WSS-connections show up as in $tls_version and $tls_cypher_info (Issue #4167)

Reply via email to