WTLS certificate formats
Hi All, Does kannel support the wap gateway certificate in WTLS format? Or is only x509 format supported? In your experience is WTLS format required to interoperate with WAP1 phones? Or do most WAP1 phones support x509 certificates? Piotr (Pio-ter) Galecki MTS at Affirmed Networks, Content Team piotr_gale...@affirmednetworks.com +1-978-268-0899
Re: wap 1.x and wtls
Hi, Thanks for the info. I will go ahead with the patch. As far as the wap_event_assert() function goes, it works as it should. I mean, its function is to verify that all arguments (including Octstr) are valid or shutdown. That's how asserts work in kannel. Besides, anyone can disable them globally by configuring with: --disable-assertions BR, Nikos - Original Message - From: Armindo Antunes To: Nikos Balkanas Cc: us...@vm1.kannel.org Sent: Monday, August 01, 2011 12:04 PM Subject: Re: wap 1.x and wtls Hello, I was using Openwave v7 wap emulator when the NULL assertions occurred. I also agree that in production assertions should be disabled. About my suggestion to remove the assert, I think if there's a known situation when p-user_data can be NULL and all the rest is working well, the code protection should use a if statement to protect the NULL situation and allow the application to continue the normal execution even in debug mode. About the mac[15], please submit the patch, since you know the process better :) Best regards, Armindo On 30-07-2011 23:08, Nikos Balkanas wrote: Hi, The code you are describing is general wap code and doesn't have anything to do with the wtls patch. This is part of the wap_event_assert() function and should be there. If you use buggy emulators that send NULL data, you should disable assertions, not introduce bugs to wap_event_support. In production you should also not use assertions anyway. As far as the MAC length goes, I have been using the Openwave 6.2.2 emulator, among others. I am not getting the problem you stet, however, I am getting Invalid WSP packet received by kannel. Therefore, I do not use Openwave for wtls tests, rather I use the Nokia NMBS 4.0 and Winwap. What version Openwave are you using? The mac[10] used there is just for printing purposes in debug logs, not the algos. That's why propably I've never had it in production, since I don't use debug level in production logs, for performance reasons. Largest names are SHA_NOLIMIT and MD5_NOLIMIT, each 11 bytes long. So mac[15] should be fine. Can you submit a patch to devel, or should I do it? BR, Nikos - Original Message - From: Armindo Antunes To: Nikos Balkanas Cc: us...@vm1.kannel.org Sent: Friday, July 22, 2011 5:02 PM Subject: Re: wap 1.x and wtls Ops, wrong line numbering. wap/wap_events.c: 229: #define OCTSTR(name) 230: //gw_assert(p-name != NULL); 231: /* This is a trick to make the Octstr module run its assertions */ 232: //gw_assert(octstr_len(p-name) = 0); On 22-07-2011 14:57, Armindo Antunes wrote: Hi again :) I'm now able to use WTLS with the openwave simulator. I've commented the `p-user_data != NULL' assert section in the code wap/wap_events.c 233: #define OCTSTR(name) 234: //gw_assert(p-name != NULL); 235: /* This is a trick to make the Octstr module run its assertions */ 236: //gw_assert(octstr_len(p-name) = 0); I'm not sure why this was null but removing the null assertion seems to work. Best regards, Armindo Antunes On 22-07-2011 12:15, Armindo Antunes wrote: Hi all @Nikos: Thanks for posting the WTLS documentation and for all the support! :) About the code, I'me using the version 1.5 from a yesterday daily snapshot, so I have the right code. By analyzing the code, I've solved the crash: In the file wap/wtls_statesupport.c:1174, mac size of 10 is too small for macs like: SHA_NOLIMIT, MD5_NOLIMIT I've fixed this issue by increasing mac size: 1174: char cipher[20], mac[15]; But now, I have another crash :-( 2011-07-22 12:02:25 [20568] [5] PANIC: wap/wap_events.def:142: wap_event_assert: Assertion `p-user_data != NULL' failed. Detailed logs: 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: decoded headers: 2011-07-22 12:02:25 [20568] [1] DEBUG: Encoding-version: 1.3 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept: application/vnd.wap.wmlc, application/vnd.wap.wmlscriptc, application/vnd.wap.multipart.related, application/vnd.wap.multipart.mixed, application/vnd.phonecom.mmc-wbxml, application/octet-stream, application/vnd.oma.drm.message, text/plain, text/css, image/bmp, image/gif, image/jpeg, image/png, image/vnd.wap.wbmp, application/vnd.wap.sic, application/vnd.wap.slc, application/vnd.wap.coc, application/vnd.wap.connectivity-wbxml, application/vnd.wap.xhtml+xml, application/xhtml+xml
Re: wap 1.x and wtls
Hi, The code you are describing is general wap code and doesn't have anything to do with the wtls patch. This is part of the wap_event_assert() function and should be there. If you use buggy emulators that send NULL data, you should disable assertions, not introduce bugs to wap_event_support. In production you should also not use assertions anyway. As far as the MAC length goes, I have been using the Openwave 6.2.2 emulator, among others. I am not getting the problem you stet, however, I am getting Invalid WSP packet received by kannel. Therefore, I do not use Openwave for wtls tests, rather I use the Nokia NMBS 4.0 and Winwap. What version Openwave are you using? The mac[10] used there is just for printing purposes in debug logs, not the algos. That's why propably I've never had it in production, since I don't use debug level in production logs, for performance reasons. Largest names are SHA_NOLIMIT and MD5_NOLIMIT, each 11 bytes long. So mac[15] should be fine. Can you submit a patch to devel, or should I do it? BR, Nikos - Original Message - From: Armindo Antunes To: Nikos Balkanas Cc: us...@vm1.kannel.org Sent: Friday, July 22, 2011 5:02 PM Subject: Re: wap 1.x and wtls Ops, wrong line numbering. wap/wap_events.c: 229: #define OCTSTR(name) 230: //gw_assert(p-name != NULL); 231: /* This is a trick to make the Octstr module run its assertions */ 232: //gw_assert(octstr_len(p-name) = 0); On 22-07-2011 14:57, Armindo Antunes wrote: Hi again :) I'm now able to use WTLS with the openwave simulator. I've commented the `p-user_data != NULL' assert section in the code wap/wap_events.c 233: #define OCTSTR(name) 234: //gw_assert(p-name != NULL); 235: /* This is a trick to make the Octstr module run its assertions */ 236: //gw_assert(octstr_len(p-name) = 0); I'm not sure why this was null but removing the null assertion seems to work. Best regards, Armindo Antunes On 22-07-2011 12:15, Armindo Antunes wrote: Hi all @Nikos: Thanks for posting the WTLS documentation and for all the support! :) About the code, I'me using the version 1.5 from a yesterday daily snapshot, so I have the right code. By analyzing the code, I've solved the crash: In the file wap/wtls_statesupport.c:1174, mac size of 10 is too small for macs like: SHA_NOLIMIT, MD5_NOLIMIT I've fixed this issue by increasing mac size: 1174: char cipher[20], mac[15]; But now, I have another crash :-( 2011-07-22 12:02:25 [20568] [5] PANIC: wap/wap_events.def:142: wap_event_assert: Assertion `p-user_data != NULL' failed. Detailed logs: 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: decoded headers: 2011-07-22 12:02:25 [20568] [1] DEBUG: Encoding-version: 1.3 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept: application/vnd.wap.wmlc, application/vnd.wap.wmlscriptc, application/vnd.wap.multipart.related, application/vnd.wap.multipart.mixed, application/vnd.phonecom.mmc-wbxml, application/octet-stream, application/vnd.oma.drm.message, text/plain, text/css, image/bmp, image/gif, image/jpeg, image/png, image/vnd.wap.wbmp, application/vnd.wap.sic, application/vnd.wap.slc, application/vnd.wap.coc, application/vnd.wap.connectivity-wbxml, application/vnd.wap.xhtml+xml, application/xhtml+xml;profile=http://www.wapforum.org/xhtml;, text/html, application/smil, application/vnd.wap.mms-message, application/vnd.oma.drm.content, application/vnd.oma.drm.message, application/vnd.oma.drm.rights+xml, application/vnd.oma.drm.rights+wbxml, image/svg+xml, image/pjpeg, application/x-shockwave-flash, image/x-vnd.openwave.lzrw1, application/vnd.openwave.svg, text/vnd.sun.j2me.app-descriptor, application/java-archive, application/java, application/vnd.oma.dd+xml, text/x-vmessage, image/ems, audio/wav, audio/x-wav, audio/midi, audio/x-midi, application/vnd.uplanet.bearer-choice-wbxml 2011-07-22 12:02:25 [20568] [1] DEBUG: User-Agent: OPWV-SDK UP.Browser/7.0.2.3.119 (GUI) MMP/2.0 Push/PO 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en-GB 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en; q=0.8 2011-07-22 12:02:25 [20568] [1] DEBUG: Profile: http://devgate2.openwave.com/uaprof
Re: wap 1.x and wtls
Hi all @Nikos: Thanks for posting the WTLS documentation and for all the support! :) About the code, I'me using the version 1.5 from a yesterday daily snapshot, so I have the right code. By analyzing the code, I've solved the crash: In the file wap/wtls_statesupport.c:1174, mac size of 10 is too small for macs like: SHA_NOLIMIT, MD5_NOLIMIT I've fixed this issue by increasing mac size: 1174: char cipher[20], mac[15]; But now, I have another crash :-( 2011-07-22 12:02:25 [20568] [5] *PANIC: wap/wap_events.def:142: wap_event_assert: Assertion `p-user_data != NULL' failed.* Detailed logs: 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: decoded headers: 2011-07-22 12:02:25 [20568] [1] DEBUG: Encoding-version: 1.3 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept: application/vnd.wap.wmlc, application/vnd.wap.wmlscriptc, application/vnd.wap.multipart.related, application/vnd.wap.multipart.mixed, application/vnd.phonecom.mmc-wbxml, application/octet-stream, application/vnd.oma.drm.message, text/plain, text/css, image/bmp, image/gif, image/jpeg, image/png, image/vnd.wap.wbmp, application/vnd.wap.sic, application/vnd.wap.slc, application/vnd.wap.coc, application/vnd.wap.connectivity-wbxml, application/vnd.wap.xhtml+xml, application/xhtml+xml;profile=http://www.wapforum.org/xhtml;, text/html, application/smil, application/vnd.wap.mms-message, application/vnd.oma.drm.content, application/vnd.oma.drm.message, application/vnd.oma.drm.rights+xml, application/vnd.oma.drm.rights+wbxml, image/svg+xml, image/pjpeg, application/x-shockwave-flash, image/x-vnd.openwave.lzrw1, application/vnd.openwave.svg, text/vnd.sun.j2me.app-descriptor, application/java-archive, application/java, application/vnd.oma.dd+xml, text/x-vmessage, image/ems, audio/wav, audio/x-wav, audio/midi, audio/x-midi, application/vnd.uplanet.bearer-choice-wbxml 2011-07-22 12:02:25 [20568] [1] DEBUG: User-Agent: OPWV-SDK UP.Browser/7.0.2.3.119 (GUI) MMP/2.0 Push/PO 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en-GB 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en; q=0.8 2011-07-22 12:02:25 [20568] [1] DEBUG: Profile: http://devgate2.openwave.com/uaprof/OPWVSDK70.xml 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: End of decoded headers. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: Session machine: Encoding-Version: 1.3 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP 0: New state CONNECTING 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: machine 0x88521d0, state CONNECTING, event S-Connect.res 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: Mapping `Encoding-Version', WSP 1.3 to 0x0043. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP 0: New state CONNECTING_2 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: resp_machine 0, state RESULT_WAIT, event TR-Result.req. 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: begin_sar_result(): data len = 27 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: dispath_to_wdp(): psn = 0 2011-07-22 12:02:25 [20568] [5] DEBUG: wtls_dispatch_resp ~ Dispatching datagram to bearerbox 2011-07-22 12:02:25 [20568] [5] DEBUG: Sending Response PDU: 2011-07-22 12:02:25 [20568] [5] DEBUG: PDU type: Application 2011-07-22 12:02:25 [20568] [5] DEBUG: Reserved bit: 0 2011-07-22 12:02:25 [20568] [5] DEBUG: Cipher in use: 1 2011-07-22 12:02:25 [20568] [5] DEBUG: Sequence number in use: -1 2011-07-22 12:02:25 [20568] [5] DEBUG: Record field length present: 1 2011-07-22 12:02:25 [20568] [5] DEBUG: Application: 2011-07-22 12:02:25 [20568] [5] DEBUG: Octet string at 0x8850888: 2011-07-22 12:02:25 [20568] [5] DEBUG:len: 30 2011-07-22 12:02:25 [20568] [5] DEBUG:size: 1024 2011-07-22 12:02:25 [20568] [5] DEBUG:immutable: 0 2011-07-22 12:02:25 [20568] [5] DEBUG:data: 12 86 b9 02 00 15 02 04 80 94 80 00 04 81 94 80 2011-07-22 12:02:25 [20568] [5] DEBUG:data: 00 02 82 00 02 83 03 02 84 01 01 86 c3 93 .. 2011-07-22 12:02:25 [20568] [5] DEBUG: Octet string dump ends. 2011-07-22 12:02:25 [20568] [5] DEBUG: Packed PDU Length: 56 2011-07-22 12:02:25 [20568] [5] DEBUG: adding address 2011-07-22 12:02:25 [20568] [5] PANIC: wap/wap_events.def:142: wap_event_assert: Assertion `p-user_data != NULL' failed. 2011-07-22 12:02:25 [20568] [5] PANIC: wapbox(gw_panic+0xcd) [0x80f4b3d] 2011-07-22 12:02:25 [20568] [5] PANIC: wapbox(wap_event_assert+0x2712) [0x80aa842] 2011-07-22 12:02:25 [20568] [5] PANIC: wapbox(wap_event_destroy+0x16
Re: wap 1.x and wtls
Hi again :) I'm now able to use WTLS with the openwave simulator. I've commented the `p-user_data != NULL' assert section in the code wap/wap_events.c 233: #define OCTSTR(name) 234: //gw_assert(p-name != NULL); 235: /* This is a trick to make the Octstr module run its assertions */ 236: //gw_assert(octstr_len(p-name) = 0); I'm not sure why this was null but removing the null assertion seems to work. Best regards, Armindo Antunes On 22-07-2011 12:15, Armindo Antunes wrote: Hi all @Nikos: Thanks for posting the WTLS documentation and for all the support! :) About the code, I'me using the version 1.5 from a yesterday daily snapshot, so I have the right code. By analyzing the code, I've solved the crash: In the file wap/wtls_statesupport.c:1174, mac size of 10 is too small for macs like: SHA_NOLIMIT, MD5_NOLIMIT I've fixed this issue by increasing mac size: 1174: char cipher[20], mac[15]; But now, I have another crash :-( 2011-07-22 12:02:25 [20568] [5] *PANIC: wap/wap_events.def:142: wap_event_assert: Assertion `p-user_data != NULL' failed.* Detailed logs: 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: decoded headers: 2011-07-22 12:02:25 [20568] [1] DEBUG: Encoding-version: 1.3 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept: application/vnd.wap.wmlc, application/vnd.wap.wmlscriptc, application/vnd.wap.multipart.related, application/vnd.wap.multipart.mixed, application/vnd.phonecom.mmc-wbxml, application/octet-stream, application/vnd.oma.drm.message, text/plain, text/css, image/bmp, image/gif, image/jpeg, image/png, image/vnd.wap.wbmp, application/vnd.wap.sic, application/vnd.wap.slc, application/vnd.wap.coc, application/vnd.wap.connectivity-wbxml, application/vnd.wap.xhtml+xml, application/xhtml+xml;profile=http://www.wapforum.org/xhtml;, text/html, application/smil, application/vnd.wap.mms-message, application/vnd.oma.drm.content, application/vnd.oma.drm.message, application/vnd.oma.drm.rights+xml, application/vnd.oma.drm.rights+wbxml, image/svg+xml, image/pjpeg, application/x-shockwave-flash, image/x-vnd.openwave.lzrw1, application/vnd.openwave.svg, text/vnd.sun.j2me.app-descriptor, application/java-archive, application/java, application/vnd.oma.dd+xml, text/x-vmessage, image/ems, audio/wav, audio/x-wav, audio/midi, audio/x-midi, application/vnd.uplanet.bearer-choice-wbxml 2011-07-22 12:02:25 [20568] [1] DEBUG: User-Agent: OPWV-SDK UP.Browser/7.0.2.3.119 (GUI) MMP/2.0 Push/PO 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en-GB 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en; q=0.8 2011-07-22 12:02:25 [20568] [1] DEBUG: Profile: http://devgate2.openwave.com/uaprof/OPWVSDK70.xml 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: End of decoded headers. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: Session machine: Encoding-Version: 1.3 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP 0: New state CONNECTING 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: machine 0x88521d0, state CONNECTING, event S-Connect.res 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: Mapping `Encoding-Version', WSP 1.3 to 0x0043. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP 0: New state CONNECTING_2 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: resp_machine 0, state RESULT_WAIT, event TR-Result.req. 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: begin_sar_result(): data len = 27 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: dispath_to_wdp(): psn = 0 2011-07-22 12:02:25 [20568] [5] DEBUG: wtls_dispatch_resp ~ Dispatching datagram to bearerbox 2011-07-22 12:02:25 [20568] [5] DEBUG: Sending Response PDU: 2011-07-22 12:02:25 [20568] [5] DEBUG: PDU type: Application 2011-07-22 12:02:25 [20568] [5] DEBUG: Reserved bit: 0 2011-07-22 12:02:25 [20568] [5] DEBUG: Cipher in use: 1 2011-07-22 12:02:25 [20568] [5] DEBUG: Sequence number in use: -1 2011-07-22 12:02:25 [20568] [5] DEBUG: Record field length present: 1 2011-07-22 12:02:25 [20568] [5] DEBUG: Application: 2011-07-22 12:02:25 [20568] [5] DEBUG: Octet string at 0x8850888: 2011-07-22 12:02:25 [20568] [5] DEBUG:len: 30 2011-07-22 12:02:25 [20568] [5] DEBUG:size: 1024 2011-07-22 12:02:25 [20568] [5] DEBUG:immutable: 0 2011-07-22 12:02:25 [20568] [5] DEBUG:data: 12 86 b9 02 00 15 02 04 80 94 80 00 04 81 94 80 2011-07-22 12:02:25 [20568] [5] DEBUG:data: 00 02 82 00 02 83 03 02 84 01 01 86 c3 93 .. 2011
Re: wap 1.x and wtls
Ops, wrong line numbering. wap/wap_events.c: 229: #define OCTSTR(name) 230: //gw_assert(p-name != NULL); 231: /* This is a trick to make the Octstr module run its assertions */ 232: //gw_assert(octstr_len(p-name) = 0); On 22-07-2011 14:57, Armindo Antunes wrote: Hi again :) I'm now able to use WTLS with the openwave simulator. I've commented the `p-user_data != NULL' assert section in the code wap/wap_events.c 233: #define OCTSTR(name) 234: //gw_assert(p-name != NULL); 235: /* This is a trick to make the Octstr module run its assertions */ 236: //gw_assert(octstr_len(p-name) = 0); I'm not sure why this was null but removing the null assertion seems to work. Best regards, Armindo Antunes On 22-07-2011 12:15, Armindo Antunes wrote: Hi all @Nikos: Thanks for posting the WTLS documentation and for all the support! :) About the code, I'me using the version 1.5 from a yesterday daily snapshot, so I have the right code. By analyzing the code, I've solved the crash: In the file wap/wtls_statesupport.c:1174, mac size of 10 is too small for macs like: SHA_NOLIMIT, MD5_NOLIMIT I've fixed this issue by increasing mac size: 1174: char cipher[20], mac[15]; But now, I have another crash :-( 2011-07-22 12:02:25 [20568] [5] *PANIC: wap/wap_events.def:142: wap_event_assert: Assertion `p-user_data != NULL' failed.* Detailed logs: 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] WARNING: Did not expect value-length with 'Accept-Charset' header, skipping. 2011-07-22 12:02:25 [20568] [1] WARNING: WSP: Accept-Charset: skipping 2 trailing octets. 2011-07-22 12:02:25 [20568] [1] WARNING: Skipping faulty header. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: decoded headers: 2011-07-22 12:02:25 [20568] [1] DEBUG: Encoding-version: 1.3 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept: application/vnd.wap.wmlc, application/vnd.wap.wmlscriptc, application/vnd.wap.multipart.related, application/vnd.wap.multipart.mixed, application/vnd.phonecom.mmc-wbxml, application/octet-stream, application/vnd.oma.drm.message, text/plain, text/css, image/bmp, image/gif, image/jpeg, image/png, image/vnd.wap.wbmp, application/vnd.wap.sic, application/vnd.wap.slc, application/vnd.wap.coc, application/vnd.wap.connectivity-wbxml, application/vnd.wap.xhtml+xml, application/xhtml+xml;profile=http://www.wapforum.org/xhtml;, text/html, application/smil, application/vnd.wap.mms-message, application/vnd.oma.drm.content, application/vnd.oma.drm.message, application/vnd.oma.drm.rights+xml, application/vnd.oma.drm.rights+wbxml, image/svg+xml, image/pjpeg, application/x-shockwave-flash, image/x-vnd.openwave.lzrw1, application/vnd.openwave.svg, text/vnd.sun.j2me.app-descriptor, application/java-archive, application/java, application/vnd.oma.dd+xml, text/x-vmessage, image/ems, audio/wav, audio/x-wav, audio/midi, audio/x-midi, application/vnd.uplanet.bearer-choice-wbxml 2011-07-22 12:02:25 [20568] [1] DEBUG: User-Agent: OPWV-SDK UP.Browser/7.0.2.3.119 (GUI) MMP/2.0 Push/PO 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en-GB 2011-07-22 12:02:25 [20568] [1] DEBUG: Accept-Language: en; q=0.8 2011-07-22 12:02:25 [20568] [1] DEBUG: Profile: http://devgate2.openwave.com/uaprof/OPWVSDK70.xml 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: End of decoded headers. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: Session machine: Encoding-Version: 1.3 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP 0: New state CONNECTING 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: machine 0x88521d0, state CONNECTING, event S-Connect.res 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP: Mapping `Encoding-Version', WSP 1.3 to 0x0043. 2011-07-22 12:02:25 [20568] [1] DEBUG: WSP 0: New state CONNECTING_2 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: resp_machine 0, state RESULT_WAIT, event TR-Result.req. 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: begin_sar_result(): data len = 27 2011-07-22 12:02:25 [20568] [5] DEBUG: WTP: dispath_to_wdp(): psn = 0 2011-07-22 12:02:25 [20568] [5] DEBUG: wtls_dispatch_resp ~ Dispatching datagram to bearerbox 2011-07-22 12:02:25 [20568] [5] DEBUG: Sending Response PDU: 2011-07-22 12:02:25 [20568] [5] DEBUG: PDU type: Application 2011-07-22 12:02:25 [20568] [5] DEBUG: Reserved bit: 0 2011-07-22 12:02:25 [20568] [5] DEBUG: Cipher in use: 1 2011-07-22 12:02:25 [20568] [5] DEBUG: Sequence number in use: -1 2011-07-22 12:02:25 [20568] [5] DEBUG: Record field length present: 1 2011-07-22 12:02:25 [20568] [5] DEBUG: Application: 2011-07-22 12:02:25 [20568] [5] DEBUG: Octet string at 0x8850888: 2011-07-22 12:02:25 [20568] [5] DEBUG:len: 30 2011-07-22 12:02:25 [20568] [5] DEBUG
Re: wap 1.x and wtls
Hi again, I'm now using openssl v0.9.8.h but it still crashes: (gdb) where #0 0x0012d422 in __kernel_vsyscall () #1 0x0030a651 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0x0030da82 in abort () from /lib/tls/i686/cmov/libc.so.6 #3 0x0034149d in ?? () from /lib/tls/i686/cmov/libc.so.6 #4 0x003c2350 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6 #5 0x003c22fa in __stack_chk_fail () from /lib/tls/i686/cmov/libc.so.6 #6 0x080c977e in wtls_choose_ciphersuite (ciphersuites=0x82d8ac0) at wap/wtls_statesupport.c:1190 #7 0x080c018a in clientHello (event=value optimized out, wtls_machine=0x82d8550) at wap/wtls.c:458 #8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480 #9 main_thread (arg=0x0) at wap/wtls.c:397 #10 0x080ea82d in new_thread (arg=0x82ce7e8) at gwlib/gwthread-pthread.c:362 #11 0x001a196e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #12 0x003ada0e in clone () from /lib/tls/i686/cmov/libc.so.6 (gdb) Can you provide the openssl commands you have used to create your certificate? I've created my the SSL certificate with the following commands: openssl req -new -newkey rsa:1024 -keyout server.key -out server.req openssl ca -policy policy_anything -notext -in server.req -out server.crt And the following configuration: group = wtls certificate-file = /etc/kannel/server.crt privatekey-file = /etc/kannel/server.key privatekey-password = password I've tried to remove the password from the private key file with the command: openssl x509 -in server.crt -out nopass.crt but it hasn't worked either: 2011-07-21 19:18:59 [27074] [0] WARNING: Can't read private key /app/users/vgw1.0/install/etc/kannel/nopass.key Any other idea? Thanks in advance, Armindo Antunes On 06-07-2011 21:17, Nikos Balkanas wrote: Hmmm. I had tested it also with Openwave simulator, with no problems. Same code is used in my commercial gateway in major ISPs (real mobile traffic) without such problems either. It has been tested and developed using openssh-0.9.8.[g,h]. Maybe there is something there. Does this happen only with Openwave, and the 2 mobiles you mentioned, or with just about anything you have tried? Please post new detailed wapbox logs of 1 failed attempt. Compile with debug CFLAGS (-g -Wall -- remove -s or -Ox) and if possible upload somewhere the core for me (can send details personally). If not post the gdb core function stack (use: where) BR, Nikos 2011/7/6 Armindo Antunes armindo.antu...@gmail.com mailto:armindo.antu...@gmail.com Nikos, thanks for the feedback! See my questions below. Best regards, Armindo Antunes On 06-07-2011 17:27, Nikos Balkanas wrote: Hi, Look at the openssl site for certificate instructions. It is not kannel's responsibility. Make sure that certificates are self-signed and without password. Comment out privatekey-password from wtls configuration and retry. Still the same behavior... any other idea? Alex: There was a section in UG about wtls configuration. It even included certificate generation instructions. Apparently this was removed. Now, that wtls is supported again, it should be put back. Is it possible to recover this information? At least the certificate generation instructions? Thanks again, Armindo
Re: wap 1.x and wtls
might be obvious but have you chequed permissions on your key file for the user running kannel? |-| Envíe y Reciba Datos y mensajes de Texto (SMS) hacia y desde cualquier celular y Nextel en el Perú, México y en mas de 180 paises. Use aplicaciones 2 vias via SMS y GPRS online Visitenos en www.perusms.NET www.smsglobal.com.mx y www.pravcom.com On Thu, Jul 21, 2011 at 1:22 PM, Armindo Antunes armindo.antu...@gmail.com wrote: Hi again, I'm now using openssl v0.9.8.h but it still crashes: (gdb) where #0 0x0012d422 in __kernel_vsyscall () #1 0x0030a651 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0x0030da82 in abort () from /lib/tls/i686/cmov/libc.so.6 #3 0x0034149d in ?? () from /lib/tls/i686/cmov/libc.so.6 #4 0x003c2350 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6 #5 0x003c22fa in __stack_chk_fail () from /lib/tls/i686/cmov/libc.so.6 #6 0x080c977e in wtls_choose_ciphersuite (ciphersuites=0x82d8ac0) at wap/wtls_statesupport.c:1190 #7 0x080c018a in clientHello (event=value optimized out, wtls_machine=0x82d8550) at wap/wtls.c:458 #8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480 #9 main_thread (arg=0x0) at wap/wtls.c:397 #10 0x080ea82d in new_thread (arg=0x82ce7e8) at gwlib/gwthread-pthread.c:362 #11 0x001a196e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #12 0x003ada0e in clone () from /lib/tls/i686/cmov/libc.so.6 (gdb) Can you provide the openssl commands you have used to create your certificate? I've created my the SSL certificate with the following commands: openssl req -new -newkey rsa:1024 -keyout server.key -out server.req openssl ca -policy policy_anything -notext -in server.req -out server.crt And the following configuration: group = wtls certificate-file = /etc/kannel/server.crt privatekey-file = /etc/kannel/server.key privatekey-password = password I've tried to remove the password from the private key file with the command: openssl x509 -in server.crt -out nopass.crt but it hasn't worked either: 2011-07-21 19:18:59 [27074] [0] WARNING: Can't read private key /app/users/vgw1.0/install/etc/kannel/nopass.key Any other idea? Thanks in advance, Armindo Antunes On 06-07-2011 21:17, Nikos Balkanas wrote: Hmmm. I had tested it also with Openwave simulator, with no problems. Same code is used in my commercial gateway in major ISPs (real mobile traffic) without such problems either. It has been tested and developed using openssh-0.9.8.[g,h]. Maybe there is something there. Does this happen only with Openwave, and the 2 mobiles you mentioned, or with just about anything you have tried? Please post new detailed wapbox logs of 1 failed attempt. Compile with debug CFLAGS (-g -Wall -- remove -s or -Ox) and if possible upload somewhere the core for me (can send details personally). If not post the gdb core function stack (use: where) BR, Nikos 2011/7/6 Armindo Antunes armindo.antu...@gmail.com Nikos, thanks for the feedback! See my questions below. Best regards, Armindo Antunes On 06-07-2011 17:27, Nikos Balkanas wrote: Hi, Look at the openssl site for certificate instructions. It is not kannel's responsibility. Make sure that certificates are self-signed and without password. Comment out privatekey-password from wtls configuration and retry. Still the same behavior... any other idea? Alex: There was a section in UG about wtls configuration. It even included certificate generation instructions. Apparently this was removed. Now, that wtls is supported again, it should be put back. Is it possible to recover this information? At least the certificate generation instructions? Thanks again, Armindo
Re: wap 1.x and wtls
That took a while...;-) If you remove the password from you key, you should also comment out the privatekey-password from your configuration. With respect to your key questions, I will submit a patch to the documentation for wtls, which should answer your questions. Also, where did you download this kannel version from? Your gdb trace doesn't correspond to the latest svn: wap/wtls.c 820: static void wtls_event_handle(WTLSMachine * wtls_machine, WAPEvent * event) Verify that you have this line at this position in your sources. Your gdb stack shows a completely different built: #8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480 wtls_event_handle is called with the wrong number of arguments (1 - 2). Besides, wtls_event_handle is not called from the state in wap/wtls_state-decl.h:480. For instructions on how to download the latest svn go to kannel's site. Else make sure that you run (and gdb) the correct binary. BR, Nikos - Original Message - From: Alvaro Cornejo cornejo.alv...@gmail.com To: Armindo Antunes armindo.antu...@gmail.com Cc: Nikos Balkanas nbalka...@gmail.com; users@kannel.org Sent: Thursday, July 21, 2011 9:38 PM Subject: Re: wap 1.x and wtls might be obvious but have you chequed permissions on your key file for the user running kannel? |-| Envνe y Reciba Datos y mensajes de Texto (SMS) hacia y desde cualquier celular y Nextel en el Perϊ, Mιxico y en mas de 180 paises. Use aplicaciones 2 vias via SMS y GPRS online Visitenos en www.perusms.NET www.smsglobal.com.mx y www.pravcom.com On Thu, Jul 21, 2011 at 1:22 PM, Armindo Antunes armindo.antu...@gmail.com wrote: Hi again, I'm now using openssl v0.9.8.h but it still crashes: (gdb) where #0 0x0012d422 in __kernel_vsyscall () #1 0x0030a651 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0x0030da82 in abort () from /lib/tls/i686/cmov/libc.so.6 #3 0x0034149d in ?? () from /lib/tls/i686/cmov/libc.so.6 #4 0x003c2350 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6 #5 0x003c22fa in __stack_chk_fail () from /lib/tls/i686/cmov/libc.so.6 #6 0x080c977e in wtls_choose_ciphersuite (ciphersuites=0x82d8ac0) at wap/wtls_statesupport.c:1190 #7 0x080c018a in clientHello (event=value optimized out, wtls_machine=0x82d8550) at wap/wtls.c:458 #8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480 #9 main_thread (arg=0x0) at wap/wtls.c:397 #10 0x080ea82d in new_thread (arg=0x82ce7e8) at gwlib/gwthread-pthread.c:362 #11 0x001a196e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #12 0x003ada0e in clone () from /lib/tls/i686/cmov/libc.so.6 (gdb) Can you provide the openssl commands you have used to create your certificate? I've created my the SSL certificate with the following commands: openssl req -new -newkey rsa:1024 -keyout server.key -out server.req openssl ca -policy policy_anything -notext -in server.req -out server.crt And the following configuration: group = wtls certificate-file = /etc/kannel/server.crt privatekey-file = /etc/kannel/server.key privatekey-password = password I've tried to remove the password from the private key file with the command: openssl x509 -in server.crt -out nopass.crt but it hasn't worked either: 2011-07-21 19:18:59 [27074] [0] WARNING: Can't read private key /app/users/vgw1.0/install/etc/kannel/nopass.key Any other idea? Thanks in advance, Armindo Antunes On 06-07-2011 21:17, Nikos Balkanas wrote: Hmmm. I had tested it also with Openwave simulator, with no problems. Same code is used in my commercial gateway in major ISPs (real mobile traffic) without such problems either. It has been tested and developed using openssh-0.9.8.[g,h]. Maybe there is something there. Does this happen only with Openwave, and the 2 mobiles you mentioned, or with just about anything you have tried? Please post new detailed wapbox logs of 1 failed attempt. Compile with debug CFLAGS (-g -Wall -- remove -s or -Ox) and if possible upload somewhere the core for me (can send details personally). If not post the gdb core function stack (use: where) BR, Nikos 2011/7/6 Armindo Antunes armindo.antu...@gmail.com Nikos, thanks for the feedback! See my questions below. Best regards, Armindo Antunes On 06-07-2011 17:27, Nikos Balkanas wrote: Hi, Look at the openssl site for certificate instructions. It is not kannel's responsibility. Make sure that certificates are self-signed and without password. Comment out privatekey-password from wtls configuration and retry. Still the same behavior... any other idea? Alex: There was a section in UG about wtls configuration. It even included certificate generation instructions. Apparently this was removed. Now, that wtls is supported again, it should be put back. Is it possible to recover this information? At least the certificate generation instructions? Thanks again, Armindo
Re: wap 1.x and wtls
Just adding that your gdb function stack is more reminiscent of kannel 1.4.3... HTH, Nikos - Original Message - From: Nikos Balkanas nbalka...@gmail.com To: Armindo Antunes armindo.antu...@gmail.com Cc: us...@vm1.kannel.org Sent: Thursday, July 21, 2011 11:05 PM Subject: Re: wap 1.x and wtls That took a while...;-) If you remove the password from you key, you should also comment out the privatekey-password from your configuration. With respect to your key questions, I will submit a patch to the documentation for wtls, which should answer your questions. Also, where did you download this kannel version from? Your gdb trace doesn't correspond to the latest svn: wap/wtls.c 820: static void wtls_event_handle(WTLSMachine * wtls_machine, WAPEvent * event) Verify that you have this line at this position in your sources. Your gdb stack shows a completely different built: #8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480 wtls_event_handle is called with the wrong number of arguments (1 - 2). Besides, wtls_event_handle is not called from the state in wap/wtls_state-decl.h:480. For instructions on how to download the latest svn go to kannel's site. Else make sure that you run (and gdb) the correct binary. BR, Nikos - Original Message - From: Alvaro Cornejo cornejo.alv...@gmail.com To: Armindo Antunes armindo.antu...@gmail.com Cc: Nikos Balkanas nbalka...@gmail.com; users@kannel.org Sent: Thursday, July 21, 2011 9:38 PM Subject: Re: wap 1.x and wtls might be obvious but have you chequed permissions on your key file for the user running kannel? |-| Envνe y Reciba Datos y mensajes de Texto (SMS) hacia y desde cualquier celular y Nextel en el Perϊ, Mιxico y en mas de 180 paises. Use aplicaciones 2 vias via SMS y GPRS online Visitenos en www.perusms.NET www.smsglobal.com.mx y www.pravcom.com On Thu, Jul 21, 2011 at 1:22 PM, Armindo Antunes armindo.antu...@gmail.com wrote: Hi again, I'm now using openssl v0.9.8.h but it still crashes: (gdb) where #0 0x0012d422 in __kernel_vsyscall () #1 0x0030a651 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0x0030da82 in abort () from /lib/tls/i686/cmov/libc.so.6 #3 0x0034149d in ?? () from /lib/tls/i686/cmov/libc.so.6 #4 0x003c2350 in __fortify_fail () from /lib/tls/i686/cmov/libc.so.6 #5 0x003c22fa in __stack_chk_fail () from /lib/tls/i686/cmov/libc.so.6 #6 0x080c977e in wtls_choose_ciphersuite (ciphersuites=0x82d8ac0) at wap/wtls_statesupport.c:1190 #7 0x080c018a in clientHello (event=value optimized out, wtls_machine=0x82d8550) at wap/wtls.c:458 #8 0x080c0ed9 in wtls_event_handle (arg=0x0) at wap/wtls_state-decl.h:480 #9 main_thread (arg=0x0) at wap/wtls.c:397 #10 0x080ea82d in new_thread (arg=0x82ce7e8) at gwlib/gwthread-pthread.c:362 #11 0x001a196e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #12 0x003ada0e in clone () from /lib/tls/i686/cmov/libc.so.6 (gdb) Can you provide the openssl commands you have used to create your certificate? I've created my the SSL certificate with the following commands: openssl req -new -newkey rsa:1024 -keyout server.key -out server.req openssl ca -policy policy_anything -notext -in server.req -out server.crt And the following configuration: group = wtls certificate-file = /etc/kannel/server.crt privatekey-file = /etc/kannel/server.key privatekey-password = password I've tried to remove the password from the private key file with the command: openssl x509 -in server.crt -out nopass.crt but it hasn't worked either: 2011-07-21 19:18:59 [27074] [0] WARNING: Can't read private key /app/users/vgw1.0/install/etc/kannel/nopass.key Any other idea? Thanks in advance, Armindo Antunes On 06-07-2011 21:17, Nikos Balkanas wrote: Hmmm. I had tested it also with Openwave simulator, with no problems. Same code is used in my commercial gateway in major ISPs (real mobile traffic) without such problems either. It has been tested and developed using openssh-0.9.8.[g,h]. Maybe there is something there. Does this happen only with Openwave, and the 2 mobiles you mentioned, or with just about anything you have tried? Please post new detailed wapbox logs of 1 failed attempt. Compile with debug CFLAGS (-g -Wall -- remove -s or -Ox) and if possible upload somewhere the core for me (can send details personally). If not post the gdb core function stack (use: where) BR, Nikos 2011/7/6 Armindo Antunes armindo.antu...@gmail.com Nikos, thanks for the feedback! See my questions below. Best regards, Armindo Antunes On 06-07-2011 17:27, Nikos Balkanas wrote: Hi, Look at the openssl site for certificate instructions. It is not kannel's responsibility. Make sure that certificates are self-signed and without password. Comment out privatekey-password from wtls configuration and retry. Still the same behavior... any other idea? Alex: There was a section in UG
wap 1.x and wtls
Hi! I'm trying to use the current development release 1.5.0 as a wap 1.x gateway on ubuntu linux. Unsecured connections are working fine but when enabling secure connections, the wapbox doesn't respond and it crashes on the handshake phase. I've tested with Openwave v7 Simulator, Nokia 7650 and Sony Ericsson T68i without success. Could it be the way I've generated the certificate? openssl req -new -newkey rsa:1024 -keyout server.key -out server.req openssl ca -policy policy_anything -notext -in server.req -out server.crt The OpenSSL version is 1.0.0d that I've compiled to include RC5 algorithm. Where can I find the proper instrutions to create the needed certificates for the WTLS connection? Please find in attach my kannel configuration (and certificates), wireshark capture and complete logs for the request. Any help would be appreciated. Thanks in Advance, Armindo Antunes Complete logs: sudo tail -f /var/log/kannel/*.log == /var/log/kannel/bearerbox.log == 2011-07-06 10:44:44 [925] [10] DEBUG: datagram received 2011-07-06 10:44:44 [925] [12] DEBUG: Did not find previous routing info for WDP, generating new 2011-07-06 10:44:44 [925] [20] DEBUG: send_msg: sending msg to box: 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: boxc_sender: sent message to 127.0.0.1 2011-07-06 10:44:44 [925] [19] INFO: Connection closed by the box 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: send_msg: sending msg to box: 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: Thread 20 (gw/bb_boxc.c:boxc_sender) terminates. 2011-07-06 10:44:44 [925] [19] DEBUG: Thread 19 (gw/bb_boxc.c:function) terminates. 2011-07-06 10:44:44 [925] [13] INFO: Client connected from 127.0.0.1 2011-07-06 10:44:44 [925] [13] DEBUG: Started thread 21 (gw/bb_boxc.c:function) 2011-07-06 10:44:44 [925] [21] DEBUG: Thread 21 (gw/bb_boxc.c:function) maps to pid 925. 2011-07-06 10:44:44 [925] [21] DEBUG: setting up systems for new wapbox 2011-07-06 10:44:44 [925] [21] DEBUG: Started thread 22 (gw/bb_boxc.c:boxc_sender) 2011-07-06 10:44:44 [925] [22] DEBUG: Thread 22 (gw/bb_boxc.c:boxc_sender) maps to pid 925. == /var/log/kannel/wapbox.log == 2011-07-06 10:44:44 [2318] [0] DEBUG: Msg object at 0x8685038: 2011-07-06 10:44:44 [2318] [0] DEBUG: type: wdp_datagram 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.source_address: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683af0: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 12 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 13 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 31 37 32 2e 31 38 2e 30 2e 32 33 33 172.18.0.233 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string dump ends. 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.source_port: 8502 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.destination_address: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683b98: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 7 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 8 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 30 2e 30 2e 30 2e 30 0.0.0.0 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string dump ends. 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.destination_port: 9203 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.user_data: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683c30: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 229 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 230 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: c3 00 00 00 e0 01 00 dd 01 00 05 f8 ee 51 c2 7f .Q.. 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 27 4c c7 f2 5a 77 f0 1d f1 00 00 20 08 00 02 04 'L..Zw. 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 00 00 00 00 05 00 02 04 00 00 00 00 07 00 02 04 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 00 00 00 00 06 00 02 04 00 00 00 00 00 8a 08 00 2011-07-06 10:44:44 [2318] [0] DEBUG:data: fe 7d fb 7f c3 4f 6e b9 6b 04 7e 77 5d 97 b2 27 .}...On.k.~w]..' 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 88 ed 34 c3 dc 08 00 fe 7a 48 cd 96 45 57 6a 0b ..4.zH..EWj. 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 49 55 89 7e 45 f5 ee b7 92 48 37 7f 08 00 fe 27 IU.~EH7' 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 28 80 d8 ff 97 9c dc 60 33 6f b8 f0 a4 7d d7 b0 (..`3o...}.. 2011-07-06 10:44:44 [2318] [0] DEBUG:data: de 72 9c 08 00 fe c6 eb ff 5b 34 25 fe 67 44 81 .r...[4%.gD. 2011-07-06 10:44:44 [2318] [0] DEBUG:data: d1 aa 3b 10 d8 71 b9 be 58 60 08 00 fe b1 b0 a7 ..;..q..X`.. 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 82 7e f7 18 c4 75 12 b7 37 29 06 2b 62 e4 57 64 .~...u..7).+b.Wd 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 09 08 00 fe 7c 67 ee 07 82 8c 0a 9f 5a 06
Re: wap 1.x and wtls
Hi, Look at the openssl site for certificate instructions. It is not kannel's responsibility. Make sure that certificates are self-signed and without password. Comment out privatekey-password from wtls configuration and retry. Alex: There was a section in UG about wtls configuration. It even included certificate generation instructions. Apparently this was removed. Now, that wtls is supported again, it should be put back. BR, Nikos - Original Message - From: Armindo Antunes armindo.antu...@gmail.com To: users@kannel.org Sent: Wednesday, July 06, 2011 1:28 PM Subject: wap 1.x and wtls Hi! I'm trying to use the current development release 1.5.0 as a wap 1.x gateway on ubuntu linux. Unsecured connections are working fine but when enabling secure connections, the wapbox doesn't respond and it crashes on the handshake phase. I've tested with Openwave v7 Simulator, Nokia 7650 and Sony Ericsson T68i without success. Could it be the way I've generated the certificate? openssl req -new -newkey rsa:1024 -keyout server.key -out server.req openssl ca -policy policy_anything -notext -in server.req -out server.crt The OpenSSL version is 1.0.0d that I've compiled to include RC5 algorithm. Where can I find the proper instrutions to create the needed certificates for the WTLS connection? Please find in attach my kannel configuration (and certificates), wireshark capture and complete logs for the request. Any help would be appreciated. Thanks in Advance, Armindo Antunes Complete logs: sudo tail -f /var/log/kannel/*.log == /var/log/kannel/bearerbox.log == 2011-07-06 10:44:44 [925] [10] DEBUG: datagram received 2011-07-06 10:44:44 [925] [12] DEBUG: Did not find previous routing info for WDP, generating new 2011-07-06 10:44:44 [925] [20] DEBUG: send_msg: sending msg to box: 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: boxc_sender: sent message to 127.0.0.1 2011-07-06 10:44:44 [925] [19] INFO: Connection closed by the box 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: send_msg: sending msg to box: 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: Thread 20 (gw/bb_boxc.c:boxc_sender) terminates. 2011-07-06 10:44:44 [925] [19] DEBUG: Thread 19 (gw/bb_boxc.c:function) terminates. 2011-07-06 10:44:44 [925] [13] INFO: Client connected from 127.0.0.1 2011-07-06 10:44:44 [925] [13] DEBUG: Started thread 21 (gw/bb_boxc.c:function) 2011-07-06 10:44:44 [925] [21] DEBUG: Thread 21 (gw/bb_boxc.c:function) maps to pid 925. 2011-07-06 10:44:44 [925] [21] DEBUG: setting up systems for new wapbox 2011-07-06 10:44:44 [925] [21] DEBUG: Started thread 22 (gw/bb_boxc.c:boxc_sender) 2011-07-06 10:44:44 [925] [22] DEBUG: Thread 22 (gw/bb_boxc.c:boxc_sender) maps to pid 925. == /var/log/kannel/wapbox.log == 2011-07-06 10:44:44 [2318] [0] DEBUG: Msg object at 0x8685038: 2011-07-06 10:44:44 [2318] [0] DEBUG: type: wdp_datagram 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.source_address: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683af0: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 12 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 13 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 31 37 32 2e 31 38 2e 30 2e 32 33 33 172.18.0.233 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string dump ends. 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.source_port: 8502 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.destination_address: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683b98: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 7 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 8 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 30 2e 30 2e 30 2e 30 0.0.0.0 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string dump ends. 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.destination_port: 9203 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.user_data: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683c30: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 229 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 230 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: c3 00 00 00 e0 01 00 dd 01 00 05 f8 ee 51 c2 7f .Q.. 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 27 4c c7 f2 5a 77 f0 1d f1 00 00 20 08 00 02 04 'L..Zw. 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 00 00 00 00 05 00 02 04 00 00 00 00 07 00 02 04 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 00 00 00 00 06 00 02 04 00 00 00 00 00 8a 08 00 2011-07-06 10:44:44 [2318] [0] DEBUG:data: fe 7d fb 7f c3 4f 6e b9 6b 04 7e 77 5d 97 b2 27 .}...On.k.~w]..' 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 88 ed 34 c3 dc 08 00 fe 7a 48 cd 96 45 57 6a 0b ..4.zH..EWj. 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 49 55 89 7e 45 f5 ee b7 92 48 37 7f 08
Re: wap 1.x and wtls
Nikos, thanks for the feedback! See my questions below. Best regards, Armindo Antunes On 06-07-2011 17:27, Nikos Balkanas wrote: Hi, Look at the openssl site for certificate instructions. It is not kannel's responsibility. Make sure that certificates are self-signed and without password. Comment out privatekey-password from wtls configuration and retry. Still the same behavior... any other idea? Alex: There was a section in UG about wtls configuration. It even included certificate generation instructions. Apparently this was removed. Now, that wtls is supported again, it should be put back. Is it possible to recover this information? At least the certificate generation instructions? Thanks again, Armindo
Re: wap 1.x and wtls
Hmmm. I had tested it also with Openwave simulator, with no problems. Same code is used in my commercial gateway in major ISPs (real mobile traffic) without such problems either. It has been tested and developed using openssh-0.9.8.[g,h]. Maybe there is something there. Does this happen only with Openwave, and the 2 mobiles you mentioned, or with just about anything you have tried? Please post new detailed wapbox logs of 1 failed attempt. Compile with debug CFLAGS (-g -Wall -- remove -s or -Ox) and if possible upload somewhere the core for me (can send details personally). If not post the gdb core function stack (use: where) BR, Nikos 2011/7/6 Armindo Antunes armindo.antu...@gmail.com Nikos, thanks for the feedback! See my questions below. Best regards, Armindo Antunes On 06-07-2011 17:27, Nikos Balkanas wrote: Hi, Look at the openssl site for certificate instructions. It is not kannel's responsibility. Make sure that certificates are self-signed and without password. Comment out privatekey-password from wtls configuration and retry. Still the same behavior... any other idea? Alex: There was a section in UG about wtls configuration. It even included certificate generation instructions. Apparently this was removed. Now, that wtls is supported again, it should be put back. Is it possible to recover this information? At least the certificate generation instructions? Thanks again, Armindo
Re: wap 1.x and wtls
Hi, I don't know which informations you mean. Any details or better patch? Alex Am 06.07.2011 um 18:27 schrieb Nikos Balkanas: Hi, Look at the openssl site for certificate instructions. It is not kannel's responsibility. Make sure that certificates are self-signed and without password. Comment out privatekey-password from wtls configuration and retry. Alex: There was a section in UG about wtls configuration. It even included certificate generation instructions. Apparently this was removed. Now, that wtls is supported again, it should be put back. BR, Nikos - Original Message - From: Armindo Antunes armindo.antu...@gmail.com To: users@kannel.org Sent: Wednesday, July 06, 2011 1:28 PM Subject: wap 1.x and wtls Hi! I'm trying to use the current development release 1.5.0 as a wap 1.x gateway on ubuntu linux. Unsecured connections are working fine but when enabling secure connections, the wapbox doesn't respond and it crashes on the handshake phase. I've tested with Openwave v7 Simulator, Nokia 7650 and Sony Ericsson T68i without success. Could it be the way I've generated the certificate? openssl req -new -newkey rsa:1024 -keyout server.key -out server.req openssl ca -policy policy_anything -notext -in server.req -out server.crt The OpenSSL version is 1.0.0d that I've compiled to include RC5 algorithm. Where can I find the proper instrutions to create the needed certificates for the WTLS connection? Please find in attach my kannel configuration (and certificates), wireshark capture and complete logs for the request. Any help would be appreciated. Thanks in Advance, Armindo Antunes Complete logs: sudo tail -f /var/log/kannel/*.log == /var/log/kannel/bearerbox.log == 2011-07-06 10:44:44 [925] [10] DEBUG: datagram received 2011-07-06 10:44:44 [925] [12] DEBUG: Did not find previous routing info for WDP, generating new 2011-07-06 10:44:44 [925] [20] DEBUG: send_msg: sending msg to box: 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: boxc_sender: sent message to 127.0.0.1 2011-07-06 10:44:44 [925] [19] INFO: Connection closed by the box 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: send_msg: sending msg to box: 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: Thread 20 (gw/bb_boxc.c:boxc_sender) terminates. 2011-07-06 10:44:44 [925] [19] DEBUG: Thread 19 (gw/bb_boxc.c:function) terminates. 2011-07-06 10:44:44 [925] [13] INFO: Client connected from 127.0.0.1 2011-07-06 10:44:44 [925] [13] DEBUG: Started thread 21 (gw/bb_boxc.c:function) 2011-07-06 10:44:44 [925] [21] DEBUG: Thread 21 (gw/bb_boxc.c:function) maps to pid 925. 2011-07-06 10:44:44 [925] [21] DEBUG: setting up systems for new wapbox 2011-07-06 10:44:44 [925] [21] DEBUG: Started thread 22 (gw/bb_boxc.c:boxc_sender) 2011-07-06 10:44:44 [925] [22] DEBUG: Thread 22 (gw/bb_boxc.c:boxc_sender) maps to pid 925. == /var/log/kannel/wapbox.log == 2011-07-06 10:44:44 [2318] [0] DEBUG: Msg object at 0x8685038: 2011-07-06 10:44:44 [2318] [0] DEBUG: type: wdp_datagram 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.source_address: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683af0: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 12 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 13 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 31 37 32 2e 31 38 2e 30 2e 32 33 33 172.18.0.233 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string dump ends. 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.source_port: 8502 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.destination_address: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683b98: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 7 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 8 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 30 2e 30 2e 30 2e 30 0.0.0.0 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string dump ends. 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.destination_port: 9203 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.user_data: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683c30: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 229 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 230 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: c3 00 00 00 e0 01 00 dd 01 00 05 f8 ee 51 c2 7f .Q.. 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 27 4c c7 f2 5a 77 f0 1d f1 00 00 20 08 00 02 04 'L..Zw. 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 00 00 00 00 05 00 02 04 00 00 00 00 07 00 02 04 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 00 00 00 00 06 00 02 04 00 00 00 00 00 8a 08 00 2011-07-06 10:44:44 [2318] [0] DEBUG:data: fe 7d fb 7f c3 4f 6e b9 6b
Re: wap 1.x and wtls
Thanks, I'll try that. Armindo On 06-07-2011 21:17, Nikos Balkanas wrote: Hmmm. I had tested it also with Openwave simulator, with no problems. Same code is used in my commercial gateway in major ISPs (real mobile traffic) without such problems either. It has been tested and developed using openssh-0.9.8.[g,h]. Maybe there is something there. Does this happen only with Openwave, and the 2 mobiles you mentioned, or with just about anything you have tried? Please post new detailed wapbox logs of 1 failed attempt. Compile with debug CFLAGS (-g -Wall -- remove -s or -Ox) and if possible upload somewhere the core for me (can send details personally). If not post the gdb core function stack (use: where) BR, Nikos 2011/7/6 Armindo Antunes armindo.antu...@gmail.com mailto:armindo.antu...@gmail.com Nikos, thanks for the feedback! See my questions below. Best regards, Armindo Antunes On 06-07-2011 17:27, Nikos Balkanas wrote: Hi, Look at the openssl site for certificate instructions. It is not kannel's responsibility. Make sure that certificates are self-signed and without password. Comment out privatekey-password from wtls configuration and retry. Still the same behavior... any other idea? Alex: There was a section in UG about wtls configuration. It even included certificate generation instructions. Apparently this was removed. Now, that wtls is supported again, it should be put back. Is it possible to recover this information? At least the certificate generation instructions? Thanks again, Armindo
Re: wap 1.x and wtls
My mistake. I was under the impression that there was a wtls configuration section in UG, but looking back to 10/12/2008 there never was one. I wonder why, and how did Armindo understand how to configure it. BR, Nikos On Thu, Jul 7, 2011 at 12:19 AM, Alexander Malysh amal...@kannel.orgwrote: Hi, I don't know which informations you mean. Any details or better patch? Alex Am 06.07.2011 um 18:27 schrieb Nikos Balkanas: Hi, Look at the openssl site for certificate instructions. It is not kannel's responsibility. Make sure that certificates are self-signed and without password. Comment out privatekey-password from wtls configuration and retry. Alex: There was a section in UG about wtls configuration. It even included certificate generation instructions. Apparently this was removed. Now, that wtls is supported again, it should be put back. BR, Nikos - Original Message - From: Armindo Antunes armindo.antu...@gmail.com To: users@kannel.org Sent: Wednesday, July 06, 2011 1:28 PM Subject: wap 1.x and wtls Hi! I'm trying to use the current development release 1.5.0 as a wap 1.x gateway on ubuntu linux. Unsecured connections are working fine but when enabling secure connections, the wapbox doesn't respond and it crashes on the handshake phase. I've tested with Openwave v7 Simulator, Nokia 7650 and Sony Ericsson T68i without success. Could it be the way I've generated the certificate? openssl req -new -newkey rsa:1024 -keyout server.key -out server.req openssl ca -policy policy_anything -notext -in server.req -out server.crt The OpenSSL version is 1.0.0d that I've compiled to include RC5 algorithm. Where can I find the proper instrutions to create the needed certificates for the WTLS connection? Please find in attach my kannel configuration (and certificates), wireshark capture and complete logs for the request. Any help would be appreciated. Thanks in Advance, Armindo Antunes Complete logs: sudo tail -f /var/log/kannel/*.log == /var/log/kannel/bearerbox.log == 2011-07-06 10:44:44 [925] [10] DEBUG: datagram received 2011-07-06 10:44:44 [925] [12] DEBUG: Did not find previous routing info for WDP, generating new 2011-07-06 10:44:44 [925] [20] DEBUG: send_msg: sending msg to box: 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: boxc_sender: sent message to 127.0.0.1 2011-07-06 10:44:44 [925] [19] INFO: Connection closed by the box 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: send_msg: sending msg to box: 127.0.0.1 2011-07-06 10:44:44 [925] [20] DEBUG: Thread 20 (gw/bb_boxc.c:boxc_sender) terminates. 2011-07-06 10:44:44 [925] [19] DEBUG: Thread 19 (gw/bb_boxc.c:function) terminates. 2011-07-06 10:44:44 [925] [13] INFO: Client connected from 127.0.0.1 2011-07-06 10:44:44 [925] [13] DEBUG: Started thread 21 (gw/bb_boxc.c:function) 2011-07-06 10:44:44 [925] [21] DEBUG: Thread 21 (gw/bb_boxc.c:function) maps to pid 925. 2011-07-06 10:44:44 [925] [21] DEBUG: setting up systems for new wapbox 2011-07-06 10:44:44 [925] [21] DEBUG: Started thread 22 (gw/bb_boxc.c:boxc_sender) 2011-07-06 10:44:44 [925] [22] DEBUG: Thread 22 (gw/bb_boxc.c:boxc_sender) maps to pid 925. == /var/log/kannel/wapbox.log == 2011-07-06 10:44:44 [2318] [0] DEBUG: Msg object at 0x8685038: 2011-07-06 10:44:44 [2318] [0] DEBUG: type: wdp_datagram 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.source_address: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683af0: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 12 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 13 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 31 37 32 2e 31 38 2e 30 2e 32 33 33 172.18.0.233 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string dump ends. 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.source_port: 8502 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.destination_address: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683b98: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 7 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 8 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: 30 2e 30 2e 30 2e 30 0.0.0.0 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string dump ends. 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.destination_port: 9203 2011-07-06 10:44:44 [2318] [0] DEBUG: wdp_datagram.user_data: 2011-07-06 10:44:44 [2318] [0] DEBUG: Octet string at 0x8683c30: 2011-07-06 10:44:44 [2318] [0] DEBUG:len: 229 2011-07-06 10:44:44 [2318] [0] DEBUG:size: 230 2011-07-06 10:44:44 [2318] [0] DEBUG:immutable: 0 2011-07-06 10:44:44 [2318] [0] DEBUG:data: c3 00 00 00 e0 01 00 dd 01 00 05 f8 ee 51 c2 7f .Q.. 2011-07-06 10:44:44 [2318] [0] DEBUG
Re: Patch: wtls provision
Hi Nikos, sorry for delay, patch commited to branch and after testing will be merged to trunk. This branch can be found at: https://svn.kannel.org/gateway/branches/wtls_provision I would like to see more people that can test/review this patch. Thanks, Alexander Malysh Am 26.04.2010 um 01:34 schrieb Nikos Balkanas: Hi Alex, As stressed I never implied any wrongdoing from your part. If anything you are the only person dedicated to this project like a regular job. Rest of us are mostly daydreaming small snippets in our free time. There can be no kannel without you. The Patch is back. Reformatted according to your specs. Let me know if you need anything more. Like in the original, it will provide for the following wtls functionality: A) Supported MACs: SHA_0, SHA_40, SHA_80, SHA_NOLIMIT, MD5_40, MD5_80, MD5_NOLIMIT MIA's: SHA_XOR_40 B) Supported Ciphers: RC5_CBC_40, RC5_CBC_56, RC5_CBC, DES_CBC, DES_CBC_40 MIA's: NULL_bulk, TRIPLE_DES_CBC_EDE, IDEA_CBC_40, IDEA_CBC_56, IDEA_CBC C) Supported Keys: RSA_anon MIA's: RSA_anon_512, RSA_anon_768, RSA_NOLIMIT, RSA_512, RSA_768, ECDH_anon, ECDH_anon_113, ECDH_anon_131, ECDH_ECDSA_NOLIMIT Keys might seem a shortcoming, but I have yet to see a mobile that doesn't support RSA_anon. I do expect that a few of the rest of the keys are supported as well (i.e. RSA_anon_512, RSA_anon_768) just didn't have the chance to test them. D) Spec States All wtls states are supported except: 1) Suspend/resume wtls session 2) Cipher change when already connected I have not come across these states when testing with a variety of mobiles. In practice (2) is implemented through another client hello while already connected to the same client. BR, Nikos - Original Message - From: Alexander Malysh To: Nikos Balkanas Cc: de...@kannel.org Sent: Tuesday, April 13, 2010 12:49 AM Subject: Re: Patch: wtls provision Hi Nikos, sorry for delay but I hope you saw that WAP is not my part... if you still want to contribute this patch then I'm willing to help you with it. What I need from you: 1) patch with white spaces ignore 2) description how I can test your patch You can send me these things in private email but please understand that we are all volunteers and don't receive salary for our work and make this only in our private time. So for such large patches it may take some time to review, test and commit it. Thanks for your understanding and contribution, Alexander Malysh kannel.diff.gz
Re: wap wtls core
Dear Stipe, Sorry for contacting you outside the list but there is a wap problem that could be very emparassing to explain to my client, and he may be monitoring the list. I have completed wtls, but for the past week or so, I am not releasing it, because i get packet timeouts both on simulators and mobiles. I noticed that reply packets are fragmented and only the first fragment is sent through bearerbox. This happens to all modes, connectionless, connection oriented, secure, open, etc. The difference being that the few lines at the end that are missing are the closing tags, and in clear transactions browsers can handle them (they close the tags themselves). However, in wtls, this cuts off encryption and MACs, which is not acceptable. Both mobiles and simulators time out waiting for the other fragment, which never arrives. Any ideas about it? Do you know where to look about it? Are SAR functions to blame? This is rather urgent, Thanx, Nikos - Original Message - From: Stipe Tolj s...@tolj.org Cc: users@kannel.org Sent: Friday, February 20, 2009 7:34 PM Subject: Re: wap wtls core Nikos Balkanas schrieb: Dear Stipe, Thanx a lot for the reply. I am not only interested, I am working full time to implement it. Work is a bit difficult through the many preprocessor defines (especially ROW) which gdb cannot handle in a graceful manner. In wap/wtls.c I see also the signatures of Nick Clarey and Yann Muller for 3G LAB (2001). I imagine 3Glabs were involved as well. Hi Nikos, yup, it was 3G Labs and not ANAM, sorry, I got it messed up. I intend to develop kannel compatible code and offer it as a patch. I will download the patches and see what I can do from then on. I will bother you again, over the devel list, if I have any questions. Yeah, go ahead ;) Stipe -- --- Kölner Landstrasse 419 40589 Düsseldorf, NRW, Germany tolj.org system architecture Kannel Software Foundation (KSF) http://www.tolj.org/ http://www.kannel.org/ mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org ---
Re: wap wtls core
Hi, Please disregard. It seems to be a solaris fragmentation issue. BR, Nikos - Original Message - From: Nikos Balkanas nbalka...@gmail.com To: Stipe Tolj s...@tolj.org Cc: users@kannel.org Sent: Saturday, March 14, 2009 11:39 PM Subject: Re: wap wtls core Dear Stipe, Sorry for contacting you outside the list but there is a wap problem that could be very emparassing to explain to my client, and he may be monitoring the list. I have completed wtls, but for the past week or so, I am not releasing it, because i get packet timeouts both on simulators and mobiles. I noticed that reply packets are fragmented and only the first fragment is sent through bearerbox. This happens to all modes, connectionless, connection oriented, secure, open, etc. The difference being that the few lines at the end that are missing are the closing tags, and in clear transactions browsers can handle them (they close the tags themselves). However, in wtls, this cuts off encryption and MACs, which is not acceptable. Both mobiles and simulators time out waiting for the other fragment, which never arrives. Any ideas about it? Do you know where to look about it? Are SAR functions to blame? This is rather urgent, Thanx, Nikos - Original Message - From: Stipe Tolj s...@tolj.org Cc: users@kannel.org Sent: Friday, February 20, 2009 7:34 PM Subject: Re: wap wtls core Nikos Balkanas schrieb: Dear Stipe, Thanx a lot for the reply. I am not only interested, I am working full time to implement it. Work is a bit difficult through the many preprocessor defines (especially ROW) which gdb cannot handle in a graceful manner. In wap/wtls.c I see also the signatures of Nick Clarey and Yann Muller for 3G LAB (2001). I imagine 3Glabs were involved as well. Hi Nikos, yup, it was 3G Labs and not ANAM, sorry, I got it messed up. I intend to develop kannel compatible code and offer it as a patch. I will download the patches and see what I can do from then on. I will bother you again, over the devel list, if I have any questions. Yeah, go ahead ;) Stipe -- --- Kölner Landstrasse 419 40589 Düsseldorf, NRW, Germany tolj.org system architecture Kannel Software Foundation (KSF) http://www.tolj.org/ http://www.kannel.org/ mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org ---
Re: wap wtls core
Nikos Balkanas schrieb: Hi, I have established that this is a general problem and wtls doesn't work in kannel. Any leads, ideas? Hi Nikos, yep, the WTLS stack was initially contributed by a company called ANAM from Ireland. They had a couple of guys that were into Kannel. The architectural stuff is there AFAIK, but they never finished it. Another company from Asia provided a kwtls package, that sits in-front of the bearerbox (UDP listener) to handle the WTLS stuff. That one worked, but was unstable. The main road map for WTLS was therefore: use the existing WTLS stack architecture in Kannel and extend it with the working parts of the kwtls package itself (which also used Kannel libs internally). If you're interested, please find here the things from 3ui: http://www.kannel.org/~tolj/patchsets/ I'll TRY to assist. Keep in mind that crypto stuff is really head-breaking ;) Stipe -- --- Kölner Landstrasse 419 40589 Düsseldorf, NRW, Germany tolj.org system architecture Kannel Software Foundation (KSF) http://www.tolj.org/ http://www.kannel.org/ mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org ---
Re: wap wtls core
Dear Stipe, Thanx a lot for the reply. I am not only interested, I am working full time to implement it. Work is a bit difficult through the many preprocessor defines (especially ROW) which gdb cannot handle in a graceful manner. In wap/wtls.c I see also the signatures of Nick Clarey and Yann Muller for 3G LAB (2001). I imagine 3Glabs were involved as well. I intend to develop kannel compatible code and offer it as a patch. I will download the patches and see what I can do from then on. I will bother you again, over the devel list, if I have any questions. BR, Nikos - Original Message - From: Stipe Tolj s...@tolj.org Cc: users@kannel.org Sent: Friday, February 20, 2009 5:19 PM Subject: Re: wap wtls core Nikos Balkanas schrieb: Hi, I have established that this is a general problem and wtls doesn't work in kannel. Any leads, ideas? Hi Nikos, yep, the WTLS stack was initially contributed by a company called ANAM from Ireland. They had a couple of guys that were into Kannel. The architectural stuff is there AFAIK, but they never finished it. Another company from Asia provided a kwtls package, that sits in-front of the bearerbox (UDP listener) to handle the WTLS stuff. That one worked, but was unstable. The main road map for WTLS was therefore: use the existing WTLS stack architecture in Kannel and extend it with the working parts of the kwtls package itself (which also used Kannel libs internally). If you're interested, please find here the things from 3ui: http://www.kannel.org/~tolj/patchsets/ I'll TRY to assist. Keep in mind that crypto stuff is really head-breaking ;) Stipe -- --- Kölner Landstrasse 419 40589 Düsseldorf, NRW, Germany tolj.org system architecture Kannel Software Foundation (KSF) http://www.tolj.org/ http://www.kannel.org/ mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org ---
Re: wap wtls core
Nikos Balkanas schrieb: Dear Stipe, Thanx a lot for the reply. I am not only interested, I am working full time to implement it. Work is a bit difficult through the many preprocessor defines (especially ROW) which gdb cannot handle in a graceful manner. In wap/wtls.c I see also the signatures of Nick Clarey and Yann Muller for 3G LAB (2001). I imagine 3Glabs were involved as well. Hi Nikos, yup, it was 3G Labs and not ANAM, sorry, I got it messed up. I intend to develop kannel compatible code and offer it as a patch. I will download the patches and see what I can do from then on. I will bother you again, over the devel list, if I have any questions. Yeah, go ahead ;) Stipe -- --- Kölner Landstrasse 419 40589 Düsseldorf, NRW, Germany tolj.org system architecture Kannel Software Foundation (KSF) http://www.tolj.org/ http://www.kannel.org/ mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org ---
wap wtls core
Hi, Has anyone used wap secure connections? I am trying to with my PC client, winwap, and i am getting core dumps in the key exchange. I was wondering if it is an error from my client or a more general wtls problem. Thanks, Nikos
Re: wap wtls core
Hi, I have established that this is a general problem and wtls doesn't work in kannel. Any leads, ideas? Thanx, Nikos - Original Message - From: Nikos Balkanas To: users@kannel.org Sent: Thursday, February 19, 2009 4:54 PM Subject: wap wtls core Hi, Has anyone used wap secure connections? I am trying to with my PC client, winwap, and i am getting core dumps in the key exchange. I was wondering if it is an error from my client or a more general wtls problem. Thanks, Nikos
Re: wtls
Let me rephrase my question, because I am bombarded by humour :-) In my experiences with wap I have never configured wtls. There are no examples in documentation. I have never needed it. When do we need to configure it in? Is it bearerbox or wapbox that uses it? Looking at the source code i see that UDP 9200 9201 do not need wtls. 9202 9203 need encryption and wtls. So propably bearerbox opens the ports and wapbox decrypts them. If i don't set wtls, bearerbox doesn't open the secure ports. So it is required. certficate-file: I imagine it is a PEM server certificate privatekey-file: PEM server Key file privatekey-passwd: optional Maybe it should go into the documentation. Thanx, Nikos - Original Message - From: Nikos Balkanas To: users@kannel.org Sent: Friday, January 09, 2009 3:07 PM Subject: wtls Hi, What is the wtls group for? And who uses it? Thanx, Nikos
RE: WTLS certificates
Hi all, Is anybody using WTLS? De: Carlos Parada [EMAIL PROTECTED] Enviado: quinta-feira, 14 de Agosto de 2008 12:55 Para: users@kannel.org Assunto: WTLS certificates Hi all, I would like to use WTLS. However, the manual does not refer the wtls conf group, (I saw this in the source code) group = wtls certificate-file = ca-file.cert privatekey-file = privatekey-file.key privatekey-password = privatekey.pass Is there any example of usage available? Anybody knows how can I create a certificate and keys for that? Thanks in advance, Carlos Parada
WTLS certificates
Hi all, I would like to use WTLS. However, the manual does not refer the wtls conf group, (I saw this in the source code) group = wtls certificate-file = ca-file.cert privatekey-file = privatekey-file.key privatekey-password = privatekey.pass Is there any example of usage available? Anybody knows how can I create a certificate and keys for that? Thanks in advance, Carlos Parada
Re: WTLS with openssl support
have you install openssl-develrpm? On Tue, Jul 22, 2008 at 11:18 PM, Carlos Parada [EMAIL PROTECTED] wrote: (sorry for wrong thread subject. That's the right one) Hi all, I would like to compile kannel 1.4.1 with WTLS support. However openssl coming with RedHat AS5 does not support it. Anybody knows where I can find rpms for this support? (I have search on the Internet without success). Thanks in advance, Carlos Parada -- Regards, Ady Wicaksono Email: ady.wicaksono at gmail.com http://adywicaksono.wordpress.com/
RE: WTLS with openssl support
have you install openssl-develrpm? [Carlos Parada] Yes I have. But it seems the problem is that the openssl rpm for RedHat AS 5 Is not compiled with RC5 support for patent reasons, and this is needed for kannel. I'm trying to compile it from source rpm, but I'm having many problems. I though that in the whole kannel community many people should have Faced this problem and could help me bringing any tip. I don't know if it is only a RedHat issue or it happens in other systems. Any tips? On Tue, Jul 22, 2008 at 11:18 PM, Carlos Parada [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: (sorry for wrong thread subject. That's the right one) Hi all, I would like to compile kannel 1.4.1 with WTLS support. However openssl coming with RedHat AS5 does not support it. Anybody knows where I can find rpms for this support? (I have search on the Internet without success). Thanks in advance, Carlos Parada -- Regards, Ady Wicaksono Email: ady.wicaksono at gmail.com http://adywicaksono.wordpress.com/
WTLS with openssl support
(sorry for wrong thread subject. That's the right one) Hi all, I would like to compile kannel 1.4.1 with WTLS support. However openssl coming with RedHat AS5 does not support it. Anybody knows where I can find rpms for this support? (I have search on the Internet without success). Thanks in advance, Carlos Parada
kannel wap2.0 and wtls
Hello, Please, someone help me with this question or confirmations. Does kannel support wap 2.0? What about wtls, does kannel support wtls or plan to support the wtls? Or is still necessary to use the kwtls patch for support it? Thanks very much!, Ivone _ Charla con tus amigos en línea mediante MSN Messenger: http://messenger.latam.msn.com/
WTLS in kannel wapgateway
Hi , I would like to ask you guys , how it would be possible to enabled WTLS in kannel wap gateway ?Thanx in advance,Kane. Access over 1 million songs - Yahoo! Music Unlimited Try it today.
RE: WTLS
Title: RE: WTLS How do we go about ensuring that our clients use WTLS to connect to our application? Can we force them to have to use WTLS? I'd guess it depends on the WAP client implementation; At least I'd expect a https:// scheme in the URL to indicate to the WAP client that a secure session is required.
RE: WTLS
Paul, Thanks for your reply J Yes, your assumption is correct; it is a WAP 1.x based server-side application. How do we go about ensuring that our clients use WTLS to connect to our application? Can we force them to have to use WTLS? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Goldspring Sent: 09 December 2005 00:31 To: users@kannel.org Subject: OT: WTLS Hi, This is off-topic for the list, but I figured it would be a worth my while posing my query here. What is involved in developing WAP-based applications that use WTLS? I presumethat you're talking about WAP 1.x here and not WAP 2.0 as WAP 2.0 is SSL/TLS through a HTTP proxy from a security perspective. I also presume you're talking about server sideapplications rather than client side ? On the server, your applications should be unaware that WTLS isused as it is below the WTP layer. However, the WAP gateway may have a policy to enforce SSL/TLS towards the web server if WTLS is used. Is it simply a matter of throwing an SSL certificate on our web server and going from there? No. WTLS is between the WAP client and the WAP gateway. The security policy between the HTTP client in the WAP gateway andyour web server is a separate issue. Do we have to deploy our own WAP gateway and have our clients reconfigure their devices when they wish to use our application? No. Usually the carrier will support WTLS. Do we require the cooperation of our clients mobile-carrier WAP gateways? Only if you get into PKItrust issues. Bestcase is that the carriers certificate is issued by one of the trusted roots in the device. If not, then you'll need to talk to the carrier (or suffer the customer care issues of subscribers being prompted as to whether they trust a certificate or not) Do we have to buy another certificate for WTLS? Only if you're running your own WAP gateway. Even then it depends on whether its an open or closed user group, from a security policy perspective. Regards, Brent
RE: WTLS
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent GoldspringSent: 09 December 2005 00:31To: users@kannel.orgSubject: OT: WTLS Hi, This is off-topic for the list, but I figured it would be a worth my while posing my query here. What is involved in developing WAP-based applications that use WTLS? I presumethat you're talking about WAP 1.x here and not WAP 2.0 as WAP 2.0 is SSL/TLS through a HTTP proxy from a security perspective. I also presume you're talking about server sideapplications rather than client side ? On the server, your applications should be unaware that WTLS isused as it is below the WTP layer. However, the WAP gateway may have a policy to enforce SSL/TLS towards the web server if WTLS is used. Is it simply a matter of throwing an SSL certificate on our web server and going from there? No. WTLS is between the WAP client and the WAP gateway. The security policy between the HTTP client in the WAP gateway andyour web server is a separate issue. Do we have to deploy our own WAP gateway and have our clients reconfigure their devices when they wish to use our application? No. Usually the carrier will support WTLS. Do we require the cooperation of our clients mobile-carrier WAP gateways? Only if you get into PKItrust issues. Bestcase is that the carriers certificate is issued by one of the trusted roots in the device. If not, then you'll need to talk to the carrier (or suffer the customer care issues of subscribers being prompted as to whether they trust a certificate or not) Do we have to buy another certificate for WTLS? Only if you're running your own WAP gateway. Even then it depends on whether its an open or closed user group, from a security policy perspective. Regards, Brent
OT: WTLS
Hi, This is off-topic for the list, but I figured it would be a worth my while posing my query here. What is involved in developing WAP-based applications that use WTLS? Is it simply a matter of throwing an SSL certificate on our web server and going from there? Do we have to deploy our own WAP gateway and have our clients reconfigure their devices when they wish to use our application? Do we require the cooperation of our clients’ mobile-carrier WAP gateways? Do we have to buy another certificate for WTLS? Regards, Brent
WTLS certificate
hey, does anyone know how to generate a WTLS certificate on you own? without paying $1M to Verisign ... tanx, Mait
Re: WTLS certificate
Hey, Mait Mandel wrote: hey, does anyone know how to generate a WTLS certificate on you own? without paying $1M to Verisign ... If thats like standard certificates then openssl genrsa -out private.pem openssl req -new -x509 -key private.pem -out public.pem -days 365 You can get them much much cheaper than verisign. I think we paid 55 UK pounds. Be aware that if you use a self signed one other providers etc may well not accept that. Gareth -- Gareth Reakes, Managing Director Parthenon Computing +44-1865-811184 http://www.parthcomp.com
WTLS and Kannel 1.4 - Query - Does it Work?
Hi Everyone, I am wondering if WTLS support in kannel 1.4.0 is there? I am trying to get the WTLS component of the the Kannel Wap Gateway working on Cygwin system. I have successfully configured with the with-wtls=openssl switch. I have also compiled the openssl package with the FIPS switch. When I start-up the gateway. I get the following output: $ ./bearerbox.exe ../kannel/etc/wapkannel.conf 2005-06-21 11:09:20 [3540] [0] INFO: Debug_lvl = -1, log_file = none, log_lvl = 0 2005-06-21 11:09:20 [3540] [0] WARNING: DLR: using default 'internal' for storage type. 2005-06-21 11:09:20 [3540] [0] INFO: DLR using storage type: internal 2005-06-21 11:09:20 [3540] [0] DEBUG: Kannel bearerbox version `1.4.0'. Build `Jun 20 2005 17:19:17', compiler `3.4.4 (cygming special) (gdc 0.12, using dmd 0.125)'. System CYGWIN_NT-5.1, release 1.5.17(0.129/4/2), version 2005-05-25 19:38, machine i686. Hostname [WITHHELD], IP [X.X.X.X]. Libxml version 2.6.16. Using WTLS library OpenSSL 0.9.7g 11 Apr 2005. Using native malloc. 2005-06-21 11:09:20 [3540] [0] INFO: Added logfile `/tmp/bearerbox.log' with level `1'. 2005-06-21 11:09:20 [3540] [0] ERROR: SSL: error:02001002:system library:fopen:No such file or direc tory 2005-06-21 11:09:20 [3540] [0] PANIC: reading global server certificate file my-wap.cert, the certif icate isn't consistent with the private key in file my-wap.key ( or failed reading the file) My kannel.conf looks like this: group = core admin-port = 13000 wapbox-port = 13002 admin-password = bar #status-password = foo #admin-deny-ip = #admin-allow-ip = wdp-interface-name = * log-file = /tmp/bearerbox.log log-level = 1 box-deny-ip = *.*.*.* box-allow-ip = 127.0.0.1 #access-log = access.log #store-file = kannel.store ssl-server-key-file = my-wap.key ssl-server-cert-file = my-wap.cert group = wapbox bearerbox-host = localhost log-file = /tmp/wapbox.log log-level = 0 syslog-level = none access-log = /tmp/wapaccess.log FYI both the key and cert file are in the same directory as the conf file. Can anyone help? Has anyone got the WTLS stuff to work? Has anyone instructions on how to generate appropiate private/public keys and certificates (self-signed)? Regards, Faisal Nazir
Re: WTLS and Kannel 1.4 - Query - Does it Work?
Hi, Nazir Faisal-NZRF001 wrote: *FYI both the key and cert file are in the same directory as the conf file.* Its relative to the directory the kannel is started in, not the conf file. *Can anyone help? Has anyone got the WTLS stuff to work?* Yep. *Has anyone instructions on how to generate appropiate private/public keys and certificates (self-signed)?* #create keys with #openssl genrsa -out private.pem #openssl req -new -x509 -key private.pem -out public.pem -days 365 Change the parameters if you need different behavior. Be warned though, if you use self signed then lots of things won't talk to you! Cheers, Gareth -- Gareth Reakes, Managing Director Parthenon Computing +44-1865-811184 http://www.parthcomp.com
Re: FW: WTLS and Kannel 1.4 - Query - Does it Work?
Hey, I only had a little play a while ago and it seemed to work. I don't even have a config file. I think I was using CVS at the time, have you tried it with the head? Sorry I can't be of any more help, Gareth Nazir Faisal-NZRF001 wrote: I read through the wapbox.c and found I needed a group called wtls where I needed the following parameters in the kannel.conf file group = wtls certificate-file = /usr/local/kannel/etc/my-wap.cert privatekey-file = /usr/local/kannel/etc/my-wap.key privatekey-password = [] I added this in an UDP ports 9202 and 9203 were up. However when I try to make a secure connection I get a coredump.. look at the debug log below (at end of message). What I am doing wrong? Is there any documentation on how to set-up WTLS on Kannel? Regards, Faisal $ ./wapbox.exe ../kannel/etc/wapkannel.conf 2005-06-21 12:02:55 [248] [0] INFO: Debug_lvl = -1, log_file = none, log_lvl = 0 2005-06-21 12:02:55 [248] [0] DEBUG: Kannel wapbox version `1.4.0'. Build `Jun 20 2005 17:19:17', compiler `3.4.4 (cygming special) (gdc 0.12, using dmd 0.125)'. System CYGWIN_NT-5.1, release 1.5.17(0.129/4/2), version 2005-05-25 19:38, machine i686. Hostname ZUK02-5664, IP 192.168.0.6. Libxml version 2.6.16. Using WTLS library OpenSSL 0.9.7g 11 Apr 2005. Using native malloc. 2005-06-21 12:02:55 [248] [0] DEBUG: Dumping Cfg 0x1010e0d0 2005-06-21 12:02:55 [248] [0] DEBUG: filename = ../kannel/etc/wapkannel.conf 2005-06-21 12:02:55 [248] [0] DEBUG: dumping group (wapbox): 2005-06-21 12:02:55 [248] [0] DEBUG: log-level = 0 2005-06-21 12:02:55 [248] [0] DEBUG: log-file = /tmp/wapbox.log 2005-06-21 12:02:55 [248] [0] DEBUG: bearerbox-host = localhost 2005-06-21 12:02:55 [248] [0] DEBUG: group = wapbox 2005-06-21 12:02:55 [248] [0] DEBUG: access-log = /tmp/wapaccess.log 2005-06-21 12:02:55 [248] [0] DEBUG: syslog-level = none 2005-06-21 12:02:55 [248] [0] DEBUG: dumping group (core): 2005-06-21 12:02:55 [248] [0] DEBUG: wapbox-port = 13002 2005-06-21 12:02:55 [248] [0] DEBUG: log-level = 1 2005-06-21 12:02:55 [248] [0] DEBUG: log-file = /tmp/bearerbox.log 2005-06-21 12:02:55 [248] [0] DEBUG: box-allow-ip = 127.0.0.1 2005-06-21 12:02:55 [248] [0] DEBUG: admin-password = bar 2005-06-21 12:02:55 [248] [0] DEBUG: box-deny-ip = *.*.*.* 2005-06-21 12:02:55 [248] [0] DEBUG: group = core 2005-06-21 12:02:55 [248] [0] DEBUG: wdp-interface-name = * 2005-06-21 12:02:55 [248] [0] DEBUG: admin-port = 13000 2005-06-21 12:02:55 [248] [0] DEBUG: dumping group (wtls): 2005-06-21 12:02:55 [248] [0] DEBUG: privatekey-file = /usr/local/kannel/etc/my-wap.key 2005-06-21 12:02:55 [248] [0] DEBUG: group = wtls 2005-06-21 12:02:55 [248] [0] DEBUG: certificate-file = /usr/local/kannel/etc/my-wap.cert 2005-06-21 12:02:55 [248] [0] DEBUG: privatekey-password = 2005-06-21 12:02:55 [248] [0] DEBUG: Dump ends. 2005-06-21 12:02:55 [248] [0] DEBUG: map_url_max = -1 2005-06-21 12:02:55 [248] [0] INFO: Added logfile `/tmp/wapbox.log' with level `0'. 2005-06-21 12:02:55 [248] [0] INFO: Starting to log to file /tmp/wapbox.log level 0 2005-06-21 12:02:55 [248] [0] DEBUG: syslog parameter is none 2005-06-21 12:02:55 [248] [0] INFO: Logging accesses to '/tmp/wapaccess.log'. 2005-06-21 12:02:55 [248] [0] INFO: Started access logfile `/tmp/wapaccess.log'. 2005-06-21 12:02:55 [248] [0] DEBUG: certificate parameter is °#◄►! 2005-06-21 12:02:55 [248] [0] DEBUG: certificate parameter is °#◄► 2005-06-21 12:02:55 [248] [0] INFO: 2005-06-21 12:02:55 [248] [0] INFO: Kannel wapbox version 1.4.0 starting up. 2005-06-21 12:02:55 [248] [0] DEBUG: Started thread 1 (wap/wsp_session.c:main_thread) 2005-06-21 12:02:55 [248] [0] DEBUG: Started thread 2 (wap/wsp_unit.c:main_thread) 2005-06-21 12:02:55 [248] [1] DEBUG: Thread 1 (wap/wsp_session.c:main_thread) maps to pid 248. 2005-06-21 12:02:55 [248] [0] DEBUG: Started thread 3 (wap/wsp_push_client.c:main_thread)2005-06-21 12:02:55 [248] [2] DEBUG: Thread 2 (wap/wsp_unit.c:main_thread) maps to pid 248. 2005-06-21 12:02:55 [248] [3] DEBUG: Thread 3 (wap/wsp_push_client.c:main_thread) maps to pid 248. 2005-06-21 12:02:55 [248] [0] DEBUG: Started thread 4 (wap/timers.c:watch_timers) 2005-06-21 12:02:55 [248] [0] DEBUG: Started thread 5 (wap/wtp_resp.c:main_thread)2005-06-21 12:02:5 5 [248] [4] DEBUG: Thread 4 (wap/timers.c:watch_timers) maps to pid 248. 2005-06-21 12:02:55 [248] [5] DEBUG: Thread 5 (wap/wtp_resp.c:main_thread) maps to pid 248. 2005-06-21 12:02:55 [248] [0] DEBUG: Started thread 6 (gw/wap-appl.c:main_thread) 2005-06-21 12:02:55 [248] [0] DEBUG: Started thread 7 (gw/wap-appl.c:return_replies_thread)2005-06-2 1 12:02:55 [248] [6] DEBUG: Thread 6 (gw/wap-appl.c:main_thread) maps to pid 248. 2005-06-21 12:02:55 [248] [7] DEBUG: Thread 7 (gw/wap-appl.c:return_replies_thread) maps to pid 248. 2005-06-21 12:02:55 [248] [0] DEBUG
RE: FW: WTLS and Kannel 1.4 - Query - Does it Work?
I'm pretty sure this does'nt work. Check the user and dev archives for similar questions. As far as I recall, the implementation was never finished and no-one has picked it up.
RE: FW: WTLS and Kannel 1.4 - Query - Does it Work?
Thanks for that. That confirms my suspicions. Regards, Faisal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gareth Reakes Sent: 21 June 2005 12:51 To: Paul Keogh; users@kannel.org Subject: Re: FW: WTLS and Kannel 1.4 - Query - Does it Work? Hey, If thats so then I must have imagined playing with it. Sorry about that. Gareth Paul Keogh wrote: I'm pretty sure this does'nt work. Check the user and dev archives for similar questions. As far as I recall, the implementation was never finished and no-one has picked it up. -- Gareth Reakes, Managing Director Parthenon Computing +44-1865-811184 http://www.parthcomp.com
Re: Using Kernel with WTLS
Christian Zorn wrote: Hi List, I want to set up a kernel WAP Gateway with WTLS. Does anybody have experience how to set up the mobile phone so i can have secure traffic with my Web-server via Mobile Phone? Can I use the usual Mobile Service Provider APNs (e.g. wap.vodafone.de) with Port 9203 and and the IP of my Kernel WAP-WTLS-Gateway? I may guess no. Since generally the core WAP profiles (GPRS and CSD) of operators do firewall external IPs and let you only access the operator's WAP gw. If it is only a request to use WTLS from phone to gw, you may also use Vodafone's own WAP GW. I'm not quite sure if they do HTTPS on the WAP GW to HTTP server side, but they may. Kannel would support it. Unfortunatly there is no full WTLS support for Kannel, but there is an external box that can dock to kannel's bearerbox for the WTLS layer, it's kwtls, see Kannel's web site for download. In order to have Kannel doing your WTLS to HTTP server traffic you (may) move to the general IP-APN from Vodafone. Stipe mailto:stolj_{at}_wapme.de --- Wapme Systems AG Vogelsanger Weg 80 40470 Düsseldorf, NRW, Germany phone: +49.211.74845.0 fax: +49.211.74845.299 mailto:info_{at}_wapme-systems.de http://www.wapme-systems.de/ ---
Using Kernel with WTLS
: Tue, 15 Feb 2005 17:26:37 - ** **Dear fellows, Hi List, I want to set up a kernel WAP Gateway with WTLS. Does anybody have experience how to set up the mobile phone so i can have secure traffic with my Web-server via Mobile Phone? Can I use the usual Mobile Service Provider APNs (e.g. wap.vodafone.de) with Port 9203 and and the IP of my Kernel WAP-WTLS-Gateway? Thanks for your help Christian mailto:[EMAIL PROTECTED]
Using Kernel with WTLS
Hi List, I want to set up a kernel WAP Gateway with WTLS. Does anybody have experience how to set up the mobile phone so i can have secure traffic with my Web-server via Mobile Phone? Can I use the usual Mobile Service Provider APNs (e.g. wap.vodafone.de) with Port 9203 and and the IP of my Kernel WAP-WTLS-Gateway? Thanks for your help Christian mailto:[EMAIL PROTECTED]
Re: WTLS...
pls read the user guide before posting
WTLS...
Is support for WTLS available in the Kannel WAP gateway? If so, how can it be activated? Thanks! Brad
Re: Some clarification about WTLS
Let me clear out one thing before answering the question. Having a secure connection between the WAP gateway and a site https is totally independent from having a secure connection between the handset and the WAP gateway. In other words, when you connected to the bank, your wap traffic up until your carrier was not secure but the gateway must have had an https connection with the bank. Kannel''s WTLS implementation is not complete. (I'm actually sparing sometime to work on that, but nothing worth mentioning is committed). Yet, someone (I forgot the name, guys help out, I'm away from my server) wrote kwtls, a small program that listens for WTLS connection works out the secure layer of the connection and forwards the rest to Kannel's standard non secure port. I'm actually running it in a test environment; Seg faults every now and then but works great when it's alive :) On Fri, 29 Oct 2004 21:56:47 -0400, Nestor Peña [EMAIL PROTECTED] wrote: Hi to everybody. I have a little problem, and I don't have too much knowledge about this area. Perhaps you can clarify me the situation. My provider is GSM based. When I was in an operator based in CDMA, my cellphone (Motorola V8160) was already configured by the operator. It established a secure connection with HTTPS-based websites. I switched to another operator (the GSM-based). But, in the new operator, when I'm connecting in HTTPS-based websites, the cellphones (Motorola V70 and V80) always says the connection is unsecured. I called the operator call-center, and they said me GPRS/GSM doesn't need that because is secure in the air because we blahblahblah but they doesn't solve the problem. Moreover, they says it's normal. Look at my phone: I'm connecting to a bank and they doesn't show the 'padlock closed' . I complain about that, but I'm not received an answer after two or three months. After that, I prefer to solve the problem by myself. I installed Kannel in my own server. My cellphone can contact it perfectly, but it keep saying the same: unsecured connection. AFAIK, the cellphone is accessing the website via WAP in WTS, but when they're connecting in a HTTPS-enabled site, uses WTS but not WTLS. Am I correct or totally wrong? My question: Is possible to Kannel to secure the connection between WAP gateway and cellphone with SSL (using WTLS?) when sees a https:// header? V70/V80 phones has an option called Secured WAP, but if I enable it, wapbox (Kannel 1.4.0) dies saying Unknown PDU and an assertion failed, and the phone browser shows an error dialog saying File Type Not Recognized. I run Ethereal to sniff the connection, and in this mode, the phone send WTLS Hello packets, including a certificate, but wapbox seems to not understand that. I'm using the default port 9201. Thanks in advance. -- Néstor Peña - Nestor Pe~na [EMAIL PROTECTED] - [EMAIL PROTECTED] M$N: [EMAIL PROTECTED] ICQ: 6686426 Universidad Central de Venezuela Caracas - Venezuela -- abulyomon KiLLTHeUPLiNK.com
Re: Some clarification about WTLS
El Vie 29 Oct 2004 10:34 PM, Yaman Saqqa escribió: Let me clear out one thing before answering the question. Having a secure connection between the WAP gateway and a site https is totally independent from having a secure connection between the handset and the WAP gateway. In other words, when you connected to the bank, your wap traffic up until your carrier was not secure but the gateway must have had an https connection with the bank. I known that. The 'weak link in the string' is the wap gateway, where all the traffic (TLS-secured or not) is plain. Because of that, if the operator has the guts to say pleeeze, plze, trust in me, let the connection gw - phone clear, we will not sniff your credit card numbers, I will NOT trust in it. This is the reason why I'm searching for a solution in my own. Kannel''s WTLS implementation is not complete. (I'm actually sparing sometime to work on that, but nothing worth mentioning is committed). Yet, someone (I forgot the name, guys help out, I'm away from my server) wrote kwtls, a small program that listens for WTLS connection works out the secure layer of the connection and forwards the rest to Kannel's standard non secure port. I'm actually running it in a test environment; Seg faults every now and then but works great when it's alive :) Oh, thanks for the tip! I'm Googling for kwtls, but I didn't found anything. Can you send me a URL to download it? Thanks for your answer. I never bring two cellphones anymore only for check HTTPS sites ;-) -- Néstor Peña - Nestor Pe~na [EMAIL PROTECTED] - [EMAIL PROTECTED] M$N: [EMAIL PROTECTED] ICQ: 6686426 Universidad Central de Venezuela Caracas - Venezuela
Re: Some clarification about WTLS
On Fri, 29 Oct 2004 22:46:27 -0400, Nestor Peña [EMAIL PROTECTED] wrote: El Vie 29 Oct 2004 10:34 PM, Yaman Saqqa escribió: Let me clear out one thing before answering the question. Having a secure connection between the WAP gateway and a site https is totally independent from having a secure connection between the handset and the WAP gateway. In other words, when you connected to the bank, your wap traffic up until your carrier was not secure but the gateway must have had an https connection with the bank. I known that. The 'weak link in the string' is the wap gateway, where all the traffic (TLS-secured or not) is plain. Because of that, if the operator has the guts to say pleeeze, plze, trust in me, let the connection gw - phone clear, we will not sniff your credit card numbers, I will NOT trust in it. This is the reason why I'm searching for a solution in my own. :) Well ... I hear ya there! Kannel''s WTLS implementation is not complete. (I'm actually sparing sometime to work on that, but nothing worth mentioning is committed). Yet, someone (I forgot the name, guys help out, I'm away from my server) wrote kwtls, a small program that listens for WTLS connection works out the secure layer of the connection and forwards the rest to Kannel's standard non secure port. I'm actually running it in a test environment; Seg faults every now and then but works great when it's alive :) Oh, thanks for the tip! I'm Googling for kwtls, but I didn't found anything. Can you send me a URL to download it? http://kannel.org/download/wtls/kwtls-1.0.3.tar.gz The real tip would be: you have to recompile openssl with RC5 support if you'll be using RC5 encryption. Thanks for your answer. I never bring two cellphones anymore only for check HTTPS sites ;-) -- Néstor Peña - Nestor Pe~na [EMAIL PROTECTED] - [EMAIL PROTECTED] M$N: [EMAIL PROTECTED] ICQ: 6686426 Universidad Central de Venezuela Caracas - Venezuela -- abulyomon KiLLTHeUPLiNK.com
Re: Some clarification about WTLS
El Vie 29 Oct 2004 11:16 PM, Yaman Saqqa escribió: The real tip would be: you have to recompile openssl with RC5 support if you'll be using RC5 encryption. Hehehe, thanks again for the tip... I'm now in that: libwtls.a(wtls_encrypt.o)(.text+0x1911): En la función `wtls_YZ5_cbc_decrypt': /tmp/g/kwtls-1.0.3/wtls_encrypt.c:672: undefined reference to `EVP_rc5_32_12_16_cbc' See ya, and thanks again for your help... -- Néstor Peña - Nestor Pe~na [EMAIL PROTECTED] - [EMAIL PROTECTED] M$N: [EMAIL PROTECTED] ICQ: 6686426 Universidad Central de Venezuela Caracas - Venezuela
WTLS question, please help!
1) If I want to try to use WTLS with the WAP I and I have to files cert.pem (generated from the private key) and root.pem (the CA root certificate) how should the kannel.conf file be configured? ssl-server-cert-file = ? ssl-server-key-file = ? ssl-certkey-file = ? 2) Or if I generated my own certificate: openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024 openssl rsa -in server.key -out server.pem openssl req -new -key server.key -out server.csr openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt openssl x509 -req -days 60 -in server.csr -signkey server.key -out server-cert.pem and I have these files: server.key server.pem server.csr server.crt server-cert.pem Which should be use and how to be able to have WTLS? Which is what? Sorry for these stupid questions. It would be great to have a little section in the kannel documentation explaining how to do this. Many thanks for your help!!! Miguel
WTLS, OpenSSL help needed
Hi, What is the current status of WTLS implementation of Kannel? I am trying to install like this: export LD_FLAGS=-L/usr/local/ssl/lib export CP_FLAGS=-I/usr/local/ssl/include ./configure --enable-ssl --with-ssl=/usr/local/ssl --with-wtls=openssl I have compiled openssl to /usr/local/ssl, it passes the test with the RC5 cipher, but after trying to compile Kannel (1.3.1) I get the following error: . . . libwap.a(wtls_statesupport.o)(.text+0x72b):wap/wtls_statesupport.c:376 : undefined reference to 'RC5_32_cbc_encrypt' collect2: ld returned 1 exit status make: *** [gw/wapbox] Error 1 Can anybody provide a step-by-step wtls installation method ? Thank you! Laszlo Toth
WTLS
Hi Has anyone got WTLS support running on linux 8 ? or anything else for that matter? I have tried and installed gateway1.3.1 and openssl 9.7c. - configure with the wtls option seems to work OK , then the make falls over with the following. Any Ideas? Roger gcc -D_REENTRANT=1 -I. -Igw -g -O2 -DBROKEN_PTHREADS=1 -I/usr/include/libxml2 -I/usr/local/ssl/include -o gw/wapbox gw/wapbox.o libgw.a libwmlscript.a libwap.a libgwlib.a -lssl -lpthread -lresolv -lnsl -lm -L/usr/lib -lxml2 -lz -lm -L/usr/local/ssl/lib -lcrypto -lssl -L/usr/local/ssl/lib -lcrypto libwap.a(wtls_statesupport.o): In function `wtls_decrypt_rc5': /home/rogerc/gateway-1.3.1/wap/wtls_statesupport.c:291: undefined reference to `RC5_32_set_key' /home/rogerc/gateway-1.3.1/wap/wtls_statesupport.c:299: undefined reference to `RC5_32_cbc_encrypt' /home/rogerc/gateway-1.3.1/wap/wtls_statesupport.c:317: undefined reference to `RC5_32_cbc_encrypt' libwap.a(wtls_statesupport.o): In function `wtls_encrypt_rc5': /home/rogerc/gateway-1.3.1/wap/wtls_statesupport.c:354: undefined reference to `RC5_32_set_key' /home/rogerc/gateway-1.3.1/wap/wtls_statesupport.c:360: undefined reference to `RC5_32_cbc_encrypt' /home/rogerc/gateway-1.3.1/wap/wtls_statesupport.c:376: undefined reference to `RC5_32_cbc_encrypt' libgwlib.a(pki.o): In function `pki_init': /home/rogerc/gateway-1.3.1/gwlib/pki.c:24: undefined reference to `OPENSSL_add_all_algorithms_noconf' collect2: ld returned 1 exit status make: *** [gw/wapbox] Error 1
WTLS
Hi, I was wondering if anyone could tell me how well v1.2.1 deals with secure sites (WTLS) please? Thanks -- Raj Kothary :: one|concept http://www.oneconcept.net [EMAIL PROTECTED] + 44 (0)79 5647 2746 oneconcept limited :: 2nd Floor West, 3-4A Little Portland Street, London W1A 5AG Confidentiality notice: The information transmitted in this email and/or any attached document(s) is confidential and intended only for the person or entity to which it is addressed and may contain privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
kwtls patch running - wtls kannel
Hi, When I run kwtls like that , it works alright. (I am now trying on Linux) With the default keys of kwtls, phone gets secure connection. But when I create custom key files with mk_cert and a phone connects , we get the following error from kwtls. It does not stop but the phone does not receive any data. Does anybody have any idea on what I am doing wrong ? Thanks... # ./kwtls 81.8.2.203 Kwtls v 0.1.3 (RSA 1024,768,512) (RSA_anon 1024,768,512) (DH_anon 1024,768,512) (RC5_CBC/56/40) (DES) (MAC) Initialazing random generator Ok Loaded RSA 1024 Key from file Using built-in values for RSA 768 (Not recommend!) Using built-in values for RSA 512 (Not recommend!) IP gateway address : 81.8.2.203 listening on port 9203. Received from 195.87.246.3 (54813). No machine found... creating one kannel_socket is 4. client_version is 1. Assign NEW machine-current_security.session_id to [1] using YZ5_CBC as bulk algorithm Using a stored crtificate. Received from 195.87.246.3 (54813). one machine SID[1] found in the list. Rising alert Num: 43 Desc: WTLS_ALERT_UNSUPPORTED_CERTIFICATE Level: WTLS_ALERT_FATAL cannot occur, terminating handshake --- Ivone Uribe [EMAIL PROTECTED] wrote: Hi ilker! You have to run the kannel (bearerbox and wapbox..) and the patch like it: ./kwtls- ww.xx.yy.zz (this is your kannel ip) you don't need to run fake_wtls. Regards, Ivone __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/
kwtls patch running - wtls kannel
Hi, When I run kwtls like that , it works alright. (I am now trying on Linux) With the default keys of kwtls, phone gets secure connection. But when I create custom key files with mk_cert and a phone connects , we get the following error from kwtls. It does not stop but the phone does not receive any data. Does anybody have any idea on what I am doing wrong ? Thanks... # ./kwtls 81.8.2.203 Kwtls v 0.1.3 (RSA 1024,768,512) (RSA_anon 1024,768,512) (DH_anon 1024,768,512) (RC5_CBC/56/40) (DES) (MAC) Initialazing random generator Ok Loaded RSA 1024 Key from file Using built-in values for RSA 768 (Not recommend!) Using built-in values for RSA 512 (Not recommend!) IP gateway address : 81.8.2.203 listening on port 9203. Received from 195.87.246.3 (54813). No machine found... creating one kannel_socket is 4. client_version is 1. Assign NEW machine-current_security.session_id to [1] using YZ5_CBC as bulk algorithm Using a stored crtificate. Received from 195.87.246.3 (54813). one machine SID[1] found in the list. Rising alert Num: 43 Desc: WTLS_ALERT_UNSUPPORTED_CERTIFICATE Level: WTLS_ALERT_FATAL cannot occur, terminating handshake --- Ivone Uribe [EMAIL PROTECTED] wrote: Hi ilker! You have to run the kannel (bearerbox and wapbox..) and the patch like it: ./kwtls- ww.xx.yy.zz (this is your kannel ip) you don't need to run fake_wtls. Regards, Ivone __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/