Not able to use WSS as transport to send Register to the SIP server running on AWS

Question

Not able to use WSS as transport to send Register to the SIP server running on AWS

Closed this issue 8 months ago · 9 comments

I have one question regarding the client.

I was able to use the client setup in my local environment with the following code:
sipgo.NewClient(servUA, sipgo.WithClientPort(3000), sipgo.WithClientHostname("192.x.x.x"))

This works fine and I was able to initiate various SIP events such as SIP RGISTER, MESSAGE etc. on my local FreeSWITCH server.

Now I wanted to transfer this environment to my FS running on AWS.
On the AWS FS, I have configured for WSS support (added the wss.pem file as per the instructions of FS).
I have a certificate for my domain which is mapped to the AWS machine where this FS is running - so basically my domain ims..in is mapped to "13.x.x.x" IP address of AWS machine and I have added a security rule on AWS to accept requests on port 3000.

Now if I create the client using the following
sipgo.NewClient(servUA, sipgo.WithClientPort(3000), sipgo.WithClientHostname("ims.<my-domain>.in")) and then try to send the Register event, then the REGISTER packet does not go out.

the go module throws the error as "transport dial err=tls: failed to verify certificate: x509: cannot validate certificate for 13.x.x.x because it doesn't contain any IP SANs"

I am using req.SetDestination("192.x.x.x:3000") to set the destination locally and req.SetDestination("ims.<my-host>.in:3000") for AWS setup.

In the local setup, I have tried "ws", "udp" and "tcp" as the transport methods and they all work fine.
On AWS I am working with "wss" as I wanted to have a secure environment.

I am not sure what other params that I need to set to get this working.

Any help here to resolve the issue on AWS setup will be appreciated.

On a side note:
I also have a simple client based on SIP.js. Using this client I can Register with FS locally via "ws" and with AWS FS via "wss"...

Thanks

Also, Thank you for this wonderful project.

Answer 1 · 2024-03-23T23:14:33.000Z

Hi @p-akshay

I think issue is that we resolve hostname, before passing to tls dial.
This was done to optimize/ remove double resolving, but now I see it could be also a bug, as
we are not passing this to dialer.

Can you confirm that if you change addr here with your hostname[:port], it will fix your bug.
transport_wss.go

conn, _, _, err := t.dialer.Dial(ctx, "wss://"+addr)

I think we can call underhood t.dialer.TLSClient() for performing handshake, but this now means some code refactoring.

Answer 2 · 2024-03-24T06:57:13.000Z

@emiago

Thanks for a quick reply.

I can confirm that the fix that you have suggested is working as expected and I was able to interact with the AWS setup and completed testing of the different SIP events as well.

Thanks

Answer 3 · 2024-03-24T11:03:02.000Z

ok @p-akshay, I think we can provide some fix. We just need to pass hostname as part of raddr, and split conn and TLS handshake.

Answer 4 · 2024-03-29T12:55:50.000Z

fixed on main.
Pls reopen if fix does not work

Answer 5 · 2024-04-09T05:56:22.000Z

Hi @emiago ,

I think the fix added is not working
Tested this on v0.20.0 today, ... system is crashing

attached the panic logs

Let me know if you need any other help

Panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x1354eea]

goroutine 1 [running]:
github.com/emiago/sipgo/sip.newWSSTransport.func1({0x15dbc78?, 0xc0000aa380}, {0xc0000b89d8?, 0xc0000b89d8?})
/Users/akshaypatil/go/pkg/mod/github.com/emiago/sipgo@v0.20.0/sip/transport_wss.go:36 +0x2a
github.com/emiago/sipgo/sip.(*transportWSS).CreateConnection(0xc0000aa2a8, {0x15d9310, 0x18f4540}, {{0x0, 0x0, 0x0}, 0x0, {0x0, 0x0}}, {{0xc0001f89cc, ...}, ...}, ...)
/Users/akshaypatil/go/pkg/mod/github.com/emiago/sipgo@v0.20.0/sip/transport_wss.go:100 +0x4dd
github.com/emiago/sipgo/sip.(*TransportLayer).ClientRequestConnection(0xc00019afc0, {0x15d9310, 0x18f4540}, 0xc0000ffe00)
/Users/akshaypatil/go/pkg/mod/github.com/emiago/sipgo@v0.20.0/sip/transport_layer.go:382 +0x77a
github.com/emiago/sipgo/sip.(*TransactionLayer).Request(0xc0000af360, {0x15d9310, 0x18f4540}, 0xc0000ffe00)
/Users/akshaypatil/go/pkg/mod/github.com/emiago/sipgo@v0.20.0/sip/transaction_layer.go:155 +0xf0
github.com/emiago/sipgo.(*Client).TransactionRequest(0xc0000af400, {0x15d9310, 0x18f4540}, 0xc0000ffe00, {0x0?, 0xc0000b8330?, 0x11?})
/Users/akshaypatil/go/pkg/mod/github.com/emiago/sipgo@v0.20.0/client.go:135 +0x10c
main.OutgoingRegister({{0xc0000f2920, 0x1d}, 0xc000220480, {0x0, 0x0}, {0xc0000b89d8, 0x11}, {0xc0000b8330, 0x11}, {0xc0000b5d70, ...}})

Answer 6 · 2024-04-09T08:20:09.000Z

ok @p-akshay . Will reopen then, seems I did not check nil case.

Answer 7 · 2024-04-09T08:22:47.000Z

you can try with providing tls config on user agent. I think that is issue. Normally you need todo this for custom certificates

Answer 8 · 2024-04-11T09:03:05.000Z

@p-akshay check again. And close if fixed

Answer 9 · 2024-04-11T09:53:55.000Z

Yes...It is working now in the main branch ...

Closing the same
Thanks again for the quick solution @emiago