<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello,</p>
<p>set debug=3 in kamailio.cfg, restart kamailio and try to connect
again with the client. Watch the logs and you should get more
details about what happens there.</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 06.09.19 19:05, <a class="moz-txt-link-abbreviated" href="mailto:david@aslo.us">david@aslo.us</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1567789524.78168340@apps.rackspace.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<font size="2" face="arial">
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;">Hello everyone,</p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;">I am trying to
configure TLS in kamailio (5.2.4) following this guide: <a
href="http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates"
moz-do-not-send="true">http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates</a></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;">Modules:</p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#!define
WITH_MYSQL</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#!define
WITH_AUTH</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#!define
WITH_USRLOCDB</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#!define
WITH_PRESENCE</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#!define
WITH_ALIASDB</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#!define
WITH_IMC</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#!define
WITH_TLS</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;">When i try to
connect via command line, this is the result (just including
relevant parts):</p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">$
openssl s_client -connect 192.X.X.X:5061 -tls1</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">CONNECTED(00000003)</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">depth=1
C = XX, ST = XXXX, L = XXXXXX, O = XXX CA, CN = XXX CA</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">verify
error:num=19:self signed certificate in certificate chain</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">verify
return:0</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">---</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">No
client certificate CA names sent</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">---</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">SSL
handshake has read 2550 bytes and written 336 bytes</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">---</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">---</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1"><span
class="Apple-converted-space"> </span>Start Time:
1567787935</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1"><span
class="Apple-converted-space"> </span>Timeout <span
class="Apple-converted-space"> </span>: 7200 (sec)</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1"><span
class="Apple-converted-space"> </span>Verify return
code: 19 (self signed certificate in certificate chain)</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">---</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">read:errno=0</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Now,
when I setup my clients, they connect to the server, but
they can't send messages or make calls.</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;">This is the TLS
startup LOG:</p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_mod.c:372]: mod_init(): With ECDH-Support!</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_mod.c:375]: mod_init(): With Diffie Hellman</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: CRITICAL: tls
[tls_init.c:671]: init_tls_h(): installed openssl library
version is too different from the library the kamailio tls
module was compiled with: installed "OpenSSL 1.1.1<span
class="Apple-converted-space"> </span>11 Sep 2018"
(0x1010100f), compiled "OpenSSL 1.1.0k<span
class="Apple-converted-space"> </span>28 May 2019"
(0x101000bf).#012 Please make sure a compatible version is
used (tls_force_run in kamailio.cfg will override this
check)</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: WARNING: tls
[tls_init.c:680]: init_tls_h(): tls_force_run turned on,
ignoring<span class="Apple-converted-space"> </span>openssl
version mismatch</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: WARNING: tls
[tls_init.c:778]: init_tls_h(): openssl bug #1491 (crash/mem
leaks on low memory) workaround enabled (on low memory tls
operations will fail preemptively) with free memory
thresholds 12582912 and 6291456 bytes</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: <core>
[core/cfg/cfg_ctx.c:595]: cfg_set_now():
tls.low_mem_threshold1 has been changed to 12582912</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: <core>
[core/cfg/cfg_ctx.c:595]: cfg_set_now():
tls.low_mem_threshold2 has been changed to 6291456</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: <core>
[main.c:2669]: main(): processes (at least): 24 - shm size:
67108864 - pkg size: 8388608</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: <core>
[core/udp_server.c:153]: probe_max_receive_buffer():
SO_RCVBUF is initially 212992</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: <core>
[core/udp_server.c:205]: probe_max_receive_buffer():
SO_RCVBUF is finally 425984</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:303]: ksr_tls_fill_missing():
TLSs<default>: tls_method=12</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:315]: ksr_tls_fill_missing():
TLSs<default>:
certificate='/etc/certs/192.X.X.X/cert.pem'</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:322]: ksr_tls_fill_missing():
TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:329]: ksr_tls_fill_missing():
TLSs<default>: crl='(null)'</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:333]: ksr_tls_fill_missing():
TLSs<default>: require_certificate=0</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:340]: ksr_tls_fill_missing():
TLSs<default>: cipher_list='(null)'</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:347]: ksr_tls_fill_missing():
TLSs<default>:
private_key='/etc/certs/192.X.X.X/key.pem'</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:351]: ksr_tls_fill_missing():
TLSs<default>: verify_certificate=0</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:354]: ksr_tls_fill_missing():
TLSs<default>: verify_depth=9</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: NOTICE: tls
[tls_domain.c:1087]: ksr_tls_fix_domain(): registered
server_name callback handler for socket [:0],
server_name='<default>' ...</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:707]: set_verification(): TLSs<default>:
No client certificate required and no checks performed</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:303]: ksr_tls_fill_missing():
TLSc<default>: tls_method=12</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:315]: ksr_tls_fill_missing():
TLSc<default>: certificate='(null)'</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:322]: ksr_tls_fill_missing():
TLSc<default>: ca_list='(null)'</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:329]: ksr_tls_fill_missing():
TLSc<default>: crl='(null)'</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:333]: ksr_tls_fill_missing():
TLSc<default>: require_certificate=0</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:340]: ksr_tls_fill_missing():
TLSc<default>: cipher_list='(null)'</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:347]: ksr_tls_fill_missing():
TLSc<default>: private_key='(null)'</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:351]: ksr_tls_fill_missing():
TLSc<default>: verify_certificate=0</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:354]: ksr_tls_fill_missing():
TLSc<default>: verify_depth=9</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:57
aslo-kamailio /usr/sbin/kamailio[5845]: INFO: tls
[tls_domain.c:710]: set_verification(): TLSc<default>:
Server MAY present invalid certificate</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:58
aslo-kamailio /usr/sbin/kamailio[5862]: INFO: jsonrpcs
[jsonrpcs_sock.c:443]: jsonrpc_dgram_process(): a new child
0/5862</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:41:58
aslo-kamailio /usr/sbin/kamailio[5866]: INFO: ctl
[io_listener.c:214]: io_listen_loop(): io_listen_loop:<span
class="Apple-converted-space"> </span>using epoll_lt io
watch method (config)</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;">This is my
tls.cfg file:</p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">[server:default]</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">method
= TLSv1</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">verify_certificate
= no</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">require_certificate
= no</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">private_key
= /etc/certs/192.X.X.X/key.pem</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">certificate
= /etc/certs/192.X.X.X/cert.pem</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">ca_list
= /etc/certs/demoCA/cert.pem</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#crl
= /etc/kamailio/tls/crl.pem</span></p>
<p class="p3" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#
---</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#
This is the default client domain profile.</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#
Settings in this domain will be used for all outgoing</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#
TLS connections that do not match any other</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#
client domain in this configuration file.</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#
We require that servers present valid certificate.</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">[client:default]</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">method
= TLSv1</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">verify_certificate
= no</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">require_certificate
= no</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">These
are the relevant parts of my kamailio.cfg:</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#
alias="sip.mydomain.com"</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1"><span
class="Apple-converted-space"> </span>alias=192.X.X.X:5060</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1"><span
class="Apple-converted-space"> </span>alias=192.X.X.X:5061</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">/*
uncomment and configure the following line if you want
Kamailio to</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">
* bind on a specific interface/port/proto (default bind on
all available) */</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1"><span
class="Apple-converted-space"> </span>listen=<a class="moz-txt-link-freetext" href="udp:192.X.X.X:5060">udp:192.X.X.X:5060</a></span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1"><span
class="Apple-converted-space"> </span>listen=tcp:192.X.X.X:5060</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1"><span
class="Apple-converted-space"> </span>listen=tls:192.X.X.X:5061</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#!ifdef
WITH_TLS</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">enable_tls=yes</span></p>
<p class="p3" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">/*
upper limit for TLS connections */</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">tls_max_connections=2048</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#!endif</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#!ifdef
WITH_TLS</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#
----- tls params -----</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">modparam("tls",
"config", "/etc/kamailio/tls.cfg")</span></p>
<p class="p2" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">modparam("tls",
"tls_force_run", 1)</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">#!endif</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">These
are the errors that show up everytime i try to connect with
a client:</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:53:42
aslo-kamailio /usr/sbin/kamailio[5870]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS
accept:error:14094412:SSL routines:ssl3_read_bytes:sslv3
alert bad certificate</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:53:42
aslo-kamailio /usr/sbin/kamailio[5870]: ERROR: <core>
[core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req:
error reading - c: 0x7f7c4e3ddd00 r: 0x7f7c4e3ddd80 (-1)</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:53:43
aslo-kamailio /usr/sbin/kamailio[5874]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS
accept:error:14094412:SSL routines:ssl3_read_bytes:sslv3
alert bad certificate</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:53:43
aslo-kamailio /usr/sbin/kamailio[5874]: ERROR: <core>
[core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req:
error reading - c: 0x7f7c4e3ddd00 r: 0x7f7c4e3ddd80 (-1)</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:53:44
aslo-kamailio /usr/sbin/kamailio[5875]: ERROR: tls
[tls_util.h:42]: tls_err_ret(): TLS
accept:error:14094412:SSL routines:ssl3_read_bytes:sslv3
alert bad certificate</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"><span class="s1">Sep<span
class="Apple-converted-space"> </span>6 16:53:44
aslo-kamailio /usr/sbin/kamailio[5875]: ERROR: <core>
[core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req:
error reading - c: 0x7f7c4e3ddd00 r: 0x7f7c4e3ddd80 (-1)</span></p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;">Any help would be
greatly appreciated.</p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;"> </p>
<p class="p1" style="margin:0;padding:0;font-family: arial;
font-size: 10pt; overflow-wrap: break-word;">Regards.</p>
<!--WM_COMPOSE_SIGNATURE_END--></font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- <a class="moz-txt-link-freetext" href="https://asipto.com/u/kat">https://asipto.com/u/kat</a></pre>
</body>
</html>