Daniel-Constantin Mierla writes:
As I said, I added the parameter based on the
description of the
feature request, but the manual suggested it might not be enough when
acting as a tls server, see my first comment above.
Probably works when it acts as a client (when opens the connection).
Yes, it does work as client. I have two kamailios A - B using TLS between
them. When A uses ca_path and B uses ca_list, A can connect to B without
errors. But when I change also B to use ca_path, I get errors on both.
On A:
Mar 23 15:32:58 lohi /usr/bin/sip-proxy[18482]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Mar 23 15:32:58 lohi /usr/bin/sip-proxy[18482]: ERROR: tls [tls_util.h:42]: tls_err_ret():
TLS read:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
Mar 23 15:32:58 lohi /usr/bin/sip-proxy[18482]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 192.26.134.10
Mar 23 15:32:58 lohi /usr/bin/sip-proxy[18482]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 192.168.43.160
On B:
Mar 23 15:32:58 buster /usr/bin/sip-proxy[2266]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Mar 23 15:32:58 buster /usr/bin/sip-proxy[2266]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS accept:error:1417C086:SSL
routines:tls_process_client_certificate:certificate verify failed
Mar 23 15:32:58 buster /usr/bin/sip-proxy[2266]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 192.168.43.160
Mar 23 15:32:58 buster /usr/bin/sip-proxy[2266]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 192.26.134.10
-- Juha
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2682#issuecomment-804910135