Seems like Kamailio is configured to
require a client certificate, but the client doesn't have one.
klaus
Am 15.11.2012 15:04, schrieb Denis:
Thank you, it worked!
I just added listen=tcp:IP:5060 so it probably needs to initialize
tcp separately from tls )
Thanks a lot!
P.S.
now I am having another errors though while connecting to tls port
but I believe it is certificates problems:
$ openssl s_client -connect IP:5061 -tls1 -CAfile
certs/demoCA/cert.pem
...
1727:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure:s3_pkt.c:1102:SSL alert number 40
1727:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:539:
syslog:
/opt/kamailio/sbin/kamailio[1708]: ERROR: tls [tls_server.c:1190]:
TLS accept:error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a
certificate
/opt/kamailio/sbin/kamailio[1708]: ERROR: <core>
[tcp_read.c:1127]: ERROR: tcp_read_req: error reading
Thanks,
Den
On 15/11/12 13:33, Daniel-Constantin
Mierla wrote:
Copy and paste typo, overlapping port use:
listen=tcp:127.0.0.1:5060
Cheers,
Daniel
On 11/15/12 7:54 AM, Denis wrote:
Thanks for looking at that, Daniel.
If I start all together with tls: and tcp: (both lines order)
then I see this:
/opt/kamailio/sbin/kamailio[1008]: ERROR: <core>
[tcp_main.c:2918]: ERROR: tcp_init: bind(9, 0x7f3fa8eb7d64,
16) on IP_ADDRESS:5061 : Address already in use
/opt/kamailio/sbin/kamailio[1008]: ERROR: tls
[tls_init.c:314]: Error while initializing TCP part of TLS
socket IP_ADDRESS:5061
If I start only tcp: I am getting:
/opt/kamailio/sbin/kamailio[1035]: ERROR: tls
[tls_init.c:660]: TLSs<IP_ADDRESS:5061>: No listening
socket found
/opt/kamailio/sbin/kamailio[1035]: ERROR: <core>
[sr_module.c:939]: init_mod(): Error while initializing module
tls (/opt/kamailio/lib64/kamailio/modules/tls.so)
Thanks,
Den
On 15/11/12 12:48,
Daniel-Constantin Mierla wrote:
Reviewing the previous email, I probably spotted the issues.
You said you added:
listen=tls:IP.ADDRESS:5061
that forces Kamailio to listen only on tls. But tls is on
top of tcp, so add:
listen=tcp:127.0.0.1:5061
It was reported couple of days ago, I had no time to look at
it yet, traveling for the moment. Should not crash in any
condition, if tcp is required and no other way for tls only,
the startup process should fail -- I will take care of it
soon.
Cheers,
Daniel
On 11/15/12 7:39 AM, Denis
wrote:
Only during kamailio start:
...
/opt/kamailio/sbin/kamailio[752]: INFO: rtpproxy
[rtpproxy.c:1413]: rtp proxy <udp:127.0.0.1:7722>
found, support for it enabled
/opt/kamailio/sbin/kamailio[759]: INFO: ctl
[io_listener.c:225]: io_listen_loop: using epoll_lt io
watch method (config)
as soon as I send a request on port 5061 it crashes..
user@server:~$ telnet HOSTNAME 5061
Trying HOSTNAME...
Connected to HOSTNAME.
Escape character is '^]'.
fsf
Connection closed by foreign host.
and it crashes.
On 15/11/12 12:22,
Daniel-Constantin Mierla wrote:
Hello,
On 11/15/12 4:52 AM, Denis
wrote:
[...]
/opt/kamailio/sbin/kamailio[30278]: ALERT:
<core> [main.c:785]: child process 30293 exited
by a signal 11
Before this line, do you have any other error messages
printed by pid 30278?
Cheers,
Daniel
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users