Hello,

 

In this case the server should not reject clients without certificate. So, the error needs to be something else, maybe you can see on the client side something with a network trace.

 

As a side note, you should consider updating to a supported Kamailio version, the 5.2.x is really old.

 

Cheers,

 

Henning

 

 

From: David Cunningham <dcunningham@voisonics.com>
Sent: Donnerstag, 23. März 2023 09:15
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Cc: Henning Westerholt <hw@gilawa.com>
Subject: Re: [SR-Users] Re: WebRTC "client did not present a certificate" error

 

I grepped the log and we do see "Server MUST present valid certificate" but not "Client MUST present valid certificate".

Would anyone have any further pointers?

Thank you.

 

On Thu, 23 Mar 2023 at 00:40, Alex Balashov <abalashov@evaristesys.com> wrote:

That’s my experience, too, but perhaps there’s something not quite clear about the location of the tls.cfg file, or the applicability of the given profiles, etc.

> On Mar 22, 2023, at 3:59 AM, Henning Westerholt <hw@gilawa.com> wrote:
>
> Hello Alex,
>
> if you set this in a dedicated tls.cfg, its in my experience not necessary to set these parameters additionally in the kamailio.cfg.
>
> Cheers,
>
> Henning
>
> -----Original Message-----
> From: Alex Balashov <abalashov@evaristesys.com>
> Sent: Mittwoch, 22. März 2023 02:27
> To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
> Subject: [SR-Users] Re: WebRTC "client did not present a certificate" error
>
> Try set these, too:
>
> https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.require_certificate
>
> https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.verify_certificate
>
> — Alex
>
>> On Mar 21, 2023, at 7:34 PM, David Cunningham <dcunningham@voisonics.com> wrote:
>>
>> Hello,
>>
>> We have a Kamailio 5.2.7 server with WebRTC enabled. However, a WebRTC client at https://tryit.jssip.net/ is unable to connect on either Chrome or Firefox. In the Kamailio log we see the lines below. In tls.cfg we have "verify_certificate = no" and "require_certificate = no" for both [server:default] and [client:default]. Would anyone be able to help us with this?
>>
>> Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls
>> [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for
>> SSL_CTX-0x14baf1cbb090: (nil) Mar 22 01:25:28 br
>> /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]:
>> sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br
>> /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]:
>> sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br
>> /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]:
>> sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar
>> 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]:
>> sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br
>> /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]:
>> sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br
>> /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]:
>> sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar
>> 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]:
>> sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br
>> /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:424]: tls_accept():
>> TLS accept successful Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG:
>> tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from
>> xx.xx.xx.xx:39816 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 Mar 22
>> 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:434]:
>> tls_accept(): tls_accept: local socket: yy.yy.yy.yy:8443 Mar 22
>> 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:445]:
>> tls_accept(): tls_accept: client did not present a certificate Mar 22
>> 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:1189]:
>> tls_read_f(): Reading on a renegotiation of connection (n:532) (0) Mar
>> 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core>
>> [core/tcp_read.c:1527]: tcp_read_req(): EOF Mar 22 01:25:28 br
>> /sbin/kamailio[25259]: DEBUG: <core> [core/io_wait.h:602]:
>> io_watch_del(): DBG: io_watch_del (0x562ffde66d00, 17, -1, 0x10)
>> fd_no=4 called Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core>
>> [core/tcp_read.c:1680]: release_tcpconn(): releasing con
>> 0x14baf4cc1ec8, state -1, fd=17, id=665 ([xx.xx.xx.xx]:39816 ->
>> [xx.xx.xx.xx]:8443) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG:
>> <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data
>> 0x14baf289ea30 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: <core>
>> [core/tcp_main.c:3320]: handle_tcp_child(): reader response=
>> 14baf4cc1ec8, -1 from 1 Mar 22 01:25:28 br /sbin/kamailio[25291]:
>> DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection
>> 0x14baf289ea30
>>
>> Thanks very much,
>>
>> --
>> David Cunningham, Voisonics Limited
>> http://voisonics.com/
>> USA: +1 213 221 1092
>> New Zealand: +64 (0)28 2558 3782
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions To
>> unsubscribe send an email to sr-users-leave@lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to the sender!
>> Edit mailing list options or unsubscribe:
>
> --
> Alex Balashov
> Principal Consultant
> Evariste Systems LLC
> Web: https://evaristesys.com
> Tel: +1-706-510-6800
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to the sender!
> Edit mailing list options or unsubscribe:

--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:



--

David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782