Date: Mon, 13 Sep 2010 11:40:33 +0200 From: klaus.mailinglists@pernau.at To: betergreen@live.com CC: sr-users@lists.sip-router.org Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate
Am 13.09.2010 11:10, schrieb peter_green lion:
enable_tls=1 tcp_async=no
listen=tls:192.168.1.81:5060
The default is for TLS is port 5061.
modparam("tls", "tls_method", "TLSv1") modparam("tls", "tls_method", "SSLv23")
You can not use TLS and SSL - only on e or the other. SIP is standardized with TLSv1. Thus you should remove SSLv23 unless you explicitely know that the client can not handle TLSv1 (then the client would be buggy)
modparam("tls", "certificate", "ser1_cert.pem") modparam("tls", "private_key", "privkey.pem") modparam("tls", "ca_list", "cacert.pem") modparam("tls", "verify_certificate", 1)
modparam("tls", "require_certificate", 1)
Here is the problem: You have configured Kamailio to require a client certificate. Usually the SIP client does not have a TLS client certificate, thus Kamailio will terminate the TLS connection with handshake error. Set modparam("tls", "require_certificate", 0) and at least it should work with the "openssl s_client" tool.
regards Klaus
hi Klaus and all, i thing this is bug in openssl, becau i have just install kamailio with tls support in ubuntu server which OS have openssl version 0.9.8k, and i have result as:
sip client can register with server via tls support(sometime it work and some time it cannot work, or it can register when i restart kamailio)
if it can register, i can make call but when callee answer, caller change to connect , but callee continue ringring. if callee reject call, caller change to destination busy.
i can recognize what problem, please suggest ? thanks and regards Peter Green.