> Date: Mon, 13 Sep 2010 11:40:33 +0200
> From: klaus.mailinglists@pernau.at
> To: betergreen@live.com
> CC: sr-users@lists.sip-router.org
> Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate
>
>
>
> Am 13.09.2010 11:10, schrieb peter_green lion:
> > enable_tls=1
> > tcp_async=no
> >
> > listen=tls:192.168.1.81:5060
>
> The default is for TLS is port 5061.
>
> >
> > modparam("tls", "tls_method", "TLSv1")
> > modparam("tls", "tls_method", "SSLv23")
>
> You can not use TLS and SSL - only on e or the other. SIP is
> standardized with TLSv1. Thus you should remove SSLv23 unless you
> explicitely know that the client can not handle TLSv1 (then the client
> would be buggy)
>
> > modparam("tls", "certificate", "ser1_cert.pem")
> > modparam("tls", "private_key", "privkey.pem")
> > modparam("tls", "ca_list", "cacert.pem")
> > modparam("tls", "verify_certificate", 1)
>
>
> > modparam("tls", "require_certificate", 1)
>
> Here is the problem: You have configured Kamailio to require a client
> certificate. Usually the SIP client does not have a TLS client
> certificate, thus Kamailio will terminate the TLS connection with
> handshake error. Set
> modparam("tls", "require_certificate", 0)
> and at least it should work with the "openssl s_client" tool.
>
>
> regards
> Klaus
>
>

hi Klaus and all,
i thing this is bug in openssl, becau i have just install kamailio with tls support in ubuntu server which OS have openssl version 0.9.8k,
and i have result as:

sip client can register with server via tls support(sometime it work and some time it cannot work, or it can register when i restart kamailio)

if it can register, i can make call but when callee answer, caller change to connect , but callee continue ringring.
if callee reject call, caller change to destination busy.

i can recognize what problem, please suggest ?
thanks and regards
Peter Green.