On Thu, Feb 6, 2014 at 3:26 AM, jaflong jaflong jaflong@yandex.com wrote:
This is my tls.cfg for server
[server:default] method = TLSv1 verify_certificate = no require_certificate = no private_key = /etc/asterisk/certs/proxy.key certificate = /etc/asterisk/certs/proxy.crt
As far as I understand (verify_certificate = no), and (require_certificate = no) should allow a client connecting without certicates.
Can anyone understand what this debug indicates
What is causes this error tls_read_f(): TLS read:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
http://lists.sip-router.org/pipermail/sr-users/2010-September/065259.html
The client is rejecting the certificate. In your client, you need to either import the CA or server certificate, or turn of certificate verification. I ran into this error just yesterday and can attest to the solution, which in my case was that I used the wrong certificate in Kamailio.
Corey