Hello,
please format your e-mail only with black – its really hard to read (it might be related to my client, though).
Have you already checked the file system access rights to the certs if kamailio can actually read them?
Cheers,
Henning
From: sr-users <sr-users-bounces@lists.kamailio.org>
On Behalf Of ThanhTruong
Sent: Thursday, July 15, 2021 5:09 AM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] please help to configure tls in kamailio for webrtc client like simpl5
Hello Fred and all,
I tried some changes, and result bellow.
with :
[server:default]
method = SSLv23
verify_certificate =
no
require_certificate =
no
private_key = /etc/certs/webrtc.killermobile.mobi/key.pem
certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:default]
verify_certificate =
yes
require_certificate =
yes
~
error log:
Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3
alert certificate unknown
Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194
Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170
With settings:
[server:default]
method = SSLv23
verify_certificate =
no
require_certificate =
no
private_key = /etc/certs/webrtc.killermobile.mobi/key.pem
certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:default]
verify_certificate = no
require_certificate = no
~
and error log:
Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3
alert certificate unknown
Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194
Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170
Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7fd64ee4bfc0 r: 0x7fd64ee4c0e8 (-1)
and tried:
[server:default]
method = SSLv23
verify_certificate =
yes
require_certificate =
yes
private_key = /etc/certs/webrtc.killermobile.mobi/key.pem
certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:default]
verify_certificate =
no
require_certificate =
no
and error log:
Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3
alert certificate unknown
Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194
Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170
Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f222a018fc0 r: 0x7f222a0190e8 (-1)
Then, i try with TLSv1+
[server:default]
method = TLSv1+
verify_certificate =
yes
require_certificate =
yes
private_key = /etc/certs/webrtc.killermobile.mobi/key.pem
certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:default]
verify_certificate =
no
require_certificate =
no
and log is:
Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3
alert certificate unknown
Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194
Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170
Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f9fd21cefc0 r: 0x7f9fd21cf0e8 (-1)
I am sorry to border you and all, but i dont know how to get it works, please suggest.
thank you so much.