[sr-dev] [kamailio/kamailio] add ca_path param to tls module (#2682)
juha-h
notifications at github.com
Tue Mar 23 14:38:55 CET 2021
Daniel-Constantin Mierla writes:
> As I said, I added the parameter based on the description of the
> feature request, but the manual suggested it might not be enough when
> acting as a tls server, see my first comment above.
>
> Probably works when it acts as a client (when opens the connection).
Yes, it does work as client. I have two kamailios A - B using TLS between
them. When A uses ca_path and B uses ca_list, A can connect to B without
errors. But when I change also B to use ca_path, I get errors on both.
On A:
Mar 23 15:32:58 lohi /usr/bin/sip-proxy[18482]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
Mar 23 15:32:58 lohi /usr/bin/sip-proxy[18482]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS read:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
Mar 23 15:32:58 lohi /usr/bin/sip-proxy[18482]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 192.26.134.10
Mar 23 15:32:58 lohi /usr/bin/sip-proxy[18482]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 192.168.43.160
On B:
Mar 23 15:32:58 buster /usr/bin/sip-proxy[2266]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error
Mar 23 15:32:58 buster /usr/bin/sip-proxy[2266]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
Mar 23 15:32:58 buster /usr/bin/sip-proxy[2266]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 192.168.43.160
Mar 23 15:32:58 buster /usr/bin/sip-proxy[2266]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 192.26.134.10
-- Juha
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2682#issuecomment-804910135
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210323/6875e08b/attachment.htm>
More information about the sr-dev
mailing list