[SR-Users] help with tls error :sslv3 alert bad certificate
peter_green lion
betergreen at live.com
Mon Sep 13 12:44:42 CEST 2010
> Date: Mon, 13 Sep 2010 11:40:33 +0200
> From: klaus.mailinglists at pernau.at
> To: betergreen at live.com
> CC: sr-users at lists.sip-router.org
> Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate
>
>
>
> Am 13.09.2010 11:10, schrieb peter_green lion:
> > enable_tls=1
> > tcp_async=no
> >
> > listen=tls:192.168.1.81:5060
>
> The default is for TLS is port 5061.
>
> >
> > modparam("tls", "tls_method", "TLSv1")
> > modparam("tls", "tls_method", "SSLv23")
>
> You can not use TLS and SSL - only on e or the other. SIP is
> standardized with TLSv1. Thus you should remove SSLv23 unless you
> explicitely know that the client can not handle TLSv1 (then the client
> would be buggy)
>
> > modparam("tls", "certificate", "ser1_cert.pem")
> > modparam("tls", "private_key", "privkey.pem")
> > modparam("tls", "ca_list", "cacert.pem")
> > modparam("tls", "verify_certificate", 1)
>
>
> > modparam("tls", "require_certificate", 1)
>
> Here is the problem: You have configured Kamailio to require a client
> certificate. Usually the SIP client does not have a TLS client
> certificate, thus Kamailio will terminate the TLS connection with
> handshake error. Set
> modparam("tls", "require_certificate", 0)
> and at least it should work with the "openssl s_client" tool.
>
>
> regards
> Klaus
>
>
hi Klaus and all,
i thing this is bug in openssl, becau i have just install kamailio with tls support in ubuntu server which OS have openssl version 0.9.8k,
and i have result as:
sip client can register with server via tls support(sometime it work and some time it cannot work, or it can register when i restart kamailio)
if it can register, i can make call but when callee answer, caller change to connect , but callee continue ringring.
if callee reject call, caller change to destination busy.
i can recognize what problem, please suggest ?
thanks and regards
Peter Green.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20100913/5d35dc88/attachment.htm>
More information about the sr-users
mailing list