[SR-Users] TLS Certificate Verification Issue
Kamal Palei
palei.kamal at gmail.com
Mon Oct 22 13:53:34 CEST 2012
Dear All
I have modified kamailio,cfg and compiled all the modules with TLS enabled,
and able to bring up the kamailio proxy properly.
Kamailio proxy will receive the REGISTER message from endpoints in UDP ,
and want to send this REGISTER message to another intermediate proxy in
TLS. For this purpose, I have added few lines in kamailio.cfg file as below.
I have created the certificates, private keys as explained by README file
in kamailio-3.1.5/modules/tls/ path.
if(is_method("REGISTER"))
{
t_relay_to("tls:115.114.48.75:443");
exit();
}
Looks like this is taking effect. When Kamailio receives REGISTER message
it is trying to do handshake with intermediate proxy.
I used wireshark to see the handshake messages.
1. From Kamailio proxy, a TCP SYNC message is going to intermediate proxy.
2. intermediate proxy sends SYNC + ACK
3. Kamailio sends CLIENT HELLO
4. intermediate proxy sends SERVER HELLO, CERTIFICATE and SERVER HELLO DONE
5. The Kamailio sends ALERT (Level: Fatal, Description: Unknown CA) --->
IS something going wrong here..............
6. Then Kamailio sends FIN + ACK
Can somebody please let me know why the certificate verification fails (I
get this log in console).
How can I put a work around to avoid certification verification failure.
Best Regards
kamal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20121022/eb68a5b1/attachment.htm>
More information about the sr-users
mailing list