[SR-Users] TLS enable false.

[Rob Moore]

Hi Thanh,

Are you intending to use Client certificates in your setup?

If not, the  error “SSL3_GET_CLIENT_CERTIFICATE “ would lead me to believe that your problem is modparam("tls", "require_certificate", 1) which when enabled kamailio will require a certificate from the client.
I’m not an expert with TLS, but this may help depending on what type of TLS setup you are trying to achieve.

From: sr-users [mailto:sr-users-bounces at lists.sip-router.org] On Behalf Of Thanh Truong
Sent: 18 December 2014 15:28
To: kamailio
Subject: [SR-Users] TLS enable false.

Hi all,

I have tried several configure TLS in kamailio but no luck.

Please give me some suggestion that I can make it work correctly.

This is my configure in TLS module.

modparam("tls", "tls_method", "SSLv23")
modparam("tls", "private_key", "/usr/local/etc/kamailio/ca/privkey.pem")
modparam("tls", "certificate", "/usr/local/etc/kamailio/ca/kamailio1_cert.pem")
modparam("tls", "ca_list", "/usr/local/etc/kamailio/ca/calist.pem")
modparam("tls", "verify_certificate", 1)
modparam("tls", "require_certificate", 1)

I am only getting issue with verify_certifiate = 1, it i let it to 0, my client can register correctly.

When I set this flag, i got message from server as:

Dec 18 10:26:31 17237 /usr/local/sbin/kamailio[12655]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
Dec 18 10:26:46 17237 /usr/local/sbin/kamailio[12656]: ERROR: tls [tls_server.c:1193]: tls_read_f(): TLS accept:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Dec 18 10:26:46 17237 /usr/local/sbin/kamailio[12656]: ERROR: <core> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading

I Cant add any pem file into client, i have used Blink phone but no luck.
Thank all in advance.

ThanhTruong.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20141218/b7ecbb8d/attachment.html>