[SR-Users] TLS enable false.

Thanh Truong thanhtruong217 at gmail.com
Thu Dec 18 17:35:03 CET 2014 

Hi Rob Moore,

Yes, I have intended to use TLS in client side to verify with server side.

I have tried to create cert files as :
Quick Certificate Howto
in http://kamailio.org/docs/modules/stable/modules/tls.html#tls.debugging

Then, I tried to use Blink phone to user crt file, But I see that I cant
add any pem file to this.

Can you suggest ?

Thank all,
ThanhTruong

Thanks,
ThanhTruong.


On Thu, Dec 18, 2014 at 11:28 PM, Rob Moore <Rob.Moore at aeriandi.com> wrote:
>
>  Hi Thanh,
>
>
>
> Are you intending to use Client certificates in your setup?
>
>
>
> If not, the  error “SSL3_GET_CLIENT_CERTIFICATE “ would lead me to
> believe that your problem is modparam("tls", "require_certificate", 1) which
> when enabled kamailio will require a certificate from the client.
>
> I’m not an expert with TLS, but this may help depending on what type of
> TLS setup you are trying to achieve.
>
>
>
> *From:* sr-users [mailto:sr-users-bounces at lists.sip-router.org] *On
> Behalf Of *Thanh Truong
> *Sent:* 18 December 2014 15:28
> *To:* kamailio
> *Subject:* [SR-Users] TLS enable false.
>
>
>
> Hi all,
>
>
>
> I have tried several configure TLS in kamailio but no luck.
>
>
>
> Please give me some suggestion that I can make it work correctly.
>
>
>
> This is my configure in TLS module.
>
>
>
> modparam("tls", "tls_method", "SSLv23")
>
> modparam("tls", "private_key", "/usr/local/etc/kamailio/ca/privkey.pem")
>
> modparam("tls", "certificate",
> "/usr/local/etc/kamailio/ca/kamailio1_cert.pem")
>
> modparam("tls", "ca_list", "/usr/local/etc/kamailio/ca/calist.pem")
>
> modparam("tls", "verify_certificate", 1)
>
> modparam("tls", "require_certificate", 1)
>
>
>
> I am only getting issue with verify_certifiate = 1, it i let it to 0, my
> client can register correctly.
>
>
>
> When I set this flag, i got message from server as:
>
>
>
> Dec 18 10:26:31 17237 /usr/local/sbin/kamailio[12655]: ERROR: <core>
> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
>
> Dec 18 10:26:46 17237 /usr/local/sbin/kamailio[12656]: ERROR: tls
> [tls_server.c:1193]: tls_read_f(): TLS accept:error:140890C7:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
>
> Dec 18 10:26:46 17237 /usr/local/sbin/kamailio[12656]: ERROR: <core>
> [tcp_read.c:1279]: tcp_read_req(): ERROR: tcp_read_req: error reading
>
>
>
> I Cant add any pem file into client, i have used Blink phone but no luck.
>
> Thank all in advance.
>
>
>
> ThanhTruong.
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20141218/ed25654c/attachment.html>

More information about the sr-users mailing list