[SR-Users] WSS configuration sample needed

Daniel-Constantin Mierla miconda at gmail.com
Mon May 9 18:07:12 CEST 2016 

Hello,

I haven't used with modparams for long time, can you try with dedicated
tls.cfg config file for tls module and set there require_certificate=no?

It will reveal if there is a problem on handling the modparams for this
feature or something else.

Cheers,
Daniel

On 09/05/16 17:41, Sunil More wrote:
>
> Hello Daniel,
>
> I am not using config file. Those are the only parameters that I am using.
>
> Regards,
> Sunil More
>
> On May 9, 2016 6:03 PM, "Daniel-Constantin Mierla" <miconda at gmail.com
> <mailto:miconda at gmail.com>> wrote:
>
>     Hello,
>
>     do you have config modparam set for tls? Like:
>
>     modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
>
>     Or are those all your parameters for tls module?
>
>     Cheers,
>     Daniel
>
>     On 09/05/16 14:05, Sunil More wrote:
>>     Hello Daniel, 
>>
>>     I am using this ..
>>     loadmodule "tls.so" modparam("tls", "tls_method", "TLSv1")
>>     modparam("tls", "certificate", "/usr/local/kamailio/etc/kamailio/cc_kamailio/my_cert.net.crt")
>>     modparam("tls", "private_key", "/usr/local/kamailio/etc/kamailio/cc_kamailio/my_key.net.key")
>>     modparam("tls", "verify_certificate", 0)
>>     modparam("tls", "require_certificate", 0)
>>
>>     Thanking You,
>>     Sunil More
>>     Ph : 9503338275
>>
>>     On Mon, May 9, 2016 at 5:32 PM, Daniel-Constantin Mierla
>>     <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>>
>>         Hello,
>>
>>         look at your tls.cfg file (or modparams for tls module) and
>>         change the setting for requiring tls certificate for clients.
>>
>>         Cheers,
>>         Daniel
>>
>>
>>         On 09/05/16 13:44, Sunil More wrote:
>>>         Hello All,
>>>
>>>         I am trying to connect Kamailio over WSS and the error I get
>>>         is "tls_accept: client did not present a certificate" . It
>>>         works fine for WS, however Please guide me to connect over WSS.
>>>
>>>         the following are the logs i See..
>>>
>>>         DEBUG: tls [tls_domain.c:703]: sr_ssl_ctx_info_callback():
>>>         SSL handshake started
>>>
>>>         DEBUG: <core> [tcp_main.c:2430]: tcpconn_do_send(): sending...
>>>
>>>         ay  9 11:07:01 P172
>>>         /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
>>>         [tls_domain.c:715]: sr_ssl_ctx_info_callback(): SSL
>>>         handshake done
>>>
>>>         May  9 11:07:01 P172
>>>         /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
>>>         [tls_domain.c:718]: sr_ssl_ctx_info_callback(): SSL disable
>>>         renegotiation
>>>
>>>         May  9 11:07:01 P172
>>>         /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
>>>         [tls_server.c:411]: tls_accept(): TLS accept successful
>>>
>>>         May  9 11:07:01 P172
>>>         /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
>>>         [tls_server.c:418]: tls_accept(): tls_accept: new connection
>>>         from sunilmore.in:49703 <http://sunilmore.in:49703> using
>>>         TLSv1/SSLv3 AES256-SHA 256
>>>
>>>         May  9 11:07:01 P172
>>>         /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
>>>         [tls_server.c:421]: tls_accept(): tls_accept: local
>>>         socket:sunilmore.in:10082 <http://sunilmore.in:10082>
>>>
>>>         May  9 11:07:01 P172
>>>         /usr/local/kamailio/sbin/kamailio[32025]: DEBUG: tls
>>>         [tls_server.c:432]: tls_accept(): tls_accept: client did not
>>>         present a certificate
>>>
>>>         And the websocket closes. Please help.
>>>
>>>
>>>
>>>
>>>         Thanking You,
>>>         Sunil More
>>>         Ph : 9503338275
>>>
>>>
>>>         _______________________________________________
>>>         SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>         sr-users at lists.sip-router.org
>>>         <mailto:sr-users at lists.sip-router.org>
>>>         http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>         -- 
>>         Daniel-Constantin Mierla
>>         http://www.asipto.com
>>         http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - http://www.linkedin.com/in/miconda
>>         Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com
>>
>>
>>         _______________________________________________
>>         SIP Express Router (SER) and Kamailio (OpenSER) - sr-users
>>         mailing list
>>         sr-users at lists.sip-router.org
>>         <mailto:sr-users at lists.sip-router.org>
>>         http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>
>     -- 
>     Daniel-Constantin Mierla
>     http://www.asipto.com
>     http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - http://www.linkedin.com/in/miconda
>     Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com
>

-- 
Daniel-Constantin Mierla
http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160509/5db9a60a/attachment.html>

More information about the sr-users mailing list