Using latest 1.11.5 version (from github) and 1.11.3 It seems to be a problem
using tls connections with mutual auth (require client certificate=1)
Under a bit of load (about 30 AORs) I started to see failed calls and the log
messages:
ERROR:core:tls_print_errstack: TLS errstack: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate (with
tls_verify_client = 1 )
and
ERROR:core:tls_print_errstack: TLS errstack: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate (with tls_verify_client =
0)
The errors seems to be random, the more load I have the more errors I can see.
The process is always the same:
OpenSips receive an invite with certificate validated OK and challenge for a
password. When the UAC send another invite with the response to the challenge
the connection is droped with message like "SSL3_READ_BYTES:sslv3 alert bad
certificate"
I tried changing the poll method, disabling tcp aliases, in tcp sync and async
mode, changing the MTU of the network, changing the proxy certificate, opensips
versions,... nothing seems to work.
The Opensips is compiled under Debian 8.2 and I tested with grandstream phones
and Acrobits cloud softphone, with the same simptoms. Maybe there is a bug int
the TLS stack?
Iĺl try to attach a full debug log to the isssue (scrubbed) You can see the
error in line 206 and the first invite at line 10
---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/670
_______________________________________________
Devel mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel