Did you add the CA certificate to both the client and server as a as a
trusted certificate for peer authentication?
Can you connect to the server on that port using openssl s_client?
Can you run an openssl s_server on the server's port to make sure that
the client is actually connecting?
-Kyle H
On 2/7/06, Pjothi <[EMAIL PROTECTED]> wrote:
> Dear Ambarish Mitra and others,
>
> There is the following error in system call:
>
> ipMessageTransport: sendMessage: creating new socket
> Creating new SSL_CTX
> SSL connect: Error in system call.
> Could not get server certificate
> SipMessageTransport: sendMessage: exception thrown!
> SipMessageTransport: sendMessage: exception thrown!
> SipMessageTransport: sendMessage: exception thrown!
> SipMessageTransport: sendMessage: exception thrown!
> SipMessageTransport: sendMessage: exception thrown!
> SipMessageTransport: sendMessage: exception thrown!
> SipMessageTransport: sendMessage: exception thrown!
>
> --------------------------------------------------------------------------------------------------------
>
> regarding the certificates, using the scripts given in OpenSER, I
> create a CA and with the same CA I created the following for server
> and client
>
> Server:
>
> server-cert
> server-privkey
> server-calist
>
> Client
>
> client-cert
> client-privkey
> client-calist
>
> and loaded the sever certs in the server config file and the client
> certs in the client config file.....
>
> wat am I missing here, why is it not able to get the server certificate ?
>
> Kindly guide me,
>
> thanks and regards,
> Pjothi
>
> On 2/7/06, Ambarish Mitra <[EMAIL PROTECTED]> wrote:
> > Use: SSL_get_error(ssl, err);
> >
> > This will give you more information on SSL_connect failure.
> >
> > err = SSL_connect (ssl);
> > if (err <=0)
> > {
> > int errcode = SSL_get_error(ssl, err);
> > switch(errcode)
> > {
> > case SSL_ERROR_NONE: break; // Cannot happen if err <=0
> > case SSL_ERROR_ZERO_RETURN: fprintf(stderr,"SSL connect returned
> > 0.");break;
> > case SSL_ERROR_WANT_READ: fprintf(stderr,"SSL connect: Read
> > Error.");break;
> > case SSL_ERROR_WANT_WRITE: fprintf(stderr,"SSL connect: Write
> > Error.");break;
> > case SSL_ERROR_WANT_CONNECT: fprintf(stderr,"SSL connect: Error
> > connect."); break;
> > case SSL_ERROR_WANT_ACCEPT: fprintf(stderr,"SSL connect: Error
> > accept."); break;
> > case SSL_ERROR_WANT_X509_LOOKUP: fprintf(stderr,"SSL connect error:
> > X509 lookup."); break;
> > case SSL_ERROR_SYSCALL: fprintf(stderr,"SSL connect: Error in system
> > call."); break;
> > case SSL_ERROR_SSL: fprintf(stderr,"SSL connect: Protocol Error.");
> > break;
> >
> > default: fprintf(stderr,"Failed SSL connect.");
> > }
> > }
> >
> > Let the group know the result - they we can guide better.
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Pjothi
> > Sent: Tuesday, February 07, 2006 3:53 PM
> > To: openssl-users@openssl.org
> > Subject: possible reasons for SSL_connect() failure
> >
> >
> > Dear all,
> >
> > I am trying to connect a tls enabled sip client(minisip: latest svn
> > extracted version) with a tls enabled SIP proxy - OpenSER.(listening
> > on port:5061). Its a simple LAN scenario.
> >
> > Problem:
> >
> > When (minisip) client tries to connect to the server(OpenSER), I get a
> > SSL_connect() failed exception. As I understand only after
> > SSL_connect(), the client ever checks the peer certificate. I cannot
> > understand, what could be the possible reasons for a SSL_connect()
> > failure. The server machine has Openssl installed (openssl 0.9.7g).
> > Since its failing and not refused by the server, I am confident it
> > tries in the correct post 5061 and a TCP socket is also being
> > established.
> >
> > kindly let me know what could be the possible reasons of a SSL_connect
> > failure and suggestions to solve it
> >
> > thanks and regards,
> > Pjothi
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List openssl-users@openssl.org
> > Automated List Manager [EMAIL PROTECTED]
> >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List openssl-users@openssl.org
> > Automated List Manager [EMAIL PROTECTED]
> >
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
