Hello, please format your e-mail only with black - its really hard to read (it might be related to my client, though).
Have you already checked the file system access rights to the certs if kamailio can actually read them? Cheers, Henning -- Henning Westerholt - https://skalatan.de/blog/ Kamailio services - https://gilawa.com<https://gilawa.com/> From: sr-users <[email protected]> On Behalf Of ThanhTruong Sent: Thursday, July 15, 2021 5:09 AM To: Kamailio (SER) - Users Mailing List <[email protected]> Subject: Re: [SR-Users] please help to configure tls in kamailio for webrtc client like simpl5 Hello Fred and all, I tried some changes, and result bellow. with : [server:default] method = SSLv23 verify_certificate = no require_certificate = no private_key = /etc/certs/webrtc.killermobile.mobi/key.pem certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem ca_list = /etc/certs/demoCA/cert.pem [client:default] verify_certificate = yes require_certificate = yes ~ error log: Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170 With settings: [server:default] method = SSLv23 verify_certificate = no require_certificate = no private_key = /etc/certs/webrtc.killermobile.mobi/key.pem certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem ca_list = /etc/certs/demoCA/cert.pem [client:default] verify_certificate = no require_certificate = no ~ and error log: Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170 Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fd64ee4bfc0 r: 0x7fd64ee4c0e8 (-1) and tried: [server:default] method = SSLv23 verify_certificate = yes require_certificate = yes private_key = /etc/certs/webrtc.killermobile.mobi/key.pem certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem ca_list = /etc/certs/demoCA/cert.pem [client:default] verify_certificate = no require_certificate = no and error log: Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170 Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f222a018fc0 r: 0x7f222a0190e8 (-1) Then, i try with TLSv1+ [server:default] method = TLSv1+ verify_certificate = yes require_certificate = yes private_key = /etc/certs/webrtc.killermobile.mobi/key.pem certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem ca_list = /etc/certs/demoCA/cert.pem [client:default] verify_certificate = no require_certificate = no and log is: Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170 Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f9fd21cefc0 r: 0x7f9fd21cf0e8 (-1) I am sorry to border you and all, but i dont know how to get it works, please suggest. thank you so much. On Jul 15, 2021, at 01:10, Fred Posner <[email protected]<mailto:[email protected]>> wrote: On 7/14/21 2:04 PM, ThanhTruong wrote: verify_certificate =yes require_certificate =yes Change both of those to no in your case. -- Fred Posner -- www.palner.com<http://www.palner.com> Matrix: @fred:matrix.lod.com<http://matrix.lod.com> __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected]<mailto:[email protected]> Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
