Try set these, too: https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.require_certificate
https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.verify_certificate — Alex > On Mar 21, 2023, at 7:34 PM, David Cunningham <[email protected]> > wrote: > > Hello, > > We have a Kamailio 5.2.7 server with WebRTC enabled. However, a WebRTC client > at https://tryit.jssip.net/ is unable to connect on either Chrome or Firefox. > In the Kamailio log we see the lines below. In tls.cfg we have > "verify_certificate = no" and "require_certificate = no" for both > [server:default] and [client:default]. Would anyone be able to help us with > this? > > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:1159]: > tls_lookup_private_key(): Private key lookup for SSL_CTX-0x14baf1cbb090: (nil) > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: > sr_ssl_ctx_info_callback(): SSL handshake done > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: > sr_ssl_ctx_info_callback(): SSL handshake started > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: > sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: > sr_ssl_ctx_info_callback(): SSL handshake done > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: > sr_ssl_ctx_info_callback(): SSL handshake started > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: > sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: > sr_ssl_ctx_info_callback(): SSL handshake done > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:424]: > tls_accept(): TLS accept successful > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:431]: > tls_accept(): tls_accept: new connection from xx.xx.xx.xx:39816 using TLSv1.3 > TLS_AES_256_GCM_SHA384 256 > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:434]: > tls_accept(): tls_accept: local socket: yy.yy.yy.yy:8443 > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:445]: > tls_accept(): tls_accept: client did not present a certificate > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:1189]: > tls_read_f(): Reading on a renegotiation of connection (n:532) (0) > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> > [core/tcp_read.c:1527]: tcp_read_req(): EOF > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/io_wait.h:602]: > io_watch_del(): DBG: io_watch_del (0x562ffde66d00, 17, -1, 0x10) fd_no=4 > called > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> > [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x14baf4cc1ec8, > state -1, fd=17, id=665 ([xx.xx.xx.xx]:39816 -> [xx.xx.xx.xx]:8443) > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> > [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x14baf289ea30 > Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: <core> > [core/tcp_main.c:3320]: handle_tcp_child(): reader response= 14baf4cc1ec8, -1 > from 1 > Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: tls [tls_server.c:683]: > tls_h_close(): Closing SSL connection 0x14baf289ea30 > > Thanks very much, > > -- > David Cunningham, Voisonics Limited > http://voisonics.com/ > USA: +1 213 221 1092 > New Zealand: +64 (0)28 2558 3782 > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to [email protected] > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: -- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com Tel: +1-706-510-6800 __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
