Hi Nir, the last command does create (if not present) or adds to (if already present) the current CA to the CA list file.
Also, have you properly set the TLS related parameters in the config file? Regards, Bogdan nir elkayam wrote: > hi, > > i follow the script on : > http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html > > mainly, generated root certificate with: > opensipsctl tls rootCA > and then generate user (i.e. sip server) certificate with: > opensipsctl tls userCERT user > > about the file ca_list, the wiki say: > > To add more CAs to your list, just do: > > * > > cat add_cacert.pem >> calist.pem > > but not sure about that, doesn't the last command should have updated > the ca list? i see that the file isn't empty.. > > nir > > > > On Fri, Jan 15, 2010 at 6:35 PM, Bogdan-Andrei Iancu > <[email protected] <mailto:[email protected]>> wrote: > > Hi Nir, > > I see you manage to start opensips with TLS - what was your error? > > for _tls_read -> that is very funny: SSL_read return err 5 > (SSL_ERROR_SYSCALL) which means to look at error stack/return > value/errno for the real error (the error was geerated somewhere > deep in > the SSL underlayers), but the errno is Success and stack is empty > :P..... Looks like a ghost error... > > for tls_accept -> the error is in the stack, and after googling a > bit -> > "obviously the CA that signed your clients is not known to the server. > Take a look at" > > http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6 > http://www.modssl.org/docs/2.8/ssl_reference.html#ToC14 > > > Regards, > Bogdan > > nir elkayam wrote: > > hi, > > > > i am using opensips/TLS, > > > > i get the following error > > Jan 14 22:53:54 [19740] ERROR:core:_tls_read: SYSCALL error -> (0) > > <Success> > > Jan 14 22:53:54 [19740] ERROR:core:_tls_read: something wrong in > SSL: 5 > > Jan 14 22:53:54 [19740] ERROR:core:tcp_read_req: failed to read > > Jan 14 22:54:46 [19740] ERROR:core:tls_accept: some error in SSL > > (ret=0, err=1, errno=0/Success): > > Jan 14 22:54:46 [19740] ERROR:core:tls_print_errstack: > > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > > > > any hinst about these? > > actually the client works but error in encryption process is not > good, > > i think > > > > thanks > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Users mailing list > > [email protected] <mailto:[email protected]> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > -- > Bogdan-Andrei Iancu > www.voice-system.ro <http://www.voice-system.ro> > > > _______________________________________________ > Users mailing list > [email protected] <mailto:[email protected]> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > -- > ניר אלקיים > טל: 050-3930056 > [email protected] <mailto:[email protected]> > > ------------------------------------------------------------------------ > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- Bogdan-Andrei Iancu www.voice-system.ro _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
