Hi All, I am using opensips 1.7.0 with TLS. * # cd /usr/src/opensips/opensips-1.7.0-tls/ # make # make install*
*# cd /usr/local/etc/opensips/tls/ # vim ca.conf* [ root_ca_distinguished_name ] commonName = sip1.example.com #Your_NAME # please update stateOrProvinceName = California #Your_STATE # please update countryName = US #CO # please update emailAddress = [email protected] #YOUR_EMAIL # please update organizationName = example1 #YOUR_ORG_NAME # please update *# vim user.conf* [ server_distinguished_name ] commonName = sip1.example.com #somename.somewhere.com # please update stateOrProvinceName = California #Some State # please update countryName = US #XY # please update emailAddress = [email protected] #[email protected] # please update organizationName = example1 #My Large Organization Name # please update organizationalUnitName = OpenSIPS #My Subunit of Large Organization # please update Generating rootCA and user certificate.... *# opensipsctl tls rootCA # opensipsctl tls userCERT user * Here, is my opensips.cfg file ... debug=7 fork=yes log_facility=LOG_LOCAL0 log_stderror=no children=4 sip_warning=yes check_via=no dns=no rev_dns=no disable_tls=0 listen=udp:172.18.100.73:5060 listen=tls:172.18.100.73:5061 tls_verify_server=0 tls_verify_client=1 tls_require_client_certificate=1 tls_method=SSLv23 tls_private_key="/usr/local/etc/opensips/tls/user/user-privkey.pem" tls_certificate="/usr/local/etc/opensips/tls/user/user-cert.pem" #tls_ca_list="/usr/local/etc/opensips/tls/user/user-calist.pem" mpath="/usr/local/lib/opensips/modules/" # default db_url to be used by modules requiring DB connection db_default_url="mysql://opensips:opensipsrw@localhost/opensips" Now, when I tried to register client (jitsi) ... it gives following error ... Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: depth = 0 Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: subject = /serialNumber=*ceritifcate details like Office, State etc.* Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: verify error:num=20:unable to get local issuer certificate Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: error code is 20 Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: something wrong with the cert ... error code is 20 (check x509_vfy.h) Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: NOTICE:core:verify_callback: verify return:0 Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: WARNING:core:tls_connect: server certificate verification failed!!! Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: ERROR:core:_tls_read: something wrong in SSL: 1 Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: ERROR:core:tls_print_errstack: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18377]: ERROR:core:tcp_read_req: failed to read Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18378]: ERROR:core:_tls_read: something wrong in SSL: 1 Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18378]: ERROR:core:tls_print_errstack: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18378]: ERROR:core:tcp_read_req: failed to read Feb 23 12:15:58 jaxtrsms /usr/local/sbin/opensips[18382]: ERROR:core:tls_shutdown: something wrong in SSL: Feb 23 12:16:29 jaxtrsms /usr/local/sbin/opensips[18376]: INFO:core:probe_max_sock_buff: using snd buffer of 255 kb Feb 23 12:16:40 jaxtrsms /usr/local/sbin/opensips[18376]: ERROR:core:tcp_blocking_connect: timeout 10 s elapsed from 10 s Feb 23 12:16:40 jaxtrsms /usr/local/sbin/opensips[18376]: ERROR:core:tcpconn_connect: tcp_blocking_connect failed Feb 23 12:16:40 jaxtrsms /usr/local/sbin/opensips[18376]: ERROR:core:tcp_send: connect failed Feb 23 12:16:40 jaxtrsms /usr/local/sbin/opensips[18376]: ERROR:tm:msg_send: tcp_send failed and sometime I get following error ... Feb 23 12:06:57 localhost /usr/local/sbin/opensips[12483]: INFO:core:probe_max_sock_buff: using snd buffer of 512 kb Feb 23 12:06:57 localhost /usr/local/sbin/opensips[12474]: ERROR:core:tls_accept: some error in SSL (ret=-1, err=1, errno=0/Success): Feb 23 12:06:57 localhost /usr/local/sbin/opensips[12474]: ERROR:core:tls_print_errstack: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate Please help me, anything wrong with configure or give guidance to configure opensips 1.7 with tls. -- Regards, Chandrakant Solanki
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
