This error was resolved by setting 'tls_require_client_certificate = 0'. My SIP client does not send any client certificate, so this option must be disabled.
However, it means that the error in the OpenSIPS log is misleading and opposite to what it should say. It is not true that the connection was "rejected by client" in this case; it is more true that the connection was rejected by OpenSIPS because the client did not provide a client certificate when OpenSIPS was expecting one. On 4 July 2015 at 05:51, Nabeel <[email protected]> wrote: > Hi, > > I get the following error when attempting to connect my SIP client to > OpenSIPS. I understand that OpenSIPS has accepted the connection > but then the client rejects the certificate sent by OpenSIPS. However, the > CA root certificate (from CAcert.org) is included in the client's trust > store, so I do not know why the client is rejecting the certificate. This > SIP client does accept certificates from CAcert.org when connecting to > another server (not openSIPS). > > > ERROR:core:tls_accept: New TLS connection from 188.29.164.125:18084 > failed to accept: rejected by client > > > Just to clarify, the certificate being sent by OpenSIPS is the > 'tls_certificate' value from openSIPs config file, right? > > What other steps can I take to investigate this error? >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
