Hi,
Does the client present a client certificate? If not, then with
modparam("proto_tls","require_cert", "1"), OpenSIPS misleadingly logs:
'failed to accept: rejected by client'. What it actually means is that the
client failed to present a certificate.
On 9 Feb 2016 6:06 am, "Hamid Hashmi" <[email protected]> wrote:
> It will be a great help if you please help me in configuring TLS. I have
> followed this <http://www.opensips.org/Documentation/Tutorials-TLS-2-1>
> to configure TLS but could not able to verify certificates.
>
> its working if disable following flags
>
> modparam("proto_tls","verify_cert", "0")
> modparam("proto_tls","require_cert", "0")
>
> BUT not verifying certificates. Please see logs
> <http://pastebin.com/qmXZjSy2> if enabled
>
> modparam("proto_tls","verify_cert", "1")
> modparam("proto_tls","require_cert", "1")
>
> then have following ERROR
>
> Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29867]:
> [udp:[email protected]:8000]: Receive request OPTIONS from local
> server [192.168.26.181]
> Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]:
> ERROR:proto_tls:tls_accept: New TLS connection from 115.186.93.1:47015 failed
> to accept: rejected by client
> Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]:
> ERROR:proto_tls:tls_read_req: failed to do pre-tls reading
> Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]:
> [tcp:[email protected]:6080]: In LOCAL Route sending OPTIONS to
> 192.168.26.181
> Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]:
> INFO:core:probe_max_sock_buff: using snd buffer of 244 kb
> Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]:
> INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 17
>
> Regards
> *Hamid R. Hashmi*
>
>
> _______________________________________________
> Users mailing list
> [email protected]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
