Now I am facing following ERROR. What can be the reason ? Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: depth = 2 Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: preverify is good: verify return: 1 Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: depth = 1 Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: preverify is good: verify return: 1 Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: depth = 0 Feb 16 13:11:43 ec2-siplb SIPLB[30844]: NOTICE:proto_tls:verify_callback: preverify is good: verify return: 1 Feb 16 13:11:43 ec2-siplb SIPLB[30844]: INFO:proto_tls:tls_accept: New TLS connection from 103.255.5.39:64219 accepted Feb 16 13:11:43 ec2-siplb SIPLB[30844]: INFO:proto_tls:tls_dump_cert_info: tls_accept: client TLS certificate subject: ******* Feb 16 13:11:43 ec2-siplb SIPLB[30844]: INFO:proto_tls:tls_dump_cert_info: tls_accept: local TLS server certificate subject: ******* Feb 16 13:11:43 ec2-siplb SIPLB[30844]: ERROR:proto_tls:tcp_handle_req: Made 4 read attempts but message is not complete yet - closing connection Hamid R. HashmiSoftware Engineer - VoIPVopium A/S
Date: Fri, 12 Feb 2016 08:03:44 +0000 Subject: Re: [OpenSIPS-Users] How to TLS ? From: [email protected] To: [email protected]; [email protected] Hi, That option is only required if you want to enable "Mutual (two-way) client authentication' and is not normally necessary when using TLS. Most of these clients don't seem to support two way authentication. You can have this option disabled: modparam("proto_tls","require_cert", "0"). 477 error in my experience is usually a temporary connection error related to TLS, but not directly related to configuration. Nabeel On 12 Feb 2016 6:45 am, "Hamid Hashmi" <[email protected]> wrote: Nabeel I dont know how to present a certificate from client. I have tried using Xoiper (Android - Free), SFLphone (Ubuntu) and CsipSimple (Android) but there was no options set a public key. Now I am using CA signed certificates in opensips with disabled flags of verify_cert and require_cert, having an error of 477 Send failed (477/TM). Hamid R. HashmiSoftware Engineer - VoIPVopium A/S Date: Tue, 9 Feb 2016 08:48:41 +0000 From: [email protected] To: [email protected] Subject: Re: [OpenSIPS-Users] How to TLS ? Hi, Does the client present a client certificate? If not, then with modparam("proto_tls","require_cert", "1"), OpenSIPS misleadingly logs: 'failed to accept: rejected by client'. What it actually means is that the client failed to present a certificate. On 9 Feb 2016 6:06 am, "Hamid Hashmi" <[email protected]> wrote: It will be a great help if you please help me in configuring TLS. I have followed this to configure TLS but could not able to verify certificates. its working if disable following flags modparam("proto_tls","verify_cert", "0")modparam("proto_tls","require_cert", "0") BUT not verifying certificates. Please see logs if enabled modparam("proto_tls","verify_cert", "1")modparam("proto_tls","require_cert", "1") then have following ERROR Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29867]: [udp:[email protected]:8000]: Receive request OPTIONS from local server [192.168.26.181] Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]: ERROR:proto_tls:tls_accept: New TLS connection from 115.186.93.1:47015 failed to accept: rejected by client Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]: ERROR:proto_tls:tls_read_req: failed to do pre-tls reading Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: [tcp:[email protected]:6080]: In LOCAL Route sending OPTIONS to 192.168.26.181 Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: INFO:core:probe_max_sock_buff: using snd buffer of 244 kb Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 17 Regards Hamid R. Hashmi _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
