Hi,
First of all, carefully read the logs you get as they provide *a lot* of
useful hints.
The key log is "SSL3_GET_CLIENT_CERTIFICATE:no certificate returned" -
that means the other party did not presented a SSL ceritificate, while
your TLS setup for that domain do require one (see the
require_certificate option).
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
OpenSIPS Summit 2018
http://www.opensips.org/events/Summit-2018Amsterdam
On 05/14/2018 11:45 PM, Govindaraj, Rajesh wrote:
Hi folks,
Please provide any pointers if you might have.
Thanks,
*From:* Govindaraj, Rajesh
*Sent:* Friday, May 11, 2018 5:37 PM
*To:* [email protected]
*Subject:* Opensips error
Hi,
In a production environment, the below error is seen. The TLS
handshake is fine and messages are being exchanged as seen from pcap
and when one of the TCP message is read,
2018-05-11T11:24:05.000-04:00 [local2] [err]
ffd-alpha-zone1-ccm1.ipc.com /usr/sbin/opensipsInternal[10325]:
ERROR:core:_tls_read: TLS connection to 10.204.34.62:52094 read failed
2018-05-11T11:24:05.000-04:00 [local2] [err]
ffd-alpha-zone1-ccm1.ipc.com /usr/sbin/opensipsInternal[10325]:
ERROR:core:_tls_read: TLS read error: 1
2018-05-11T11:24:05.000-04:00 [local2] [err]
ffd-alpha-zone1-ccm1.ipc.com /usr/sbin/opensipsInternal[10325]:
ERROR:core:tls_print_errstack: TLS errstack: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
This error is seen. TLS read error: 1 indicates SSL_ERROR_SSL.
Checking the pcap for success and failure case, they are no
abnormalities. It fails for only one user randomly. Today in our test
it failed twice with the same error when reading a TLS packet. TLS
session establishment is fine. Any pointers would really help.
Thanks,
*Rajeshkumar Govindaraj*
Software Engineer
777 Commerce Drive,
Fairfield, CT-06825
*T*+1 201 253 7803 |*M* +1 475 439 9918 |*E* [email protected]
<mailto:[email protected]>
Follow us on twitter: @ipc_Systems_Inc www.ipc.com <http://www.ipc.com/>
cid:[email protected]
DISCLAIMER: This e-mail may contain information that is confidential,
privileged or otherwise protected from disclosure. If you are not an
intended recipient of this e-mail, do not duplicate or redistribute it
by any means. Please delete it and any attachments and notify the
sender that you have received it in error. Unintended recipients are
prohibited from taking action on the basis of information in this
e-mail. E-mail messages may contain computer viruses or other defects,
may not be accurately replicated on other systems, or may be
intercepted, deleted or interfered with without the knowledge of the
sender or the intended recipient. If you are not comfortable with the
risks associated with e-mail messages, you may decide not to use
e-mail to communicate with IPC. IPC reserves the right, to the extent
and under circumstances permitted by applicable law, to retain,
monitor and intercept e-mail messages to and from its systems.
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
