[OpenSIPS-Users] TLS errors

nir elkayam nir.elkayam at gmail.com
Fri Jan 15 18:13:39 CET 2010 

hi,

i follow the script on :
http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html

mainly, generated root certificate with:
opensipsctl tls rootCA
and then generate user (i.e. sip server) certificate with:
 opensipsctl tls userCERT user

about the file ca_list, the wiki say:

To add more CAs to your list, just do:

   -

   cat add_cacert.pem >> calist.pem

but not sure about that, doesn't the last command  should have updated the
ca list? i see that the file isn't empty..

nir



On Fri, Jan 15, 2010 at 6:35 PM, Bogdan-Andrei Iancu <bogdan at voice-system.ro
> wrote:

> Hi Nir,
>
> I see you manage to start opensips with TLS - what was your error?
>
> for _tls_read -> that is very funny: SSL_read return err 5
> (SSL_ERROR_SYSCALL) which means to look at error stack/return
> value/errno for the real error (the error was geerated somewhere deep in
> the SSL underlayers), but the errno is Success and stack is empty
> :P..... Looks like a ghost error...
>
> for tls_accept -> the error is in the stack, and after googling a bit ->
> "obviously the CA that signed your clients is not known to the server.
> Take a look at"
>
>        http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6
>        http://www.modssl.org/docs/2.8/ssl_reference.html#ToC14
>
>
> Regards,
> Bogdan
>
> nir elkayam wrote:
> > hi,
> >
> > i am using opensips/TLS,
> >
> > i get the following error
> > Jan 14 22:53:54 [19740] ERROR:core:_tls_read: SYSCALL error -> (0)
> > <Success>
> > Jan 14 22:53:54 [19740] ERROR:core:_tls_read: something wrong in SSL: 5
> > Jan 14 22:53:54 [19740] ERROR:core:tcp_read_req: failed to read
> > Jan 14 22:54:46 [19740] ERROR:core:tls_accept: some error in SSL
> > (ret=0, err=1, errno=0/Success):
> > Jan 14 22:54:46 [19740] ERROR:core:tls_print_errstack:
> > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> >
> > any hinst about these?
> > actually the client works but error in encryption process is not good,
> > i think
> >
> > thanks
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
>
>
> --
> Bogdan-Andrei Iancu
> www.voice-system.ro
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>



-- 
ניר אלקיים
טל: 050-3930056
nir.elkayam at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20100115/fa9f5ec8/attachment.htm

More information about the Users mailing list