[OpenSIPS-Users] TLS errors

Bogdan-Andrei Iancu bogdan at voice-system.ro
Mon Jan 18 14:41:06 CET 2010 

Hi Nir,

the last command does create (if not present) or adds to (if already 
present) the current CA to the CA list file.

Also, have you properly set the TLS related parameters in the config file?

Regards,
Bogdan

nir elkayam wrote:
> hi,
>
> i follow the script on :
> http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html
>
> mainly, generated root certificate with:
> opensipsctl tls rootCA
> and then generate user (i.e. sip server) certificate with:
> opensipsctl tls userCERT user
>
> about the file ca_list, the wiki say:
>
> To add more CAs to your list, just do:
>
>    *
>
>       cat add_cacert.pem >> calist.pem
>
> but not sure about that, doesn't the last command should have updated 
> the ca list? i see that the file isn't empty..
>
> nir
>
>
>
> On Fri, Jan 15, 2010 at 6:35 PM, Bogdan-Andrei Iancu 
> <bogdan at voice-system.ro <mailto:bogdan at voice-system.ro>> wrote:
>
>     Hi Nir,
>
>     I see you manage to start opensips with TLS - what was your error?
>
>     for _tls_read -> that is very funny: SSL_read return err 5
>     (SSL_ERROR_SYSCALL) which means to look at error stack/return
>     value/errno for the real error (the error was geerated somewhere
>     deep in
>     the SSL underlayers), but the errno is Success and stack is empty
>     :P..... Looks like a ghost error...
>
>     for tls_accept -> the error is in the stack, and after googling a
>     bit ->
>     "obviously the CA that signed your clients is not known to the server.
>     Take a look at"
>
>     http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6
>     http://www.modssl.org/docs/2.8/ssl_reference.html#ToC14
>
>
>     Regards,
>     Bogdan
>
>     nir elkayam wrote:
>     > hi,
>     >
>     > i am using opensips/TLS,
>     >
>     > i get the following error
>     > Jan 14 22:53:54 [19740] ERROR:core:_tls_read: SYSCALL error -> (0)
>     > <Success>
>     > Jan 14 22:53:54 [19740] ERROR:core:_tls_read: something wrong in
>     SSL: 5
>     > Jan 14 22:53:54 [19740] ERROR:core:tcp_read_req: failed to read
>     > Jan 14 22:54:46 [19740] ERROR:core:tls_accept: some error in SSL
>     > (ret=0, err=1, errno=0/Success):
>     > Jan 14 22:54:46 [19740] ERROR:core:tls_print_errstack:
>     > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>     >
>     > any hinst about these?
>     > actually the client works but error in encryption process is not
>     good,
>     > i think
>     >
>     > thanks
>     >
>     ------------------------------------------------------------------------
>     >
>     > _______________________________________________
>     > Users mailing list
>     > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>     > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>     >
>
>
>     --
>     Bogdan-Andrei Iancu
>     www.voice-system.ro <http://www.voice-system.ro>
>
>
>     _______________________________________________
>     Users mailing list
>     Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
> -- 
> ניר אלקיים
> טל: 050-3930056
> nir.elkayam at gmail.com <mailto:nir.elkayam at gmail.com>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>   


-- 
Bogdan-Andrei Iancu
www.voice-system.ro

More information about the Users mailing list