[OpenSIPS-Users] ERROR:core:tls_accept: New TLS connection from IP failed to accept: rejected by client

Nabeel nabeelshikder at gmail.com
Sun Jul 5 10:04:26 CEST 2015


I believe the correct word would be 'refused' in that case, not 'rejected'
:)

On 5 July 2015 at 08:59, Podrigal, Aron <aronp at guaranteedplus.com> wrote:

> Just a teaser.  The client has rejected to provide a certificate as
> requested by opensips :)
> On Jul 5, 2015 3:37 AM, "Nabeel" <nabeelshikder at gmail.com> wrote:
>
>> This error was resolved by setting 'tls_require_client_certificate = 0'.
>> My SIP client does not send any client certificate, so this option must be
>> disabled.
>>
>> However, it means that the error in the OpenSIPS log is misleading and
>> opposite to what it should say.  It is not true that the connection was "rejected
>> by client" in this case; it is more true that the connection was rejected
>> by OpenSIPS because the client did not provide a client certificate when
>> OpenSIPS was expecting one.
>>
>>
>> On 4 July 2015 at 05:51, Nabeel <nabeelshikder at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I get the following error when attempting to connect my SIP client to
>>> OpenSIPS.  I understand that OpenSIPS has accepted the connection
>>> but then the client rejects the certificate sent by OpenSIPS.  However, the
>>> CA root certificate (from CAcert.org) is included in the client's trust
>>> store, so I do not know why the client is rejecting the certificate.  This
>>> SIP client does accept certificates from CAcert.org when connecting to
>>> another server (not openSIPS).
>>>
>>>
>>> ERROR:core:tls_accept: New TLS connection from 188.29.164.125:18084
>>> failed to accept: rejected by client
>>>
>>>
>>> Just to clarify, the certificate being sent by OpenSIPS is the
>>> 'tls_certificate' value from openSIPs config file, right?
>>>
>>> What other steps can I take to investigate this error?
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150705/d6516e99/attachment.htm>


More information about the Users mailing list