[OpenSIPS-Users] How to TLS ?

Nabeel nabeelshikder at gmail.com
Tue Feb 9 09:48:41 CET 2016 

Hi,

Does the client present a client certificate? If not, then with
modparam("proto_tls","require_cert", "1"), OpenSIPS misleadingly logs:
'failed to accept: rejected by client'.  What it actually means is that the
client failed to present a certificate.
On 9 Feb 2016 6:06 am, "Hamid Hashmi" <hamid2kviii at hotmail.com> wrote:

> It will be a great help if you please help me in configuring TLS. I have
> followed this <http://www.opensips.org/Documentation/Tutorials-TLS-2-1>
> to configure TLS but could not able to verify certificates.
>
> its working if disable following flags
>
> modparam("proto_tls","verify_cert", "0")
> modparam("proto_tls","require_cert", "0")
>
> BUT not verifying certificates. Please see logs
> <http://pastebin.com/qmXZjSy2> if enabled
>
> modparam("proto_tls","verify_cert", "1")
> modparam("proto_tls","require_cert", "1")
>
> then have following ERROR
>
> Feb  9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29867]: [udp:keepalive at 192.168.26.181:8000]: Receive request OPTIONS from local server [192.168.26.181]
> Feb  9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]: ERROR:proto_tls:tls_accept: New TLS connection from 115.186.93.1:47015 failed to accept: rejected by client
> Feb  9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]: ERROR:proto_tls:tls_read_req: failed to do pre-tls reading
> Feb  9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: [tcp:siplb at 192.168.26.180:6080]: In LOCAL Route sending OPTIONS to 192.168.26.181
> Feb  9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: INFO:core:probe_max_sock_buff: using snd buffer of 244 kb
> Feb  9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 17
>
> Regards
> *Hamid R. Hashmi*
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20160209/477b5d6a/attachment.htm>

More information about the Users mailing list