[OpenSIPS-Users] WSS Client did not present a TLS certificate

Bogdan-Andrei Iancu bogdan at opensips.org
Tue Jan 19 18:11:12 CET 2016


Glad the problem was solved.

Still, maybe there is place to improve the code to properly report/log 
the issue - did you get any indication (in logs) that actually the key 
was bogus and the TLS handshake failed ?

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 19.01.2016 17:36, Sebastian Sastre wrote:
> Bodgan,
>
> Thanks . Yes that one wasn’t an error but i had the wrong private key 
> configured and the socket was disconnecting so i was able to generate 
> new certs and it worked fine. I got some help from IRC.
> I still see the notice but the socket stays up and i can register.
>
> Right now i have the signaling working perfect, but i have no audio 
> either way. Im trying to figure out why rtpengine is not working 
> correctly.
>
> Thanks again
>
>
>
>
> On Tue, Jan 19, 2016 at 5:21 AM, Bogdan-Andrei Iancu 
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
>     Hi Sebastian,
>
>     That message is just an INFO (not an error) - you say TLS
>     handshake fails on opensips side as it expects a certificate from
>     the end point ?
>
>     Regards,
>
>     Bogdan-Andrei Iancu
>     OpenSIPS Founder and Developer
>     http://www.opensips-solutions.com
>
>     On 18.01.2016 06:32, Sebastian Sastre wrote:
>>     I’ve been trying to setup WSS using 2.2 latest branch.
>>
>>     When trying to open the web socket i get “ Client did not present
>>     a TLS certificate” . Im using the included default ssl certs for
>>     the server to avoid mistakes . What certificate is the user
>>     supposed to present?
>>
>>     I tried using sip.js and jssip to connect without any luck. i
>>     also tried disabling cert requirement but didn’t work.
>>
>>     —— Config ——-
>>
>>     listen=wss:123.456.789.987:5060
>>     listen=tls:123.456.789.987:5061
>>     listen=wss:123.456.789.987:443
>>
>>     load module "proto_udp.so"
>>     load module “proto_tls.so”
>>     loadmodule "proto_wss.so"
>>
>>     loadmodule "tls_mgm.so"
>>     modparam("tls_mgm", "certificate",
>>     "/etc/opensips/tls/rootCA/cacert.pem")
>>     modparam("tls_mgm", "private_key",
>>     "/etc/opensips/tls/rootCA/private/cakey.pem")
>>     modparam("tls_mgm", "ca_list",
>>     "/etc/opensips/tls/rootCA/cacert.pem")
>>     modparam("tls_mgm", "ca_dir", "/etc/opensips/tls/rootCA/")
>>     modparam("tls_mgm", "require_cert", "0")
>>     modparam(“tls_mgm", "verify_cert", "0")
>>
>>
>>     ——- Logs ——-
>>     /sbin/opensips[12468]: INFO:core:probe_max_sock_buff: using snd
>>     buffer of 416 kb
>>     /sbin/opensips[12468]: INFO:core:init_sock_keepalive: TCP
>>     keepalive enabled on socket 37
>>     /sbin/opensips[12460]: INFO:proto_wss:ls_accept: New TLS
>>     connection from xx.xx.xx.xx:50815 accepted
>>     /sbin/opensips[12460]: INFO:proto_wss:tls_accept: Client did not
>>     present a TLS certificate
>>     /sbin/opensips[12460]: INFO:proto_wss:ls_dump_cert_info:
>>     tls_accept: local TLS server certificate subject:
>>     /CN=OpenSIPS/ST=opensips.org/C=IP/emailAddress=team at opensips.org/O=opensips.org
>>     <mailto:opensips.org/C=IP/emailAddress=team at opensips.org/O=opensips.org>,
>>     issuer:
>>     /CN=OpenSIPS/ST=opensips.org/C=IP/emailAddress=team at opensips.org/O=opensips.org
>>     <http://opensips.org/C=IP/emailAddress=team@opensips.org/O=opensips.org>
>>
>>
>>     Thanks !
>>
>>
>>
>>     _______________________________________________
>>     Users mailing list
>>     Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20160119/1a863a11/attachment.htm>


More information about the Users mailing list