[OpenSIPS-Users] ERROR:core:tls_accept: New TLS connection from IP failed to accept: rejected by client

[Podrigal, Aron]

Just a teaser.  The client has rejected to provide a certificate as
requested by opensips :)
On Jul 5, 2015 3:37 AM, "Nabeel" <nabeelshikder at gmail.com> wrote:

> This error was resolved by setting 'tls_require_client_certificate = 0'.
> My SIP client does not send any client certificate, so this option must be
> disabled.
>
> However, it means that the error in the OpenSIPS log is misleading and
> opposite to what it should say.  It is not true that the connection was "rejected
> by client" in this case; it is more true that the connection was rejected
> by OpenSIPS because the client did not provide a client certificate when
> OpenSIPS was expecting one.
>
>
> On 4 July 2015 at 05:51, Nabeel <nabeelshikder at gmail.com> wrote:
>
>> Hi,
>>
>> I get the following error when attempting to connect my SIP client to
>> OpenSIPS.  I understand that OpenSIPS has accepted the connection
>> but then the client rejects the certificate sent by OpenSIPS.  However, the
>> CA root certificate (from CAcert.org) is included in the client's trust
>> store, so I do not know why the client is rejecting the certificate.  This
>> SIP client does accept certificates from CAcert.org when connecting to
>> another server (not openSIPS).
>>
>>
>> ERROR:core:tls_accept: New TLS connection from 188.29.164.125:18084
>> failed to accept: rejected by client
>>
>>
>> Just to clarify, the certificate being sent by OpenSIPS is the
>> 'tls_certificate' value from openSIPs config file, right?
>>
>> What other steps can I take to investigate this error?
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150705/0eea7bf0/attachment.htm>