[OpenSIPS-Users] ERROR:core:tls_accept: New TLS connection from IP failed to accept: rejected by client
nabeelshikder at gmail.com
Sun Jul 5 10:04:26 CEST 2015
I believe the correct word would be 'refused' in that case, not 'rejected'
On 5 July 2015 at 08:59, Podrigal, Aron <aronp at guaranteedplus.com> wrote:
> Just a teaser. The client has rejected to provide a certificate as
> requested by opensips :)
> On Jul 5, 2015 3:37 AM, "Nabeel" <nabeelshikder at gmail.com> wrote:
>> This error was resolved by setting 'tls_require_client_certificate = 0'.
>> My SIP client does not send any client certificate, so this option must be
>> However, it means that the error in the OpenSIPS log is misleading and
>> opposite to what it should say. It is not true that the connection was "rejected
>> by client" in this case; it is more true that the connection was rejected
>> by OpenSIPS because the client did not provide a client certificate when
>> OpenSIPS was expecting one.
>> On 4 July 2015 at 05:51, Nabeel <nabeelshikder at gmail.com> wrote:
>>> I get the following error when attempting to connect my SIP client to
>>> OpenSIPS. I understand that OpenSIPS has accepted the connection
>>> but then the client rejects the certificate sent by OpenSIPS. However, the
>>> CA root certificate (from CAcert.org) is included in the client's trust
>>> store, so I do not know why the client is rejecting the certificate. This
>>> SIP client does accept certificates from CAcert.org when connecting to
>>> another server (not openSIPS).
>>> ERROR:core:tls_accept: New TLS connection from 22.214.171.124:18084
>>> failed to accept: rejected by client
>>> Just to clarify, the certificate being sent by OpenSIPS is the
>>> 'tls_certificate' value from openSIPs config file, right?
>>> What other steps can I take to investigate this error?
>> Users mailing list
>> Users at lists.opensips.org
> Users mailing list
> Users at lists.opensips.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users