[OpenSIPS-Users] TLS and WSS Opensips Listen

Pratik Patel pratik.patel19970128 at gmail.com
Thu Mar 30 16:31:54 UTC 2023 

If I will set require_cert 0 in the tls_mgm module then able to register
and make a call but when the destination person answers the call then the
below error I get in Syslog :

ERROR:tls_openssl:openssl_tls_blocking_write: TLS send timeout (100)
Mar 30 16:26:41 opensips[154227]: Mar 30 16:26:41 [154227]
ERROR:proto_wss:ws_client_handshake: cannot start handshake
Mar 30 16:26:41 opensips[154227]: Mar 30 16:26:41 [154227]
ERROR:proto_wss:ws_connect: cannot complete WebSocket handshake
Mar 30 16:26:41 opensips[154227]: Mar 30 16:26:41 [154227]
ERROR:tls_openssl:openssl_tls_blocking_write: TLS send timeout (100)
Mar 30 16:26:41 opensips[154227]: Mar 30 16:26:41 [154227]
ERROR:tls_openssl:openssl_tls_conn_shutdown: something wrong in SSL: 1, 11,
Resource temporarily unavailable
Mar 30 16:26:41 opensips[154227]: Mar 30 16:26:41 [154227]
ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:140E0197:SSL
routines:SSL_shutdown:shutdown while in init
Mar 30 16:26:41 opensips[154227]: Mar 30 16:26:41 [154227]
ERROR:proto_wss:proto_wss_send: connect failed
Mar 30 16:26:41 opensips[154227]: Mar 30 16:26:41 [154227]
ERROR:core:msg_send: send() to 11.11.11.11:5060 for proto wss/6 failed

On Thu, Mar 30, 2023 at 7:43 PM Pratik Patel <pratik.patel19970128 at gmail.com>
wrote:

> Hi Rizwan,
>
> I am really sorry for that I am posting first time my question about
> opensips and I have not clear idea which channel I will get responses.
>
> I will take care of that now .
>
> I have done this wss with TLS on freeswitch there working fine with same
> certificate but when on opensips when try to configure wss with TLS facing
> issue .
>
> I have done pastbin url that I have configured .
>
> In freeswitch I have added some pem files in /etc/freeswitch/TLS/
>
> chain.pem
> cafile.pem
> fullchain.pem
> privkey.pem
> wss.pem
>
> Then restart freeswitch service and it's start working.
>
> So I have pointed same domain to my opensips and copy all certificate to
> /etc/opensips/tls/
>
> And check some documents as per that I have configured on opensips.cfg but
> not able to connect that was url from my web client .
>
> Can you please share steps and documents something that I will prefer or
> generate let's encrypted certificate that use to do enable TLS with wss in
> opensips.
>
>
>
> On Thu, Mar 30, 2023, 18:58 Răzvan Crainea <razvan at opensips.org> wrote:
>
>> Hi, Pratik!
>>
>> As the error clearly says, you are requiring a certificate in your
>> configuration file, but not providing one when running the openssl
>> command.
>>
>> Best regards,
>>
>> Răzvan Crainea
>> OpenSIPS Core Developer
>> http://www.opensips-solutions.com
>>
>> On 3/30/23 15:52, Pratik Patel wrote:
>> > Hello
>> >
>> > I want to make my opensips listen as wss same like FreeSWITCH but
>> facing
>> > issue with opensips :
>> >
>> > I am working on opensips with wss and tls configuration but facing
>> below
>> > Error :
>> > 140010946856256:error:1409445C:SSL routines:ssl3_read_bytes:tlsv13
>> alert
>> > certificate required:../ssl/record/rec_layer_s3.c:1543:SSL alert number
>> 116
>> >
>> > openssl s_client -connect abc.com:7443 <http://abc.com:7443>
>> -servername
>> > abc.com <http://abc.com>
>> > In opensips.cfg code :
>> >
>> > https://pastebin.com/Bn9fc70Z <https://pastebin.com/Bn9fc70Z>
>> >
>> >
>> > _______________________________________________
>> > Users mailing list
>> > Users at lists.opensips.org
>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20230330/653a21ab/attachment-0001.html>

More information about the Users mailing list