[OpenSIPS-Users] WSS Client did not present a TLS certificate
Bogdan-Andrei Iancu
bogdan at opensips.org
Tue Jan 19 11:21:34 CET 2016
Hi Sebastian,
That message is just an INFO (not an error) - you say TLS handshake
fails on opensips side as it expects a certificate from the end point ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 18.01.2016 06:32, Sebastian Sastre wrote:
> I’ve been trying to setup WSS using 2.2 latest branch.
>
> When trying to open the web socket i get “ Client did not present a
> TLS certificate” . Im using the included default ssl certs for
> the server to avoid mistakes . What certificate is the user supposed
> to present?
>
> I tried using sip.js and jssip to connect without any luck. i also
> tried disabling cert requirement but didn’t work.
>
> —— Config ——-
>
> listen=wss:123.456.789.987:5060
> listen=tls:123.456.789.987:5061
> listen=wss:123.456.789.987:443
>
> load module "proto_udp.so"
> load module “proto_tls.so”
> loadmodule "proto_wss.so"
>
> loadmodule "tls_mgm.so"
> modparam("tls_mgm", "certificate", "/etc/opensips/tls/rootCA/cacert.pem")
> modparam("tls_mgm", "private_key",
> "/etc/opensips/tls/rootCA/private/cakey.pem")
> modparam("tls_mgm", "ca_list", "/etc/opensips/tls/rootCA/cacert.pem")
> modparam("tls_mgm", "ca_dir", "/etc/opensips/tls/rootCA/")
> modparam("tls_mgm", "require_cert", "0")
> modparam(“tls_mgm", "verify_cert", "0")
>
>
> ——- Logs ——-
> /sbin/opensips[12468]: INFO:core:probe_max_sock_buff: using snd buffer
> of 416 kb
> /sbin/opensips[12468]: INFO:core:init_sock_keepalive: TCP keepalive
> enabled on socket 37
> /sbin/opensips[12460]: INFO:proto_wss:ls_accept: New TLS connection
> from xx.xx.xx.xx:50815 accepted
> /sbin/opensips[12460]: INFO:proto_wss:tls_accept: Client did not
> present a TLS certificate
> /sbin/opensips[12460]: INFO:proto_wss:ls_dump_cert_info: tls_accept:
> local TLS server certificate subject:
> /CN=OpenSIPS/ST=opensips.org/C=IP/emailAddress=team at opensips.org/O=opensips.org
> <http://opensips.org/C=IP/emailAddress=team@opensips.org/O=opensips.org>,
> issuer:
> /CN=OpenSIPS/ST=opensips.org/C=IP/emailAddress=team at opensips.org/O=opensips.org
> <http://opensips.org/C=IP/emailAddress=team@opensips.org/O=opensips.org>
>
>
> Thanks !
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20160119/996436e5/attachment.htm>
More information about the Users
mailing list