[OpenSIPS-Users] WSS Client did not present a TLS certificate
Bogdan-Andrei Iancu
bogdan at opensips.org
Tue Jan 19 18:11:12 CET 2016
Glad the problem was solved.
Still, maybe there is place to improve the code to properly report/log
the issue - did you get any indication (in logs) that actually the key
was bogus and the TLS handshake failed ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 19.01.2016 17:36, Sebastian Sastre wrote:
> Bodgan,
>
> Thanks . Yes that one wasn’t an error but i had the wrong private key
> configured and the socket was disconnecting so i was able to generate
> new certs and it worked fine. I got some help from IRC.
> I still see the notice but the socket stays up and i can register.
>
> Right now i have the signaling working perfect, but i have no audio
> either way. Im trying to figure out why rtpengine is not working
> correctly.
>
> Thanks again
>
>
>
>
> On Tue, Jan 19, 2016 at 5:21 AM, Bogdan-Andrei Iancu
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
> Hi Sebastian,
>
> That message is just an INFO (not an error) - you say TLS
> handshake fails on opensips side as it expects a certificate from
> the end point ?
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 18.01.2016 06:32, Sebastian Sastre wrote:
>> I’ve been trying to setup WSS using 2.2 latest branch.
>>
>> When trying to open the web socket i get “ Client did not present
>> a TLS certificate” . Im using the included default ssl certs for
>> the server to avoid mistakes . What certificate is the user
>> supposed to present?
>>
>> I tried using sip.js and jssip to connect without any luck. i
>> also tried disabling cert requirement but didn’t work.
>>
>> —— Config ——-
>>
>> listen=wss:123.456.789.987:5060
>> listen=tls:123.456.789.987:5061
>> listen=wss:123.456.789.987:443
>>
>> load module "proto_udp.so"
>> load module “proto_tls.so”
>> loadmodule "proto_wss.so"
>>
>> loadmodule "tls_mgm.so"
>> modparam("tls_mgm", "certificate",
>> "/etc/opensips/tls/rootCA/cacert.pem")
>> modparam("tls_mgm", "private_key",
>> "/etc/opensips/tls/rootCA/private/cakey.pem")
>> modparam("tls_mgm", "ca_list",
>> "/etc/opensips/tls/rootCA/cacert.pem")
>> modparam("tls_mgm", "ca_dir", "/etc/opensips/tls/rootCA/")
>> modparam("tls_mgm", "require_cert", "0")
>> modparam(“tls_mgm", "verify_cert", "0")
>>
>>
>> ——- Logs ——-
>> /sbin/opensips[12468]: INFO:core:probe_max_sock_buff: using snd
>> buffer of 416 kb
>> /sbin/opensips[12468]: INFO:core:init_sock_keepalive: TCP
>> keepalive enabled on socket 37
>> /sbin/opensips[12460]: INFO:proto_wss:ls_accept: New TLS
>> connection from xx.xx.xx.xx:50815 accepted
>> /sbin/opensips[12460]: INFO:proto_wss:tls_accept: Client did not
>> present a TLS certificate
>> /sbin/opensips[12460]: INFO:proto_wss:ls_dump_cert_info:
>> tls_accept: local TLS server certificate subject:
>> /CN=OpenSIPS/ST=opensips.org/C=IP/emailAddress=team at opensips.org/O=opensips.org
>> <mailto:opensips.org/C=IP/emailAddress=team at opensips.org/O=opensips.org>,
>> issuer:
>> /CN=OpenSIPS/ST=opensips.org/C=IP/emailAddress=team at opensips.org/O=opensips.org
>> <http://opensips.org/C=IP/emailAddress=team@opensips.org/O=opensips.org>
>>
>>
>> Thanks !
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20160119/1a863a11/attachment.htm>
More information about the Users
mailing list