<div dir="ltr">hi,<br><br>i follow the script on :<br><a href="http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html">http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html</a><br><br>mainly, generated root certificate with: <br>
opensipsctl tls rootCA<br>and then generate user (i.e. sip server) certificate with: <br> opensipsctl tls userCERT user<br><br>about the file ca_list, the wiki say:<br><br><p> To add more CAs to your list, just do:
</p><ul><li><p>cat add_cacert.pem >> calist.pem</p></li></ul>but not sure about that, doesn't the last command should have updated the ca list? i see that the file isn't empty..<br><br>nir<br><br><br><br>
<div class="gmail_quote">On Fri, Jan 15, 2010 at 6:35 PM, Bogdan-Andrei Iancu <span dir="ltr"><<a href="mailto:bogdan@voice-system.ro">bogdan@voice-system.ro</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi Nir,<br>
<br>
I see you manage to start opensips with TLS - what was your error?<br>
<br>
for _tls_read -> that is very funny: SSL_read return err 5<br>
(SSL_ERROR_SYSCALL) which means to look at error stack/return<br>
value/errno for the real error (the error was geerated somewhere deep in<br>
the SSL underlayers), but the errno is Success and stack is empty<br>
:P..... Looks like a ghost error...<br>
<br>
for tls_accept -> the error is in the stack, and after googling a bit -><br>
"obviously the CA that signed your clients is not known to the server.<br>
Take a look at"<br>
<br>
<a href="http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6" target="_blank">http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6</a><br>
<a href="http://www.modssl.org/docs/2.8/ssl_reference.html#ToC14" target="_blank">http://www.modssl.org/docs/2.8/ssl_reference.html#ToC14</a><br>
<br>
<br>
Regards,<br>
Bogdan<br>
<div><div></div><div class="h5"><br>
nir elkayam wrote:<br>
> hi,<br>
><br>
> i am using opensips/TLS,<br>
><br>
> i get the following error<br>
> Jan 14 22:53:54 [19740] ERROR:core:_tls_read: SYSCALL error -> (0)<br>
> <Success><br>
> Jan 14 22:53:54 [19740] ERROR:core:_tls_read: something wrong in SSL: 5<br>
> Jan 14 22:53:54 [19740] ERROR:core:tcp_read_req: failed to read<br>
> Jan 14 22:54:46 [19740] ERROR:core:tls_accept: some error in SSL<br>
> (ret=0, err=1, errno=0/Success):<br>
> Jan 14 22:54:46 [19740] ERROR:core:tls_print_errstack:<br>
> error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br>
><br>
> any hinst about these?<br>
> actually the client works but error in encryption process is not good,<br>
> i think<br>
><br>
> thanks<br>
</div></div>> ------------------------------------------------------------------------<br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
><br>
<br>
<br>
--<br>
Bogdan-Andrei Iancu<br>
<a href="http://www.voice-system.ro" target="_blank">www.voice-system.ro</a><br>
<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>ניר אלקיים<br>טל: 050-3930056<br><a href="mailto:nir.elkayam@gmail.com">nir.elkayam@gmail.com</a><br><br>
</div>