<div dir="ltr">I believe the correct word would be 'refused' in that case, not 'rejected' :)</div><div class="gmail_extra"><br><div class="gmail_quote">On 5 July 2015 at 08:59, Podrigal, Aron <span dir="ltr"><<a href="mailto:aronp@guaranteedplus.com" target="_blank">aronp@guaranteedplus.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Just a teaser. The client has rejected to provide a certificate as requested by opensips :) </p>
<div class="gmail_quote"><div><div class="h5">On Jul 5, 2015 3:37 AM, "Nabeel" <<a href="mailto:nabeelshikder@gmail.com" target="_blank">nabeelshikder@gmail.com</a>> wrote:<br type="attribution"></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">This error was resolved by setting 'tls_require_client_certificate = 0'. My SIP client does not send any client certificate, so this option must be disabled.<div><br></div><div>However, it means that the error in the OpenSIPS log is misleading and opposite to what it should say. It is not true that the connection was "<span style="font-size:12.8000001907349px">rejected by client" in this case; it is more true that the connection was rejected by OpenSIPS because the client did not provide a client certificate when OpenSIPS was expecting one.</span><br><div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 4 July 2015 at 05:51, Nabeel <span dir="ltr"><<a href="mailto:nabeelshikder@gmail.com" target="_blank">nabeelshikder@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi,</div><div><br></div><div>I get the following error when attempting to connect my SIP client to OpenSIPS. I understand that OpenSIPS has accepted the connection but then the client rejects the certificate sent by OpenSIPS. However, the CA root certificate (from CAcert.org) is included in the client's trust store, so I do not know why the client is rejecting the certificate. This SIP client does accept certificates from CAcert.org when connecting to another server (not openSIPS).</div><div><br></div><div><br></div>ERROR:core:tls_accept: New TLS connection from <a href="http://188.29.164.125:18084" target="_blank">188.29.164.125:18084</a> failed to accept: rejected by client<div><br><div><br></div><div>Just to clarify, the certificate being sent by OpenSIPS is the 'tls_certificate' value from openSIPs config file, right?</div><div><br></div><div>What other steps can I take to investigate this error? </div></div></div>
</blockquote></div><br></div>
<br></div></div>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>