<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    Hi Sebastian,<br>

    <br>

    That message is just an INFO (not an error) - you say TLS handshake

    fails on opensips side as it expects a certificate from the end

    point ?<br>

    <br>

    Regards,<br>

    <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer

<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>

    <div class="moz-cite-prefix">On 18.01.2016 06:32, Sebastian Sastre

      wrote:<br>

    </div>

    <blockquote

cite="mid:CAB=UX=D31JDUCk5u1O_hvdYzX6neR6xPcmwzvJwHGi2wsG6B7g@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div class="gmail_default">

          <div class="gmail_default"><font face="tahoma, sans-serif">I’ve

              been trying to setup WSS using 2.2 latest branch. </font></div>

          <div class="gmail_default"><br>

          </div>

          <div class="gmail_default"><font face="tahoma, sans-serif">When

              trying to open the web socket i get “ Client did not

              present a TLS certificate” . Im using the included default

              ssl certs for the server to avoid mistakes . What

              certificate is the user supposed to present? </font></div>

          <div class="gmail_default"><font face="tahoma, sans-serif"><br>

            </font></div>

          <div class="gmail_default"><font face="tahoma, sans-serif">I

              tried using sip.js and jssip to connect without any luck.

              i also tried disabling cert requirement but didn’t work. </font></div>

          <div style="font-family:tahoma,sans-serif"><br>

          </div>

          <div style="font-family:tahoma,sans-serif">—— Config ——-</div>

          <div style="font-family:tahoma,sans-serif"><br>

          </div>

          <div style="font-family:tahoma,sans-serif"><span

              style="font-family:arial,sans-serif;font-size:13px">listen=</span><a

              moz-do-not-send="true"

              style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px"><a class="moz-txt-link-freetext" href="wss:123.456.789.987:5060">wss:123.456.789.987:5060</a></a><br

              style="font-family:arial,sans-serif;font-size:13px">

            <span style="font-family:arial,sans-serif;font-size:13px">listen=tls:123.456.789.987:</span><span

              style="font-family:arial,sans-serif;font-size:13px">5061</span><br>

          </div>

          <div style="font-family:tahoma,sans-serif"><span

              style="font-family:arial,sans-serif;font-size:13px">listen=</span><a

              moz-do-not-send="true"

              style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px"><a class="moz-txt-link-freetext" href="wss:123.456.789.987:443">wss:123.456.789.987:443</a></a><br>

          </div>

          <div style="font-family:tahoma,sans-serif"><span

              style="font-family:arial,sans-serif;font-size:13px"><br>

            </span></div>

          <div>

            <div><font face="tahoma, sans-serif">load

                module "proto_udp.so"</font></div>

            <div><font face="tahoma, sans-serif">load

                module “proto_tls.so”</font></div>

            <div><font face="tahoma, sans-serif">loadmodule

                "proto_wss.so"</font></div>

          </div>

          <div style="font-family:tahoma,sans-serif"><br>

          </div>

          <div>

            <div><font face="tahoma, sans-serif">loadmodule "tls_mgm.so"</font></div>

            <div><font face="tahoma, sans-serif">modparam("tls_mgm",

                "certificate", "/etc/opensips/tls/rootCA/cacert.pem")  

                        </font></div>

            <div><font face="tahoma, sans-serif">modparam("tls_mgm",

                "private_key",

                "/etc/opensips/tls/rootCA/private/cakey.pem")    </font></div>

            <div><font face="tahoma, sans-serif">modparam("tls_mgm",

                "ca_list", "/etc/opensips/tls/rootCA/cacert.pem")      

                         </font></div>

            <div><font face="tahoma, sans-serif">modparam("tls_mgm",

                "ca_dir", "/etc/opensips/tls/rootCA/")  </font></div>

            <div><font face="tahoma, sans-serif">modparam("tls_mgm",

                "require_cert", "0") </font></div>

            <div><font face="tahoma, sans-serif">modparam(“tls_mgm",

                "verify_cert", "0")</font></div>

          </div>

          <div><font face="tahoma, sans-serif"><br>

            </font></div>

          <div><font face="tahoma, sans-serif"><br>

            </font></div>

          <div><font face="tahoma, sans-serif">——- Logs ——-</font><br>

          </div>

          <div>

            <div class="gmail_default"><span

                style="font-family:tahoma,sans-serif">/sbin/opensips[12468]:

                <a class="moz-txt-link-freetext" href="INFO:core:probe_max_sock_buff">INFO:core:probe_max_sock_buff</a>: using snd buffer of 416

                kb</span><br>

            </div>

            <div class="gmail_default"><font face="tahoma, sans-serif">/sbin/opensips[12468]:

                <a class="moz-txt-link-freetext" href="INFO:core:init_sock_keepalive">INFO:core:init_sock_keepalive</a>: TCP keepalive enabled on

                socket 37</font></div>

            <div class="gmail_default"><font face="tahoma, sans-serif">/sbin/opensips[12460]:

                <a class="moz-txt-link-freetext" href="INFO:proto_wss:ls_accept">INFO:proto_wss:ls_accept</a>: New TLS connection from

                xx.xx.xx.xx:50815 accepted</font></div>

            <div class="gmail_default"><font face="tahoma, sans-serif">/sbin/opensips[12460]:

                <a class="moz-txt-link-freetext" href="INFO:proto_wss:tls_accept">INFO:proto_wss:tls_accept</a>: Client did not present a TLS

                certificate</font></div>

            <div class="gmail_default"><font face="tahoma, sans-serif">/sbin/opensips[12460]:

                <a class="moz-txt-link-freetext" href="INFO:proto_wss:ls_dump_cert_info">INFO:proto_wss:ls_dump_cert_info</a>: tls_accept: local TLS

                server certificate subject: /CN=OpenSIPS/ST=<a

                  moz-do-not-send="true"

href="http://opensips.org/C=IP/emailAddress=team@opensips.org/O=opensips.org"

                  target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:opensips.org/C=IP/emailAddress=team@opensips.org/O=opensips.org">opensips.org/C=IP/emailAddress=team@opensips.org/O=opensips.org</a></a>,

                issuer: /CN=OpenSIPS/ST=<a moz-do-not-send="true"

href="http://opensips.org/C=IP/emailAddress=team@opensips.org/O=opensips.org"

                  target="_blank">opensips.org/C=IP/emailAddress=team@opensips.org/O=opensips.org</a></font></div>

          </div>

          <div class="gmail_default"><font face="tahoma, sans-serif"><br>

            </font></div>

          <div class="gmail_default"><font face="tahoma, sans-serif"><br>

            </font></div>

          <div style="font-family:tahoma,sans-serif">Thanks ! </div>

          <div style="font-family:tahoma,sans-serif"><br>

          </div>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

Users mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>

<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>

</pre>

    </blockquote>

    <br>

  </body>

</html>