<p dir="ltr">Hi, </p>
<p dir="ltr">Does the client present a client certificate? If not, then with modparam("proto_tls","require_cert", "1"), OpenSIPS misleadingly logs:<br>
'failed to accept: rejected by client'. What it actually means is that the client failed to present a certificate. </p>
<div class="gmail_quote">On 9 Feb 2016 6:06 am, "Hamid Hashmi" <<a href="mailto:hamid2kviii@hotmail.com">hamid2kviii@hotmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div dir="ltr"><font color="#2672EC">It will be a great help if you please help me in configuring TLS. I have followed <a href="http://www.opensips.org/Documentation/Tutorials-TLS-2-1" target="_blank">this</a> to configure TLS but could not able to verify certificates.</font><div><font color="#2672EC"><br></font></div><div><font color="#2672EC">its working if disable following flags</font></div><div><font color="#2672EC"><br></font></div><div><font face="Courier New, sans-serif">modparam("proto_tls","verify_cert", "0")</font></div><div><font face="Courier New, sans-serif">modparam("proto_tls","require_cert", "0")</font></div><div><font color="#2672EC"><br></font></div><div><font color="#2672EC">BUT not verifying certificates. Please see <a href="http://pastebin.com/qmXZjSy2" target="_blank">logs</a> if enabled</font></div><div><font color="#2672EC"><br></font></div><div><font face="Courier New, sans-serif">modparam("proto_tls","verify_cert", "1")</font></div><div><font face="Courier New, sans-serif">modparam("proto_tls","require_cert", "1")</font></div><div><font color="#2672EC"><br></font></div><div><font color="#2672EC">then have following ERROR</font></div><div><font color="#2672EC"><br></font></div><pre style="overflow:auto;font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:11.9px;margin-bottom:16px;font-stretch:normal;line-height:1.45;padding:16px;border-radius:3px;word-wrap:normal;color:rgb(51,51,51);margin-top:0px!important;background-color:rgb(247,247,247)"><code style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:11.9px;padding:0px;margin:0px;border-radius:3px;word-break:normal;border:0px;display:inline;max-width:initial;overflow:initial;line-height:inherit;word-wrap:normal;background:transparent">Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29867]: [<a href="http://udp:keepalive@192.168.26.181:8000" target="_blank">udp:keepalive@192.168.26.181:8000</a>]: Receive request OPTIONS from local server [192.168.26.181]
Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]: ERROR:proto_tls:tls_accept: New TLS connection from <a href="http://115.186.93.1:47015" target="_blank">115.186.93.1:47015</a> failed to accept: rejected by client
Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]: ERROR:proto_tls:tls_read_req: failed to do pre-tls reading
Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: [<a href="http://tcp:siplb@192.168.26.180:6080" target="_blank">tcp:siplb@192.168.26.180:6080</a>]: In LOCAL Route sending OPTIONS to 192.168.26.181
Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: INFO:core:probe_max_sock_buff: using snd buffer of 244 kb
Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 17 </code><span style="color:rgb(38,114,236);font-family:Calibri,sans-serif;font-size:12pt"> </span></pre><div>Regards<br><b><font color="#5133ab" face="Times New Roman" size="3"><i>Hamid R. Hashmi</i></font></b><div><br></div></div> </div></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div>