<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><font color="#2672EC">Nabeel</font><div><font color="#2672EC"><br></font></div><div><font color="#2672EC">I dont know how to present a certificate from client. I have tried using Xoiper (Android - Free), SFLphone (Ubuntu) and CsipSimple (Android) but there was no options set a public key. </font></div><div><font color="#2672EC"><br></font></div><div><font color="#2672EC">Now I am using CA signed certificates in opensips with disabled flags of verify_cert and require_cert, having an error of </font><span style="font-family: 'Times New Roman'; font-size: 12pt;"><b>477 Send failed (477/TM). </b></span></div><div><br><b><font color="#5133ab" face="Times New Roman" size="3"><i>Hamid R. Hashmi</i></font></b><div><font size="2">Software Engineer - VoIP</font></div><div><font color="#008a17" size="2" style="font-size:10pt;">Vopium A/S</font></div><br><br><div><hr id="stopSpelling">Date: Tue, 9 Feb 2016 08:48:41 +0000<br>From: nabeelshikder@gmail.com<br>To: users@lists.opensips.org<br>Subject: Re: [OpenSIPS-Users] How to TLS ?<br><br><p dir="ltr">Hi, </p>
<p dir="ltr">Does the client present a client certificate? If not, then with modparam("proto_tls","require_cert", "1"), OpenSIPS misleadingly logs:<br>
'failed to accept: rejected by client'. What it actually means is that the client failed to present a certificate. </p>
<div class="ecxgmail_quote">On 9 Feb 2016 6:06 am, "Hamid Hashmi" <<a href="mailto:hamid2kviii@hotmail.com">hamid2kviii@hotmail.com</a>> wrote:<br><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;">
<div><div dir="ltr"><font color="#2672EC">It will be a great help if you please help me in configuring TLS. I have followed <a href="http://www.opensips.org/Documentation/Tutorials-TLS-2-1" target="_blank">this</a> to configure TLS but could not able to verify certificates.</font><div><font color="#2672EC"><br></font></div><div><font color="#2672EC">its working if disable following flags</font></div><div><font color="#2672EC"><br></font></div><div><font face="Courier New, sans-serif">modparam("proto_tls","verify_cert", "0")</font></div><div><font face="Courier New, sans-serif">modparam("proto_tls","require_cert", "0")</font></div><div><font color="#2672EC"><br></font></div><div><font color="#2672EC">BUT not verifying certificates. Please see <a href="http://pastebin.com/qmXZjSy2" target="_blank">logs</a> if enabled</font></div><div><font color="#2672EC"><br></font></div><div><font face="Courier New, sans-serif">modparam("proto_tls","verify_cert", "1")</font></div><div><font face="Courier New, sans-serif">modparam("proto_tls","require_cert", "1")</font></div><div><font color="#2672EC"><br></font></div><div><font color="#2672EC">then have following ERROR</font></div><div><font color="#2672EC"><br></font></div><pre style="overflow:auto;font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:11.9px;font-stretch:normal;line-height:1.45;padding:16px;border-radius:3px;word-wrap:normal;color:rgb(51,51,51);background-color:rgb(247,247,247);"><code style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:11.9px;padding:0px;border-radius:3px;word-break:normal;border:0px;display:inline;max-width:initial;overflow:initial;line-height:inherit;word-wrap:normal;background:transparent;">Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29867]: [<a href="http://192.168.26.181:8000" target="_blank">udp:keepalive@192.168.26.181:8000</a>]: Receive request OPTIONS from local server [192.168.26.181]
Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]: ERROR:proto_tls:tls_accept: New TLS connection from <a href="http://115.186.93.1:47015" target="_blank">115.186.93.1:47015</a> failed to accept: rejected by client
Feb 9 05:57:14 comoyo-dev-ec2-siplb SIPLB[29868]: ERROR:proto_tls:tls_read_req: failed to do pre-tls reading
Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: [<a href="http://192.168.26.180:6080" target="_blank">tcp:siplb@192.168.26.180:6080</a>]: In LOCAL Route sending OPTIONS to 192.168.26.181
Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: INFO:core:probe_max_sock_buff: using snd buffer of 244 kb
Feb 9 05:57:17 comoyo-dev-ec2-siplb SIPLB[29863]: INFO:core:init_sock_keepalive: TCP keepalive enabled on socket 17 </code><span style="color:rgb(38,114,236);font-family:Calibri,sans-serif;font-size:12pt;"> </span></pre><div>Regards<br><b><font color="#5133ab" face="Times New Roman" size="3"><i>Hamid R. Hashmi</i></font></b><div><br></div></div> </div></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div>
<br>_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users</div></div> </div></body>
</html>