Hello ng, I currently face an issue to forward a call via tls to a destination. The check with "openssl client -connect …" to the destination is successful and it returns a valid certificate. However if I forward the call via kamailio I see an TLS error:
Alert (Level: Fatal, Description: Unknown CA) I’ve compiled tls module with extra_defs="-DTLS_WR_DEBUG -DTLS_RD_DEBUG“ (with 5.4.9 and 5.5.7) and can see: Dec 7 10:46:40 mbo-debian-vm1 /usr/local/sbin/kamailio[170469]: DEBUG: TLS_TRACE: tls [tls_server.c:1141]: tls_h_read_f(): tls_h_read_f(0xffff898c8a88, 0xffffcc5fe320) tls write on read (WRITE_WANTS_READ): ct_wq_flush()=> 0 (ff=2 ssl_error=1)) Dec 7 10:46:40 mbo-debian-vm1 /usr/local/sbin/kamailio[170469]: DEBUG: TLS_TRACE: tls [tls_server.c:1268]: tls_h_read_f(): tls_h_read_f(0xffff898c8a88, 0xffffcc5fe320) tcpconn_send_unsafe 7 bytes Dec 7 10:46:40 mbo-debian-vm1 /usr/local/sbin/kamailio[170469]: ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error Dec 7 10:46:40 mbo-debian-vm1 /usr/local/sbin/kamailio[170469]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS write:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed It looks like the error "Unknown CA“ is a subsequent error, but the main problem occurs while reading from the tls connection. I’m currently can also debug the issue in the tls module, is there anything which I can check? Maybe the certificate chain is too long? Thanks and regards Markus
_______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
