Re: [SR-Users] help with tls error :sslv3 alert bad certificate

Mon, 13 Sep 2010 03:45:01 -0700 


> Date: Mon, 13 Sep 2010 11:40:33 +0200
> From: klaus.mailingli...@pernau.at
> To: betergr...@live.com
> CC: sr-users@lists.sip-router.org
> Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate
> 
> 
> 
> Am 13.09.2010 11:10, schrieb peter_green lion:
> > enable_tls=1
> > tcp_async=no
> >
> > listen=tls:192.168.1.81:5060
> 
> The default is for TLS is port 5061.
> 
> >
> > modparam("tls", "tls_method", "TLSv1")
> > modparam("tls", "tls_method", "SSLv23")
> 
> You can not use TLS and SSL - only on e or the other. SIP is 
> standardized with TLSv1. Thus you should remove SSLv23 unless you 
> explicitely know that the client can not handle TLSv1 (then the client 
> would be buggy)
> 
> > modparam("tls", "certificate", "ser1_cert.pem")
> > modparam("tls", "private_key", "privkey.pem")
> > modparam("tls", "ca_list", "cacert.pem")
> > modparam("tls", "verify_certificate", 1)
> 
> 
> > modparam("tls", "require_certificate", 1)
> 
> Here is the problem: You have configured Kamailio to require a client 
> certificate. Usually the SIP client does not have a TLS client 
> certificate, thus Kamailio will terminate the TLS connection with 
> handshake error. Set
>     modparam("tls", "require_certificate", 0)
> and at least it should work with the "openssl s_client" tool.
> 
> 
> regards
> Klaus
> 
> 

hi Klaus and all,
i thing this is bug in openssl, becau i have just install kamailio with tls 
support in ubuntu server which OS have openssl version 0.9.8k,
and i have result as:

sip client can register with server via tls support(sometime it work and some 
time it cannot work, or it can register when i restart kamailio)

if it can register, i can make call but when callee answer, caller change to 
connect , but callee continue ringring.
if callee reject call, caller change to destination busy.

i can recognize what problem, please suggest ?
thanks and regards 
Peter Green.
                                          
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users






















					Reply via email to