Seems like Kamailio is configured to require a client certificate, but
the client doesn't have one.
klaus
Am 15.11.2012 15:04, schrieb Denis:
Thank you, it worked!
I just added listen=tcp:IP:5060 so it probably needs to initialize tcp
separately from tls )
Thanks a lot!
P.S.
now I am having another errors though while connecting to tls port but
I believe it is certificates problems:
$ openssl s_client -connect IP:5061 -tls1 -CAfile certs/demoCA/cert.pem
...
1727:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1102:SSL alert number 40
1727:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:539:
syslog:
/opt/kamailio/sbin/kamailio[1708]: ERROR: tls [tls_server.c:1190]: TLS
accept:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer
did not return a certificate
/opt/kamailio/sbin/kamailio[1708]: ERROR: <core> [tcp_read.c:1127]:
ERROR: tcp_read_req: error reading
Thanks,
Den
On 15/11/12 13:33, Daniel-Constantin Mierla wrote:
Copy and paste typo, overlapping port use:
listen=tcp:127.0.0.1:5060
Cheers,
Daniel
On 11/15/12 7:54 AM, Denis wrote:
Thanks for looking at that, Daniel.
If I start all together with tls: and tcp: (both lines order) then I
see this:
/opt/kamailio/sbin/kamailio[1008]: ERROR: <core> [tcp_main.c:2918]:
ERROR: tcp_init: bind(9, 0x7f3fa8eb7d64, 16) on IP_ADDRESS:5061 :
Address already in use
/opt/kamailio/sbin/kamailio[1008]: ERROR: tls [tls_init.c:314]:
Error while initializing TCP part of TLS socket IP_ADDRESS:5061
If I start only tcp: I am getting:
/opt/kamailio/sbin/kamailio[1035]: ERROR: tls [tls_init.c:660]:
TLSs<IP_ADDRESS:5061>: No listening socket found
/opt/kamailio/sbin/kamailio[1035]: ERROR: <core> [sr_module.c:939]:
init_mod(): Error while initializing module tls
(/opt/kamailio/lib64/kamailio/modules/tls.so)
Thanks,
Den
On 15/11/12 12:48, Daniel-Constantin Mierla wrote:
Reviewing the previous email, I probably spotted the issues. You
said you added:
listen=tls:IP.ADDRESS:5061
that forces Kamailio to listen only on tls. But tls is on top of
tcp, so add:
listen=tcp:127.0.0.1:5061
It was reported couple of days ago, I had no time to look at it
yet, traveling for the moment. Should not crash in any condition,
if tcp is required and no other way for tls only, the startup
process should fail -- I will take care of it soon.
Cheers,
Daniel
On 11/15/12 7:39 AM, Denis wrote:
Only during kamailio start:
...
/opt/kamailio/sbin/kamailio[752]: INFO: rtpproxy
[rtpproxy.c:1413]: rtp proxy <udp:127.0.0.1:7722> found, support
for it enabled
/opt/kamailio/sbin/kamailio[759]: INFO: ctl [io_listener.c:225]:
io_listen_loop: using epoll_lt io watch method (config)
as soon as I send a request on port 5061 it crashes..
user@server:~$ telnet HOSTNAME 5061
Trying HOSTNAME...
Connected to HOSTNAME.
Escape character is '^]'.
fsf
Connection closed by foreign host.
and it crashes.
On 15/11/12 12:22, Daniel-Constantin Mierla wrote:
Hello,
On 11/15/12 4:52 AM, Denis wrote:
[...]
/opt/kamailio/sbin/kamailio[30278]: ALERT: <core> [main.c:785]:
child process 30293 exited by a signal 11
Before this line, do you have any other error messages printed by
pid 30278?
Cheers,
Daniel
--
Daniel-Constantin Mierla -http://www.asipto.com
http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
--
Daniel-Constantin Mierla -http://www.asipto.com
http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
--
Daniel-Constantin Mierla -http://www.asipto.com
http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
