Hello, can you try with latest master? After just quick view of sources, I spotted some issue identifying ipv6 address and pushed a small patch for it, but no time to test it for now.
Cheers, Daniel On 23/02/15 10:01, Daniel-Constantin Mierla wrote: > Hello, > > On 23/02/15 02:16, Anthony Messina wrote: >> I'm wondering if anyone can point me in the right direction for the >> following >> two issues with Kamailio and tls.cfg >> >> 1. When attempting to configure TLS settings for connecting to a specific >> IPv4 >> client, it seems that the ca_list indicated in [client:default] overrides >> the >> one in the client-specific config. If I don't include the client's CA in >> the >> [client:default] section, I get the following, regardless of what is in >> [client:204.74.213.5:5061]. >> >> ERROR: tls [tls_server.c:1230]: tls_read_f(): TLS write:error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >> >> [client:default] >> method = TLSv1+ >> verify_certificate = yes >> require_certificate = no >> private_key = /etc/kamailio/key.pem >> certificate = /etc/kamailio/crt.pem >> verify_depth = 2 >> # In order for the client below to work, the ca_list here needs to support # >> contain the CA for the specific client. Not sure why, maybe a bug? >> #ca_list = /etc/pki/CA/myownCA.pem # Can't use this one >> ca_list = /etc/kamailio/kamailio.tls.ca_list.pem # Contains ALL client CA's >> >> [client:204.74.213.5:5061] >> method = TLSv1+ >> verify_certificate = yes >> require_certificate = yes >> verify_depth = 2 >> ca_list = /etc/kamailio/204.74.213.5.crt.pem > > I noticed that this one is hard to match because it specifies the > local socket, but the kernel returns a random local port when doing a > connect. The matching should be changed to be done on an xavp or the > forced socket. I made a note on the commit: > > - > https://github.com/kamailio/kamailio/commit/9a36fb7aae0adc39efb17a967a88db2eebfd8c36 > > It is on my list to solve it, but no time so far. > >> >> 2. When attempting to configure TLS settings for connecting to a specific >> IPv6 >> client, I cannot figure out the syntax needed to specify the IPv6 client. >> What is the proper syntax? >> >> With [client:[2607:5300:60:1f93::0]:5061], I get: >> ERROR: tls [tls_config.c:71]: parse_ipv6(): tls.cfg:57:9: Invalid IPv6 >> address > > Perhaps it is an issue in the parser of the config, I will look at it. > > Cheers, > Daniel > >> >> Any guidance is appreciated. Thanks. -A >> >> >> >> _______________________________________________ >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >> sr-users@lists.sip-router.org >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > > -- > Daniel-Constantin Mierla > http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda > Kamailio World Conference, May 27-29, 2015 > Berlin, Germany - http://www.kamailioworld.com -- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, May 27-29, 2015 Berlin, Germany - http://www.kamailioworld.com
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
