23 Mar
2023
23 Mar
'23
1:38 p.m.
Hello,
In this case the server should not reject clients without certificate. So, the error needs
to be something else, maybe you can see on the client side something with a network
trace.
As a side note, you should consider updating to a supported Kamailio version, the 5.2.x is
really old.
Cheers,
Henning
From: David Cunningham <dcunningham(a)voisonics.com>
Sent: Donnerstag, 23. März 2023 09:15
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Cc: Henning Westerholt <hw(a)gilawa.com>
Subject: Re: [SR-Users] Re: WebRTC "client did not present a certificate"
error
I grepped the log and we do see "Server MUST present valid certificate" but not
"Client MUST present valid certificate".
Would anyone have any further pointers?
Thank you.
On Thu, 23 Mar 2023 at 00:40, Alex Balashov
<abalashov@evaristesys.com<mailto:abalashov@evaristesys.com>> wrote:
That’s my experience, too, but perhaps there’s something not quite clear about the
location of the tls.cfg file, or the applicability of the given profiles, etc.
On Mar 22, 2023, at 3:59 AM, Henning Westerholt
<hw@gilawa.com<mailto:hw@gilawa.com>> wrote:
Hello Alex,
if you set this in a dedicated tls.cfg, its in my experience not necessary to set these
parameters additionally in the kamailio.cfg.
Cheers,
Henning
-----Original Message-----
From: Alex Balashov
<abalashov@evaristesys.com<mailto:abalashov@evaristesys.com>>
Sent: Mittwoch, 22. März 2023 02:27
To: Kamailio (SER) - Users Mailing List
<sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>>
Subject: [SR-Users] Re: WebRTC "client did not present a certificate" error
Try set these, too:
https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.require_cert…
https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.verify_certi…
— Alex
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to
sr-users-leave@lists.kamailio.org<mailto:sr-users-leave@lists.kamailio.org>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
--
David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782
On Mar 21, 2023, at 7:34 PM, David Cunningham
<dcunningham@voisonics.com<mailto:dcunningham@voisonics.com>> wrote:
Hello,
We have a Kamailio 5.2.7 server with WebRTC enabled. However, a WebRTC client at
https://tryit.jssip.net/ is unable to connect on either Chrome or Firefox. In the Kamailio
log we see the lines below. In tls.cfg we have "verify_certificate = no" and
"require_certificate = no" for both [server:default] and [client:default]. Would
anyone be able to help us with this?
Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls
[tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for
SSL_CTX-0x14baf1cbb090: (nil) Mar 22 01:25:28 br
/sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]:
sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br
/sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]:
sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br
/sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]:
sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar
22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]:
sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br
/sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]:
sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br
/sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]:
sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar
22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]:
sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br
/sbin/kamailio[25259]: DEBUG: tls [tls_server.c:424]: tls_accept():
TLS accept successful Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG:
tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from
xx.xx.xx.xx:39816 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 Mar 22
01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:434]:
tls_accept(): tls_accept: local socket: yy.yy.yy.yy:8443 Mar 22
01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:445]:
tls_accept(): tls_accept: client did not present a certificate Mar 22
01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:1189]:
tls_read_f(): Reading on a renegotiation of connection (n:532) (0) Mar
22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core>
[core/tcp_read.c:1527]: tcp_read_req(): EOF Mar 22 01:25:28 br
/sbin/kamailio[25259]: DEBUG: <core> [core/io_wait.h:602]:
io_watch_del(): DBG: io_watch_del (0x562ffde66d00, 17, -1, 0x10)
fd_no=4 called Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core>
[core/tcp_read.c:1680]: release_tcpconn(): releasing con
0x14baf4cc1ec8, state -1, fd=17, id=665 ([xx.xx.xx.xx]:39816 ->
[xx.xx.xx.xx]:8443) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG:
<core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data
0x14baf289ea30 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: <core>
[core/tcp_main.c:3320]: handle_tcp_child(): reader response=
14baf4cc1ec8, -1 from 1 Mar 22 01:25:28 br /sbin/kamailio[25291]:
DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection
0x14baf289ea30
Thanks very much,
--
David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions To
unsubscribe send an email to
sr-users-leave@lists.kamailio.org<mailto:sr-users-leave@lists.kamailio.org>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email
to sr-users-leave@lists.kamailio.org<mailto:sr-users-leave@lists.kamailio.org>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe: