Hello Fred and all,
I tried some changes, and result bellow.
with :
[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = /etc/certs/webrtc.killermobile.mobi/key.pem
certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:default]
verify_certificate = yes
require_certificate = yes
~
error log:
Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
certificate unknown
Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 27.65.214.194
Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 172.31.44.170
With settings:
[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = /etc/certs/webrtc.killermobile.mobi/key.pem
certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:default]
verify_certificate = no
require_certificate = no
~
and error log:
Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
certificate unknown
Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 27.65.214.194
Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 172.31.44.170
Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c:
0x7fd64ee4bfc0 r: 0x7fd64ee4c0e8 (-1)
and tried:
[server:default]
method = SSLv23
verify_certificate = yes
require_certificate = yes
private_key = /etc/certs/webrtc.killermobile.mobi/key.pem
certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:default]
verify_certificate = no
require_certificate = no
and error log:
Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
certificate unknown
Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 27.65.214.194
Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 172.31.44.170
Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c:
0x7f222a018fc0 r: 0x7f222a0190e8 (-1)
Then, i try with TLSv1+
[server:default]
method = TLSv1+
verify_certificate = yes
require_certificate = yes
private_key = /etc/certs/webrtc.killermobile.mobi/key.pem
certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem
ca_list = /etc/certs/demoCA/cert.pem
[client:default]
verify_certificate = no
require_certificate = no
and log is:
Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1283]:
tls_h_read_f(): protocol level error
Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
certificate unknown
Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1287]:
tls_h_read_f(): source IP: 27.65.214.194
Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1290]:
tls_h_read_f(): destination IP: 172.31.44.170
Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: <core>
[core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c:
0x7f9fd21cefc0 r: 0x7f9fd21cf0e8 (-1)
I am sorry to border you and all, but i dont know how to get it works, please suggest.
thank you so much.
On Jul 15, 2021, at 01:10, Fred Posner
<fred(a)palner.com> wrote:
On 7/14/21 2:04 PM, ThanhTruong wrote:
verify_certificate =yes
require_certificate =yes
Change both of those to no in your case.
--
Fred Posner --
www.palner.com
Matrix: @fred:matrix.lod.com
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
*
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users