Re: [SR-Users] please help to configure tls in kamailio for webrtc client like simpl5

Hello Fred and all,

I tried some changes, and result bellow.

with :

[server:default] method = SSLv23 verify_certificate = no require_certificate = no private_key = /etc/certs/webrtc.killermobile.mobi/key.pem certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem ca_list = /etc/certs/demoCA/cert.pem

[client:default] verify_certificate = yes require_certificate = yes ~

error log:

Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:02:57 ip-172-31-44-170 sbin/kamailio[17590]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170

With settings:

[server:default] method = SSLv23 verify_certificate = no require_certificate = no private_key = /etc/certs/webrtc.killermobile.mobi/key.pem certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem ca_list = /etc/certs/demoCA/cert.pem

[client:default] verify_certificate = no require_certificate = no ~

and error log:

Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170 Jul 15 03:05:28 ip-172-31-44-170 sbin/kamailio[17648]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7fd64ee4bfc0 r: 0x7fd64ee4c0e8 (-1)

and tried:

[server:default] method = SSLv23 verify_certificate = yes require_certificate = yes private_key = /etc/certs/webrtc.killermobile.mobi/key.pem certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem ca_list = /etc/certs/demoCA/cert.pem

[client:default] verify_certificate = no require_certificate = no

and error log:

Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170 Jul 15 03:06:37 ip-172-31-44-170 sbin/kamailio[17703]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f222a018fc0 r: 0x7f222a0190e8 (-1)

Then, i try with TLSv1+

[server:default] method = TLSv1+ verify_certificate = yes require_certificate = yes private_key = /etc/certs/webrtc.killermobile.mobi/key.pem certificate = /etc/certs/webrtc.killermobile.mobi/cert.pem ca_list = /etc/certs/demoCA/cert.pem

[client:default] verify_certificate = no require_certificate = no

and log is:

Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 27.65.214.194 Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 172.31.44.170 Jul 15 03:08:33 ip-172-31-44-170 sbin/kamailio[17826]: ERROR: <core> [core/tcp_read.c:1493]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f9fd21cefc0 r: 0x7f9fd21cf0e8 (-1)

I am sorry to border you and all, but i dont know how to get it works, please suggest.

thank you so much.

On Jul 15, 2021, at 01:10, Fred Posner fred@palner.com wrote:

On 7/14/21 2:04 PM, ThanhTruong wrote:

...

verify_certificate =yes require_certificate =yes

Change both of those to no in your case.

-- Fred Posner -- www.palner.com Matrix: @fred:matrix.lod.com

---

Kamailio - Users Mailing List - Non Commercial Discussions

• sr-users@lists.kamailio.org

Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

• https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users