WebRTC "client did not present a certificate" error

List overview All Threads
Download

newer

older

Route: comma separated HOP list

How to require session timer and...

David Cunningham

22 Mar 2023 22 Mar '23

2:34 a.m.

Hello, We have a Kamailio 5.2.7 server with WebRTC enabled. However, a WebRTC client at https://tryit.jssip.net/ is unable to connect on either Chrome or Firefox. In the Kamailio log we see the lines below. In tls.cfg we have "verify_certificate = no" and "require_certificate = no" for both [server:default] and [client:default]. Would anyone be able to help us with this? Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x14baf1cbb090: (nil) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:424]: tls_accept(): TLS accept successful Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from xx.xx.xx.xx:39816 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:434]: tls_accept(): tls_accept: local socket: yy.yy.yy.yy:8443 Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:445]: tls_accept(): tls_accept: client did not present a certificate Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:1189]: tls_read_f(): Reading on a renegotiation of connection (n:532) (0) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/io_wait.h:602]: io_watch_del(): DBG: io_watch_del (0x562ffde66d00, 17, -1, 0x10) fd_no=4 called Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x14baf4cc1ec8, state -1, fd=17, id=665 ([xx.xx.xx.xx]:39816 -> [xx.xx.xx.xx]:8443) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x14baf289ea30 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: <core> [core/tcp_main.c:3320]: handle_tcp_child(): reader response= 14baf4cc1ec8, -1 from 1 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection 0x14baf289ea30 Thanks very much, -- David Cunningham, Voisonics Limited http://voisonics.com/ USA: +1 213 221 1092 New Zealand: +64 (0)28 2558 3782

Attachments:

attachment.html (text/html — 3.6 KB)

Show replies by date

Alex Balashov

22 Mar 22 Mar

4:27 a.m.

Try set these, too: https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.require_cert… https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.verify_certi… — Alex

...

On Mar 21, 2023, at 7:34 PM, David Cunningham <dcunningham(a)voisonics.com> wrote: Hello, We have a Kamailio 5.2.7 server with WebRTC enabled. However, a WebRTC client at https://tryit.jssip.net/ is unable to connect on either Chrome or Firefox. In the Kamailio log we see the lines below. In tls.cfg we have "verify_certificate = no" and "require_certificate = no" for both [server:default] and [client:default]. Would anyone be able to help us with this? Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x14baf1cbb090: (nil) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:424]: tls_accept(): TLS accept successful Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from xx.xx.xx.xx:39816 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:434]: tls_accept(): tls_accept: local socket: yy.yy.yy.yy:8443 Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:445]: tls_accept(): tls_accept: client did not present a certificate Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:1189]: tls_read_f(): Reading on a renegotiation of connection (n:532) (0) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/io_wait.h:602]: io_watch_del(): DBG: io_watch_del (0x562ffde66d00, 17, -1, 0x10) fd_no=4 called Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x14baf4cc1ec8, state -1, fd=17, id=665 ([xx.xx.xx.xx]:39816 -> [xx.xx.xx.xx]:8443) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x14baf289ea30 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: <core> [core/tcp_main.c:3320]: handle_tcp_child(): reader response= 14baf4cc1ec8, -1 from 1 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection 0x14baf289ea30 Thanks very much, -- David Cunningham, Voisonics Limited http://voisonics.com/ USA: +1 213 221 1092 New Zealand: +64 (0)28 2558 3782 __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com Tel: +1-706-510-6800

Henning Westerholt

10:59 a.m.

Hello Alex, if you set this in a dedicated tls.cfg, its in my experience not necessary to set these parameters additionally in the kamailio.cfg. Cheers, Henning -----Original Message----- From: Alex Balashov <abalashov(a)evaristesys.com> Sent: Mittwoch, 22. März 2023 02:27 To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Subject: [SR-Users] Re: WebRTC "client did not present a certificate" error Try set these, too: https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.require_cert… https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.verify_certi… — Alex

...

-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com Tel: +1-706-510-6800 __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

Alex Balashov

2:32 p.m.

That’s my experience, too, but perhaps there’s something not quite clear about the location of the tls.cfg file, or the applicability of the given profiles, etc.

...

On Mar 22, 2023, at 3:59 AM, Henning Westerholt <hw(a)gilawa.com> wrote: Hello Alex, if you set this in a dedicated tls.cfg, its in my experience not necessary to set these parameters additionally in the kamailio.cfg. Cheers, Henning -----Original Message----- From: Alex Balashov <abalashov(a)evaristesys.com> Sent: Mittwoch, 22. März 2023 02:27 To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Subject: [SR-Users] Re: WebRTC "client did not present a certificate" error Try set these, too: https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.require_cert… https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.verify_certi… — Alex

-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com Tel: +1-706-510-6800

David Cunningham

23 Mar 23 Mar

11:15 a.m.

I grepped the log and we do see "Server MUST present valid certificate" but not "Client MUST present valid certificate". Would anyone have any further pointers? Thank you. On Thu, 23 Mar 2023 at 00:40, Alex Balashov <abalashov(a)evaristesys.com> wrote:

...

That’s my experience, too, but perhaps there’s something not quite clear about the location of the tls.cfg file, or the applicability of the given profiles, etc.

On Mar 22, 2023, at 3:59 AM, Henning Westerholt <hw(a)gilawa.com> wrote: Hello Alex, if you set this in a dedicated tls.cfg, its in my experience not

necessary to set these parameters additionally in the kamailio.cfg.

Cheers, Henning -----Original Message----- From: Alex Balashov <abalashov(a)evaristesys.com> Sent: Mittwoch, 22. März 2023 02:27 To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Subject: [SR-Users] Re: WebRTC "client did not present a certificate"

error

Try set these, too:

https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.require_cert…

https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.verify_certi…

— Alex > On Mar 21, 2023, at 7:34 PM, David Cunningham <

dcunningham(a)voisonics.com> wrote:

> > Hello, > > We have a Kamailio 5.2.7 server with WebRTC enabled. However, a WebRTC

client at https://tryit.jssip.net/ is unable to connect on either Chrome or Firefox. In the Kamailio log we see the lines below. In tls.cfg we have "verify_certificate = no" and "require_certificate = no" for both [server:default] and [client:default]. Would anyone be able to help us with this?

> > Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls > [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for > SSL_CTX-0x14baf1cbb090: (nil) Mar 22 01:25:28 br > /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: > sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br > /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: > sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br > /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: > sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar > 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: > sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br > /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: > sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br > /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: > sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar > 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: > sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br > /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:424]: tls_accept(): > TLS accept successful Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: > tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from > xx.xx.xx.xx:39816 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 Mar 22 > 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:434]: > tls_accept(): tls_accept: local socket: yy.yy.yy.yy:8443 Mar 22 > 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:445]: > tls_accept(): tls_accept: client did not present a certificate Mar 22 > 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:1189]: > tls_read_f(): Reading on a renegotiation of connection (n:532) (0) Mar > 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> > [core/tcp_read.c:1527]: tcp_read_req(): EOF Mar 22 01:25:28 br > /sbin/kamailio[25259]: DEBUG: <core> [core/io_wait.h:602]: > io_watch_del(): DBG: io_watch_del (0x562ffde66d00, 17, -1, 0x10) > fd_no=4 called Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> > [core/tcp_read.c:1680]: release_tcpconn(): releasing con > 0x14baf4cc1ec8, state -1, fd=17, id=665 ([xx.xx.xx.xx]:39816 -> > [xx.xx.xx.xx]:8443) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: > <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data > 0x14baf289ea30 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: <core> > [core/tcp_main.c:3320]: handle_tcp_child(): reader response= > 14baf4cc1ec8, -1 from 1 Mar 22 01:25:28 br /sbin/kamailio[25291]: > DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection > 0x14baf289ea30 > > Thanks very much, > > -- > David Cunningham, Voisonics Limited > http://voisonics.com/ > USA: +1 213 221 1092 > New Zealand: +64 (0)28 2558 3782 > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions To > unsubscribe send an email to sr-users-leave(a)lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only

to the sender!

Edit mailing list options or unsubscribe:

unsubscribe send an email to sr-users-leave(a)lists.kamailio.org

Important: keep the mailing list in the recipients, do not reply only to

the sender!

Edit mailing list options or unsubscribe:

-- David Cunningham, Voisonics Limited http://voisonics.com/ USA: +1 213 221 1092 New Zealand: +64 (0)28 2558 3782

Henning Westerholt

1:38 p.m.

Hello, In this case the server should not reject clients without certificate. So, the error needs to be something else, maybe you can see on the client side something with a network trace. As a side note, you should consider updating to a supported Kamailio version, the 5.2.x is really old. Cheers, Henning From: David Cunningham <dcunningham(a)voisonics.com> Sent: Donnerstag, 23. März 2023 09:15 To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Cc: Henning Westerholt <hw(a)gilawa.com> Subject: Re: [SR-Users] Re: WebRTC "client did not present a certificate" error I grepped the log and we do see "Server MUST present valid certificate" but not "Client MUST present valid certificate". Would anyone have any further pointers? Thank you. On Thu, 23 Mar 2023 at 00:40, Alex Balashov <abalashov@evaristesys.com<mailto:abalashov@evaristesys.com>> wrote: That’s my experience, too, but perhaps there’s something not quite clear about the location of the tls.cfg file, or the applicability of the given profiles, etc.

...

On Mar 22, 2023, at 3:59 AM, Henning Westerholt <hw@gilawa.com<mailto:hw@gilawa.com>> wrote: Hello Alex, if you set this in a dedicated tls.cfg, its in my experience not necessary to set these parameters additionally in the kamailio.cfg. Cheers, Henning -----Original Message----- From: Alex Balashov <abalashov@evaristesys.com<mailto:abalashov@evaristesys.com>> Sent: Mittwoch, 22. März 2023 02:27 To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>> Subject: [SR-Users] Re: WebRTC "client did not present a certificate" error Try set these, too: https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.require_cert… https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.verify_certi… — Alex

On Mar 21, 2023, at 7:34 PM, David Cunningham <dcunningham@voisonics.com<mailto:dcunningham@voisonics.com>> wrote: Hello, We have a Kamailio 5.2.7 server with WebRTC enabled. However, a WebRTC client at https://tryit.jssip.net/ is unable to connect on either Chrome or Firefox. In the Kamailio log we see the lines below. In tls.cfg we have "verify_certificate = no" and "require_certificate = no" for both [server:default] and [client:default]. Would anyone be able to help us with this? Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x14baf1cbb090: (nil) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:424]: tls_accept(): TLS accept successful Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from xx.xx.xx.xx:39816 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:434]: tls_accept(): tls_accept: local socket: yy.yy.yy.yy:8443 Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:445]: tls_accept(): tls_accept: client did not present a certificate Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:1189]: tls_read_f(): Reading on a renegotiation of connection (n:532) (0) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/io_wait.h:602]: io_watch_del(): DBG: io_watch_del (0x562ffde66d00, 17, -1, 0x10) fd_no=4 called Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x14baf4cc1ec8, state -1, fd=17, id=665 ([xx.xx.xx.xx]:39816 -> [xx.xx.xx.xx]:8443) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x14baf289ea30 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: <core> [core/tcp_main.c:3320]: handle_tcp_child(): reader response= 14baf4cc1ec8, -1 from 1 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection 0x14baf289ea30 Thanks very much, -- David Cunningham, Voisonics Limited http://voisonics.com/ USA: +1 213 221 1092 New Zealand: +64 (0)28 2558 3782 __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org<mailto:sr-users-leave@lists.kamailio.org> Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com Tel: +1-706-510-6800 __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org<mailto:sr-users-leave@lists.kamailio.org> Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com Tel: +1-706-510-6800 __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org<mailto:sr-users-leave@lists.kamailio.org> Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: -- David Cunningham, Voisonics Limited http://voisonics.com/ USA: +1 213 221 1092 New Zealand: +64 (0)28 2558 3782

Henning Westerholt

22 Mar 22 Mar

11:22 a.m.

Hello, the log messages below are DEBUG, not ERROR messages. If your server requires certificates, you should see on startup some lines like that: /var/log/kamailio.log.2.gz:Mar 20 10:26:56 kam04 kamailio[22717]: INFO: tls [tls_domain.c:707]: set_verification(): TLSs<default>: Client MUST present valid certificate /var/log/kamailio.log.2.gz:Mar 20 10:26:59 kam04 kamailio[22717]: INFO: tls [tls_domain.c:707]: set_verification(): TLSc<default>: Server MUST present valid certificate If you are not seeing this log messages, your server has probably another cfg issue. Cheers, Henning From: David Cunningham <dcunningham(a)voisonics.com> Sent: Mittwoch, 22. März 2023 00:34 To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Subject: [SR-Users] WebRTC "client did not present a certificate" error Hello, We have a Kamailio 5.2.7 server with WebRTC enabled. However, a WebRTC client at https://tryit.jssip.net/ is unable to connect on either Chrome or Firefox. In the Kamailio log we see the lines below. In tls.cfg we have "verify_certificate = no" and "require_certificate = no" for both [server:default] and [client:default]. Would anyone be able to help us with this? Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for SSL_CTX-0x14baf1cbb090: (nil) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]: sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]: sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]: sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:424]: tls_accept(): TLS accept successful Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from xx.xx.xx.xx:39816 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:434]: tls_accept(): tls_accept: local socket: yy.yy.yy.yy:8443 Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:445]: tls_accept(): tls_accept: client did not present a certificate Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:1189]: tls_read_f(): Reading on a renegotiation of connection (n:532) (0) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/io_wait.h:602]: io_watch_del(): DBG: io_watch_del (0x562ffde66d00, 17, -1, 0x10) fd_no=4 called Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x14baf4cc1ec8, state -1, fd=17, id=665 ([xx.xx.xx.xx]:39816 -> [xx.xx.xx.xx]:8443) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x14baf289ea30 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: <core> [core/tcp_main.c:3320]: handle_tcp_child(): reader response= 14baf4cc1ec8, -1 from 1 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection 0x14baf289ea30 Thanks very much, -- David Cunningham, Voisonics Limited http://voisonics.com/ USA: +1 213 221 1092 New Zealand: +64 (0)28 2558 3782

Daniel-Constantin Mierla

23 Mar 23 Mar

1:39 p.m.

Hello, On 22.03.23 00:34, David Cunningham wrote:

...

"client did not present a certificate" is a debug message, not an error. From the logs, you have to enable connection renegotiation for tls module if you haven't done it, there is a modparm for it. Cheers, Daniel -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - June 5-7, 2023 - www.kamailioworld.com Kamailio Advanced Training - Online - March 27-30, 2023 - www.asipto.com

596

days inactive

598

days old

sr-users@lists.kamailio.org

Manage subscription

7 comments

4 participants

tags (0)

participants (4)

Alex Balashov
Daniel-Constantin Mierla
David Cunningham
Henning Westerholt