I grepped the log and we do see "Server MUST present valid certificate" but
not "Client MUST present valid certificate".
Would anyone have any further pointers?
Thank you.
On Thu, 23 Mar 2023 at 00:40, Alex Balashov <abalashov(a)evaristesys.com>
wrote:
That’s my experience, too, but perhaps there’s
something not quite clear
about the location of the tls.cfg file, or the applicability of the given
profiles, etc.
On Mar 22, 2023, at 3:59 AM, Henning Westerholt
<hw(a)gilawa.com> wrote:
Hello Alex,
if you set this in a dedicated tls.cfg, its in my experience not
necessary to set
these parameters additionally in the kamailio.cfg.
Cheers,
Henning
-----Original Message-----
From: Alex Balashov <abalashov(a)evaristesys.com>
Sent: Mittwoch, 22. März 2023 02:27
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: [SR-Users] Re: WebRTC "client did not present a certificate"
error
Try set these, too:
https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.require_cert…
https://kamailio.org/docs/modules/5.6.x/modules/tls.html#tls.p.verify_certi…
— Alex
> On Mar 21, 2023, at 7:34 PM, David Cunningham <
dcunningham(a)voisonics.com> wrote:
>
> Hello,
>
> We have a Kamailio 5.2.7 server with WebRTC enabled. However, a WebRTC
client
at
https://tryit.jssip.net/ is unable to connect on either Chrome
or Firefox. In the Kamailio log we see the lines below. In tls.cfg we have
"verify_certificate = no" and "require_certificate = no" for both
[server:default] and [client:default]. Would anyone be able to help us with
this?
>
> Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls
> [tls_domain.c:1159]: tls_lookup_private_key(): Private key lookup for
> SSL_CTX-0x14baf1cbb090: (nil) Mar 22 01:25:28 br
> /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]:
> sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br
> /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]:
> sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br
> /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]:
> sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar
> 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]:
> sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br
> /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:737]:
> sr_ssl_ctx_info_callback(): SSL handshake started Mar 22 01:25:28 br
> /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:741]:
> sr_ssl_ctx_info_callback(): SSL renegotiation initiated by client Mar
> 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_domain.c:749]:
> sr_ssl_ctx_info_callback(): SSL handshake done Mar 22 01:25:28 br
> /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:424]: tls_accept():
> TLS accept successful Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG:
> tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from
> xx.xx.xx.xx:39816 using TLSv1.3 TLS_AES_256_GCM_SHA384 256 Mar 22
> 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:434]:
> tls_accept(): tls_accept: local socket: yy.yy.yy.yy:8443 Mar 22
> 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:445]:
> tls_accept(): tls_accept: client did not present a certificate Mar 22
> 01:25:28 br /sbin/kamailio[25259]: DEBUG: tls [tls_server.c:1189]:
> tls_read_f(): Reading on a renegotiation of connection (n:532) (0) Mar
> 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core>
> [core/tcp_read.c:1527]: tcp_read_req(): EOF Mar 22 01:25:28 br
> /sbin/kamailio[25259]: DEBUG: <core> [core/io_wait.h:602]:
> io_watch_del(): DBG: io_watch_del (0x562ffde66d00, 17, -1, 0x10)
> fd_no=4 called Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG: <core>
> [core/tcp_read.c:1680]: release_tcpconn(): releasing con
> 0x14baf4cc1ec8, state -1, fd=17, id=665 ([xx.xx.xx.xx]:39816 ->
> [xx.xx.xx.xx]:8443) Mar 22 01:25:28 br /sbin/kamailio[25259]: DEBUG:
> <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data
> 0x14baf289ea30 Mar 22 01:25:28 br /sbin/kamailio[25291]: DEBUG: <core>
> [core/tcp_main.c:3320]: handle_tcp_child(): reader response=
> 14baf4cc1ec8, -1 from 1 Mar 22 01:25:28 br /sbin/kamailio[25291]:
> DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection
> 0x14baf289ea30
>
> Thanks very much,
>
> --
> David Cunningham, Voisonics Limited
>
http://voisonics.com/
> USA: +1 213 221 1092
> New Zealand: +64 (0)28 2558 3782
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions To
> unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only
to the
sender!
Edit
mailing list options or unsubscribe:
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web:
https://evaristesys.com
Tel: +1-706-510-6800
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions To
unsubscribe send an
email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the
recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web:
https://evaristesys.com
Tel: +1-706-510-6800
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe: