6 Feb
2014
6 Feb
'14
12:26 p.m.
This is my tls.cfg for server
[server:default]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/asterisk/certs/proxy.key
certificate = /etc/asterisk/certs/proxy.crt
As far as I understand (verify_certificate = no), and (require_certificate = no) should
allow a client connecting
without certicates.
Can anyone understand what this debug indicates
What is causes this error
tls_read_f(): TLS read:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
7(14841) DEBUG: tls [tls_server.c:178]: tls_complete_init(): Using TLS domain
TLSs<default>
7(14841) DEBUG: tls [tls_domain.c:609]: sr_ssl_ctx_info_callback(): SSL handshake
started
7(14841) DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
7(14841) DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7eff24e41260 n=940 fd=5
7(14841) DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=
7(14841) DEBUG: <core> [io_wait.h:390]: io_watch_add(): DBG: io_watch_add(0x8df1e0,
5, 2, 0x7eff24e41260), fd_no=1
7(14841) DEBUG: tls [tls_domain.c:621]: sr_ssl_ctx_info_callback(): SSL handshake done
7(14841) DEBUG: tls [tls_domain.c:624]: sr_ssl_ctx_info_callback(): SSL disable
renegotiation
7(14841) DEBUG: tls [tls_server.c:348]: tls_accept(): TLS accept successful
7(14841) DEBUG: tls [tls_server.c:355]: tls_accept(): tls_accept: new connection from
10.1.2.3:35573 using TLSv1/SSLv3 AES256-SHA 256
7(14841) DEBUG: tls [tls_server.c:358]: tls_accept(): tls_accept: local socket:
10.1.2.4:6443
7(14841) DEBUG: tls [tls_server.c:369]: tls_accept(): tls_accept: client did not present
a certificate
7(14841) DEBUG: <core> [tcp_main.c:2556]: tcpconn_do_send(): tcp_send: sending...
7(14841) DEBUG: <core> [tcp_main.c:2590]: tcpconn_do_send(): tcp_send: after real
write: c= 0x7eff24e41260 n=250 fd=5
7(14841) DEBUG: <core> [tcp_main.c:2591]: tcpconn_do_send(): tcp_send: buf=
7(14841) DEBUG: <core> [tcp_read.c:296]: tcp_read_data(): EOF on 0x7eff24e41260, FD
5
7(14841) ERROR: tls [tls_server.c:1186]: tls_read_f(): TLS read:error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
7(14841) ERROR: <core> [tcp_read.c:1281]: tcp_read_req(): ERROR: tcp_read_req:
error reading
7(14841) DEBUG: <core> [io_wait.h:617]: io_watch_del(): DBG: io_watch_del
(0x8df1e0, 5, -1, 0x10) fd_no=2 called
7(14841) DEBUG: <core> [tcp_read.c:1437]: release_tcpconn(): releasing con
0x7eff24e41260, state -2, fd=5, id=2
7(14841) DEBUG: <core> [tcp_read.c:1438]: release_tcpconn(): extra_data
0x7eff24e3c200
10(14844) DEBUG: <core> [tcp_main.c:3385]: handle_tcp_child(): handle_tcp_child:
reader response= 7eff24e41260, -2 from 1
10(14844) DEBUG: tls [tls_server.c:597]: tls_h_close(): Closing SSL connection
0x7eff24e3c200
7 Feb
7 Feb
1:25 a.m.
On Thu, Feb 6, 2014 at 3:26 AM, jaflong jaflong <jaflong(a)yandex.com> wrote:
This is my tls.cfg for server
[server:default]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/asterisk/certs/proxy.key
certificate = /etc/asterisk/certs/proxy.crt
As far as I understand (verify_certificate = no), and (require_certificate
= no) should allow a client connecting
without certicates.
Can anyone understand what this debug indicates
What is causes this error
tls_read_f(): TLS read:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
http://lists.sip-router.org/pipermail/sr-users/2010-September/065259.html
The client is rejecting the certificate. In your client, you need to either
import the CA or
server certificate, or turn of certificate verification. I ran into this
error just yesterday and
can attest to the solution, which in my case was that I used the wrong
certificate in
Kamailio.
Corey
3942
days inactive
3942
days old
1 comments
2 participants
participants (2)
-
Corey Edwards -
jaflong jaflong