hi, attached the lines from the cfg file:
r...@xxxx:/usr/local/etc/opensips# cat opensips.cfg | grep tls disable_tls = no listen = tls:X.X.X.X:30100 tls_port_no = 30100 tls_verify_server = 0 tls_verify_client = 0 tls_require_client_certificate = 0 tls_method = TLSv1 tls_certificate = "/usr/local/etc/opensips/tls/user/user-cert.pem" tls_private_key = "/usr/local/etc/opensips/tls/user/user-privkey.pem" tls_ca_list = "/usr/local/etc/opensips/tls/user/user-calist.pem" thanks for the help, nir On Mon, Jan 18, 2010 at 3:41 PM, Bogdan-Andrei Iancu <bog...@voice-system.ro > wrote: > Hi Nir, > > the last command does create (if not present) or adds to (if already > present) the current CA to the CA list file. > > Also, have you properly set the TLS related parameters in the config file? > > Regards, > Bogdan > > nir elkayam wrote: > > hi, > > > > i follow the script on : > > http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html > > > > mainly, generated root certificate with: > > opensipsctl tls rootCA > > and then generate user (i.e. sip server) certificate with: > > opensipsctl tls userCERT user > > > > about the file ca_list, the wiki say: > > > > To add more CAs to your list, just do: > > > > * > > > > cat add_cacert.pem >> calist.pem > > > > but not sure about that, doesn't the last command should have updated > > the ca list? i see that the file isn't empty.. > > > > nir > > > > > > > > On Fri, Jan 15, 2010 at 6:35 PM, Bogdan-Andrei Iancu > > <bog...@voice-system.ro <mailto:bog...@voice-system.ro>> wrote: > > > > Hi Nir, > > > > I see you manage to start opensips with TLS - what was your error? > > > > for _tls_read -> that is very funny: SSL_read return err 5 > > (SSL_ERROR_SYSCALL) which means to look at error stack/return > > value/errno for the real error (the error was geerated somewhere > > deep in > > the SSL underlayers), but the errno is Success and stack is empty > > :P..... Looks like a ghost error... > > > > for tls_accept -> the error is in the stack, and after googling a > > bit -> > > "obviously the CA that signed your clients is not known to the > server. > > Take a look at" > > > > http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6 > > http://www.modssl.org/docs/2.8/ssl_reference.html#ToC14 > > > > > > Regards, > > Bogdan > > > > nir elkayam wrote: > > > hi, > > > > > > i am using opensips/TLS, > > > > > > i get the following error > > > Jan 14 22:53:54 [19740] ERROR:core:_tls_read: SYSCALL error -> (0) > > > <Success> > > > Jan 14 22:53:54 [19740] ERROR:core:_tls_read: something wrong in > > SSL: 5 > > > Jan 14 22:53:54 [19740] ERROR:core:tcp_read_req: failed to read > > > Jan 14 22:54:46 [19740] ERROR:core:tls_accept: some error in SSL > > > (ret=0, err=1, errno=0/Success): > > > Jan 14 22:54:46 [19740] ERROR:core:tls_print_errstack: > > > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > > > > > > any hinst about these? > > > actually the client works but error in encryption process is not > > good, > > > i think > > > > > > thanks > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > Users mailing list > > > Users@lists.opensips.org <mailto:Users@lists.opensips.org> > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > > > > -- > > Bogdan-Andrei Iancu > > www.voice-system.ro <http://www.voice-system.ro> > > > > > > _______________________________________________ > > Users mailing list > > Users@lists.opensips.org <mailto:Users@lists.opensips.org> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > > > > > -- > > ניר אלקיים > > טל: 050-3930056 > > nir.elka...@gmail.com <mailto:nir.elka...@gmail.com> > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > -- > Bogdan-Andrei Iancu > www.voice-system.ro > > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- ניר אלקיים טל: 050-3930056 nir.elka...@gmail.com
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users