Re: [OpenSIPS-Users] WSS Client did not present a TLS certificate

Tue, 19 Jan 2016 02:22:14 -0800 

Hi Sebastian,
That message is just an INFO (not an error) - you say TLS handshake fails on opensips side as it expects a certificate from the end point ? 

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 18.01.2016 06:32, Sebastian Sastre wrote:

I’ve been trying to setup WSS using 2.2 latest branch.


When trying to open the web socket i get “ Client did not present a 
TLS certificate” . Im using the included default ssl certs for 
the server to avoid mistakes . What certificate is the user supposed 
to present?



I tried using sip.js and jssip to connect without any luck. i also 
tried disabling cert requirement but didn’t work.


—— Config ——-

listen=wss:123.456.789.987:5060
listen=tls:123.456.789.987:5061
listen=wss:123.456.789.987:443

load module "proto_udp.so"
load module “proto_tls.so”
loadmodule "proto_wss.so"

loadmodule "tls_mgm.so"
modparam("tls_mgm", "certificate", "/etc/opensips/tls/rootCA/cacert.pem")

modparam("tls_mgm", "private_key", 
"/etc/opensips/tls/rootCA/private/cakey.pem")

modparam("tls_mgm", "ca_list", "/etc/opensips/tls/rootCA/cacert.pem")
modparam("tls_mgm", "ca_dir", "/etc/opensips/tls/rootCA/")
modparam("tls_mgm", "require_cert", "0")
modparam(“tls_mgm", "verify_cert", "0")


——- Logs ——-

/sbin/opensips[12468]: INFO:core:probe_max_sock_buff: using snd buffer 
of 416 kb
/sbin/opensips[12468]: INFO:core:init_sock_keepalive: TCP keepalive 
enabled on socket 37
/sbin/opensips[12460]: INFO:proto_wss:ls_accept: New TLS connection 
from xx.xx.xx.xx:50815 accepted
/sbin/opensips[12460]: INFO:proto_wss:tls_accept: Client did not 
present a TLS certificate
/sbin/opensips[12460]: INFO:proto_wss:ls_dump_cert_info: tls_accept: 
local TLS server certificate subject: 
/CN=OpenSIPS/ST=opensips.org/C=IP/emailAddress=t...@opensips.org/O=opensips.org 
<http://opensips.org/C=IP/emailAddress=t...@opensips.org/O=opensips.org>, 
issuer: 
/CN=OpenSIPS/ST=opensips.org/C=IP/emailAddress=t...@opensips.org/O=opensips.org 
<http://opensips.org/C=IP/emailAddress=t...@opensips.org/O=opensips.org>



Thanks !



_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users






















					Reply via email to