Hi.
I got the same problem in softphone ZOIPER. I just let my ZOIPER ignore the file received from OpenSIPS and then the problem was solved. Otherwise I should had to install the client party on the phone. It was possible for me because in my project I didn't have to use certificates, just cryptographic messages with TLS. See below the configuration in my OpenSIPS.cfg file (my proxy is version 2.2 from 2015): loadmodule "proto_tls.so" modparam("proto_tls","verify_cert", "0") modparam("proto_tls","require_cert", "0") #0 means *do not* force the client to present a certificate where as 1 means *do* ask the client to present a cert. modparam("proto_tls","tls_method", "TLSv1") #If you want RFC3261 conformance and all your clients support TLSv1 (or you are planning to use encrypted "tunnels" only between differe modparam("proto_tls", "certificate", "/usr/local/etc/opensips/tls/rootCA/certs/cert.pem") modparam("proto_tls", "private_key", "/usr/local/etc/opensips/tls/rootCA/private/key.pem") modparam("proto_tls", "ca_list", "/usr/local/etc/opensips/tls/rootCA/cacert.pem") modparam("proto_tls", "ca_dir", "/usr/local/etc/opensips/tls/rootCA/") # Sets the TLS protocol. The first parameter, if set, represents the id of the domain. TLS method which can be: # # TLSv1_2 - means OpenSIPS will accept only TLSv1.2 connections (rfc3261 conformant). # # TLSv1 - means OpenSIPS will accept only TLSv1 connections (rfc3261 conformant). # # SSLv3 - means OpenSIPS will accept only SSLv3 connections # # SSLv2 - means OpenSIPS will accept only SSLv2 connections (almost all old clients support this). # # SSLv23 - means OpenSIPS will accept any of the above methods, but the initial SSL hello must be v2 (in the initial hello all the supported protocols are advertised enabling swit # #Default value is SSLv23. Tell me if I'm wrongly, please. Best regards. RODRIGO PIMENTA CARVALHO Inatel Competence Center Software Ph: +55 35 3471 9200 RAMAL 979 ________________________________ De: users-boun...@lists.opensips.org <users-boun...@lists.opensips.org> em nome de Ali Pey <ali...@gmail.com> Enviado: sexta-feira, 8 de abril de 2016 10:25 Para: OpenSIPS users mailling list Assunto: Re: [OpenSIPS-Users] TLS - Certificate Validation Failure error on SIP Phones - OpenSIPS version 1.11.5 Hello Hamid, The parameters below don't have any effects. In my scenario, the sip phones are rejecting the tls connection by saying "Certificate Validation Failure". Neither of parameters below had any effects. Anyone else has any idea what I need to look for? Regards, Ali Pey On Fri, Apr 8, 2016 at 4:00 AM, Hamid Hashmi <hamid2kv...@hotmail.com<mailto:hamid2kv...@hotmail.com>> wrote: Please define following values tls_ca_list = "/path/to/file" tls_method = tlsv1 for details please consult http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html<https://contactmonkey.com/api/v1/tracker?cm_session=fe1ad39b-b209-487a-ae7d-5dc3874a3f4b&cm_type=link&cm_link=4c658b68-ff08-42fc-abc9-b28ade77429a&cm_destination=http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html> Regards Hamid R. Hashmi ________________________________ Date: Thu, 7 Apr 2016 13:14:28 -0400 From: ali...@gmail.com<mailto:ali...@gmail.com> To: users@lists.opensips.org<mailto:users@lists.opensips.org> Subject: [OpenSIPS-Users] TLS - Certificate Validation Failure error on SIP Phones - OpenSIPS version 1.11.5 Hello, My opensips server is just a registrar server and I have enabled tls with the following settings: listen=tls:xx.xx.xx.xx:5061 disable_tls=no tls_certificate="/etc/opensips/pbx-bundle.crt" tls_private_key="/etc/opensips/pbx.key" When my sip phones try to open tls connection, they reject the connection saying "Certificate Validation Failure". My certificate is valid and works fine on the https website. What am I missing? What should I look for? Regards, Ali Pey _______________________________________________ Users mailing list Users@lists.opensips.org<mailto:Users@lists.opensips.org> http://lists.opensips.org/cgi-bin/mailman/listinfo/users<https://contactmonkey.com/api/v1/tracker?cm_session=fe1ad39b-b209-487a-ae7d-5dc3874a3f4b&cm_type=link&cm_link=00f9206d-5114-4ccd-8119-2069b0340470&cm_destination=http://lists.opensips.org/cgi-bin/mailman/listinfo/users> _______________________________________________ Users mailing list Users@lists.opensips.org<mailto:Users@lists.opensips.org> http://lists.opensips.org/cgi-bin/mailman/listinfo/users<https://contactmonkey.com/api/v1/tracker?cm_session=fe1ad39b-b209-487a-ae7d-5dc3874a3f4b&cm_type=link&cm_link=1103e740-0d3e-425d-950a-182c7bbe3a6e&cm_destination=http://lists.opensips.org/cgi-bin/mailman/listinfo/users>
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users