<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Seems like Kamailio is configured to
require a client certificate, but the client doesn't have one.<br>
<br>
klaus<br>
<br>
Am 15.11.2012 15:04, schrieb Denis:<br>
</div>
<blockquote cite="mid:50A4F656.1080102@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Thank you, it worked!<br>
I just added listen=tcp:IP:5060 so it probably needs to initialize
tcp separately from tls )<br>
<br>
Thanks a lot!<br>
<br>
P.S.<br>
now I am having another errors though while connecting to tls port
but I believe it is certificates problems: <br>
$ openssl s_client -connect IP:5061 -tls1 -CAfile
certs/demoCA/cert.pem <br>
...<br>
1727:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure:s3_pkt.c:1102:SSL alert number 40<br>
1727:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:539:<br>
syslog:<br>
/opt/kamailio/sbin/kamailio[1708]: ERROR: tls [tls_server.c:1190]:
TLS accept:error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a
certificate<br>
/opt/kamailio/sbin/kamailio[1708]: ERROR: <core>
[tcp_read.c:1127]: ERROR: tcp_read_req: error reading <br>
<br>
Thanks,<br>
Den<br>
<br>
<div class="moz-cite-prefix">On 15/11/12 13:33, Daniel-Constantin
Mierla wrote:<br>
</div>
<blockquote cite="mid:50A4EF12.2020501@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Copy and paste typo, overlapping port use:<br>
<br>
listen=tcp:127.0.0.1:5060<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 11/15/12 7:54 AM, Denis wrote:<br>
</div>
<blockquote cite="mid:50A4E60C.2070602@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Thanks for looking at that, Daniel.<br>
<br>
If I start all together with tls: and tcp: (both lines order)
then I see this:<br>
<br>
/opt/kamailio/sbin/kamailio[1008]: ERROR: <core>
[tcp_main.c:2918]: ERROR: tcp_init: bind(9, 0x7f3fa8eb7d64,
16) on IP_ADDRESS:5061 : Address already in use<br>
/opt/kamailio/sbin/kamailio[1008]: ERROR: tls
[tls_init.c:314]: Error while initializing TCP part of TLS
socket IP_ADDRESS:5061<br>
<br>
If I start only tcp: I am getting:<br>
/opt/kamailio/sbin/kamailio[1035]: ERROR: tls
[tls_init.c:660]: TLSs<IP_ADDRESS:5061>: No listening
socket found<br>
/opt/kamailio/sbin/kamailio[1035]: ERROR: <core>
[sr_module.c:939]: init_mod(): Error while initializing module
tls (/opt/kamailio/lib64/kamailio/modules/tls.so)<br>
<br>
Thanks,<br>
Den<br>
<br>
<div class="moz-cite-prefix">On 15/11/12 12:48,
Daniel-Constantin Mierla wrote:<br>
</div>
<blockquote cite="mid:50A4E4A6.6070603@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Reviewing the previous email, I probably spotted the issues.
You said you added:<br>
<br>
listen=tls:IP.ADDRESS:5061<br>
<br>
that forces Kamailio to listen only on tls. But tls is on
top of tcp, so add:<br>
<br>
listen=tcp:127.0.0.1:5061<br>
<br>
It was reported couple of days ago, I had no time to look at
it yet, traveling for the moment. Should not crash in any
condition, if tcp is required and no other way for tls only,
the startup process should fail -- I will take care of it
soon.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 11/15/12 7:39 AM, Denis
wrote:<br>
</div>
<blockquote cite="mid:50A4E279.505@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Only during kamailio start:<br>
<br>
...<br>
/opt/kamailio/sbin/kamailio[752]: INFO: rtpproxy
[rtpproxy.c:1413]: rtp proxy <udp:127.0.0.1:7722>
found, support for it enabled<br>
/opt/kamailio/sbin/kamailio[759]: INFO: ctl
[io_listener.c:225]: io_listen_loop: using epoll_lt io
watch method (config)<br>
<br>
as soon as I send a request on port 5061 it crashes..<br>
user@server:~$ telnet HOSTNAME 5061<br>
Trying HOSTNAME...<br>
Connected to HOSTNAME.<br>
Escape character is '^]'.<br>
fsf<br>
Connection closed by foreign host.<br>
<br>
and it crashes.<br>
<br>
<div class="moz-cite-prefix">On 15/11/12 12:22,
Daniel-Constantin Mierla wrote:<br>
</div>
<blockquote cite="mid:50A4DE97.1070004@gmail.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Hello,<br>
<br>
<div class="moz-cite-prefix">On 11/15/12 4:52 AM, Denis
wrote:<br>
</div>
<blockquote cite="mid:50A4BB6D.6060106@gmail.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
[...]<br>
/opt/kamailio/sbin/kamailio[30278]: ALERT:
<core> [main.c:785]: child process 30293 exited
by a signal 11<br>
</blockquote>
Before this line, do you have any other error messages
printed by pid 30278?<br>
<br>
Cheers,<br>
Daniel<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://twitter.com/#%21/miconda">http://twitter.com/#!/miconda</a> - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a></pre>
</blockquote>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://twitter.com/#%21/miconda">http://twitter.com/#!/miconda</a> - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a></pre>
</blockquote>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://twitter.com/#%21/miconda">http://twitter.com/#!/miconda</a> - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
</body>
</html>