<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello,</p>
<br>
<div class="moz-cite-prefix">On 26/05/16 18:36, Arsen wrote:<br>
</div>
<blockquote
cite="mid:CABoraY7J=Bwz85LxbdDqVbHJjuvOCsx4jcGFBCpxqAad2iSuAg@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Daniel,
<div><br>
</div>
<div>
<div>nope debug=3 doens't give more info. <br>
</div>
</div>
</div>
</blockquote>
does this mean that you don't see other log messages from tls or
that those messages don't give any useful detail?<br>
<br>
<blockquote
cite="mid:CABoraY7J=Bwz85LxbdDqVbHJjuvOCsx4jcGFBCpxqAad2iSuAg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>I have the same certificate on the web server and on the
kamailio (same crt/key on both)</div>
</div>
</div>
</blockquote>
<br>
Here is not about server having a certificate, but the client being
requested to present its own certificate, have I understood right?<br>
<br>
What's your tls config option for kamailio regarding the
require_certificate attribute?<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<blockquote
cite="mid:CABoraY7J=Bwz85LxbdDqVbHJjuvOCsx4jcGFBCpxqAad2iSuAg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Thanks in advance</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, May 26, 2016 at 5:58 PM,
Daniel-Constantin Mierla <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:miconda@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:miconda@gmail.com">miconda@gmail.com</a></a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hello,</p>
<p>if you run with debug=3, do you get more hints from the
debug messages?</p>
<p>I guess you require client certificate in your config.</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div>
<div class="h5"> <br>
<div>On 26/05/16 15:06, Arsen wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">Hi guys!
<div><br>
</div>
<div>I am trying to configure kamailio with WSS.</div>
<div>We have trusted certificate installed SIP
over TCP/TLS works fine.</div>
<div><br>
</div>
<div>But when I try WSS I got error:</div>
<div><br>
</div>
<div>Â ERROR: tls [tls_util.h:42]: tls_err_ret():
TLS read:error:14094419:SSL
routines:SSL3_READ_BYTES:tlsv1 alert access
denied</div>
<div><br>
</div>
<div>ERROR: <core> [tcp_read.c:1303]:
tcp_read_req(): ERROR: tcp_read_req: error
reading</div>
<div><br>
</div>
<div>Before above error it was 'bad certificate',
so I have imported CA in the firefox and now I
get these errors.. </div>
<div><br>
</div>
<div>I have tried sipml5 and <a
moz-do-not-send="true"
href="http://tryit.jssip.net" target="_blank">tryit.jssip.net</a>
same issue with both clients, also it seems I
have these errors only when I use firefox, when
I use chrome it even doesn't show me an error..</div>
<div><br>
</div>
<div>Any ideas? </div>
<div><br>
</div>
<div>Thanks!<br clear="all">
<div><br>
</div>
-- <br>
<div>Regards,<br>
Arsen.<br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a moz-do-not-send="true" href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a>
<a moz-do-not-send="true" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><span class="HOEnZb"><font color="#888888">
</font></span></pre>
<span class="HOEnZb"><font color="#888888"> </font></span></blockquote>
<span class="HOEnZb"><font color="#888888"> <br>
<pre cols="72">--
Daniel-Constantin Mierla
<a moz-do-not-send="true" href="http://www.asipto.com" target="_blank">http://www.asipto.com</a> - <a moz-do-not-send="true" href="http://www.kamailio.org" target="_blank">http://www.kamailio.org</a>
<a moz-do-not-send="true" href="http://twitter.com/#%21/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a moz-do-not-send="true" href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/miconda</a></pre>
</font></span></div>
<br>
_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users
mailing list<br>
<a moz-do-not-send="true"
href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
<a moz-do-not-send="true"
href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">Regards,<br>
Arsen.<br>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a> - <a class="moz-txt-link-freetext" href="http://www.kamailio.org">http://www.kamailio.org</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a></pre>
</body>
</html>