< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] Problem while establishing TLS connection betweenResiprocate Client and OpenSER Server..........................


Some notes:

1.        The code snippet you show below does not pass the cert path that you mentioned.

2.        The Root cert must be named correctly – please see the following link for more info: http://www.resiprocate.org/Certificates

 

Scott

 

From: resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxxx [mailto:resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of kapatralla ahmed
Sent: Thursday, May 03, 2007 3:16 PM
To: resiprocate-devel@xxxxxxxxxxxxxxxxxxxx
Subject: [reSIProcate] Problem while establishing TLS connection betweenResiprocate Client and OpenSER Server..........................

 

Hi folks..

 

I am using a Resiprocate Client in which TLS is being used as transport...I am trying to register the same with a OpenSER server.

On the server side,

1. I configured the openser.cfg (tls_verify_client = 0 & tls_request_certificate = 0) and openserctl.   (  * I am not providing the whole cfg file as I dont have with me as of now...but its configured properly  :-)   )

2. I created a RootCA using # openserctl tls rootCA at OpenSER

3. and then use certs using # openserctl tls usercert user at OpenSER

 

On the Client side,

 

3. Then I copied the exact OpenSER cacert.pem from server to the client machine into the path resiprocate/resip/certs which has been given as my certs path using security object passed to the stack constructor.

                    Security* security = new Security;
                    SipStack stack(security);

4. Now I tried running my client which gave me the following errors:

 

----------------------------------------------------------------------------------------------------------------------------------------
Its actually entering the VerifyCallback(ilnCode, plnStore) in the Security.cxx  where the passed-in ilnCode = 0 coz the verification failed.

 

Error when  verifying server's chain of certificates: self signed certificate in certificate chain, depth=1 /CN=OpenSER/ST=SIP/C=IP/emailAddres
TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)

----------------------------------------------------------------------------------------------------------------------------------------

 

I have few questions here:

 

1. If just adding the cacert.pem to the client is not enough, thn what else should I do to add the same to the trusted root CA store of the client in resiprocate??

 On OpenSER, I can do the same by appending the cacert.pem into the ca_list.pem

 

2. How to solve this OpenSER certificate verification problem at resiprocate Client side.

 

3. Do I need to do in addition to addin the cacert.pem at the Client.

 

I used Repro server ..still the same problem persists...

 

Can someone tell me the seuqential procedures to make resiprocate Client connect on TLS  with OpenSER server and how to solve the above said problem..

 

I will be very much obliged at your kind and earliest response.

 

Best regards,

Irshad.