Re: [reSIProcate] WSS with AfterSocketCreationFunction causes core
On 25/06/13 20:07, Nathan Stratton wrote:
> On Mon, Jun 24, 2013 at 3:31 PM, Daniel Pocock <daniel@xxxxxxxxxxxxx> wrote:
>
>>
>>
>> Just some further things:
>>
>> - I understand you have been trying WebSockets for some time, is this
>> the first time you tried WSS though? Or was WSS working successfully
>> before and now it is a regression?
>>
>
> First time with WSS.
>
>
>> - please also try testing with OpenSSL "s_client" or GnuTLS gnutls-cli -
>> for either of these tools, make sure you enable CRLF line endings,
>> enable TLSv1 and tell the tool about your root CA
>
>
>>
>> e.g.
>>
>> openssl s_client \
>> -connect test-ws.sip5060.net:443 \
>> -tls1 -crlf -debug -CAfile my-root-cert.pem
>>
>> Once it connects, you should be able to paste a WebSocket message into
>> the console and get back some response.
>>
>
> depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.
> exarionetworks.com
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.
> exarionetworks.com
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.
> exarionetworks.com
> verify error:num=21:unable to verify the first certificate
> verify return:1
>
> Thanks, that helps a lot, now I just need to figure out why it does not
> like my certs. I see reSIProcate looking at my cert and key, but not root
> csr.
Is there an intermediate cert from the CA? You may need to include it
in the domain_cert_exarionetworks.com.pem file
>
> Also note, key, cert, csr all work with apache.
>
> If you have to try a new version of OpenSSL on RHEL/EPEL, you may not be
>> able to use the binary RPM from Fedora, I think you will need to
>> download the source package, tweak the spec file slightly and the
>> rpmbuild it.
>
>
> Yes, understood, we built our own recent RPMs.
>