reSIProcate

Mailing Lists

Source Code

Google Search:



< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] WSS connection from JsSIP to resiprocate

I’m doing exactly what is explained in that page but I only know the basics of TLS so I might be doing something wrong. What I said about Windows Certificate Manager is for the client side (JsSIP running in a browser in Windows) not for the server side (application running resiprocate in Linux) because, as I understand, the client needs a way to validate the certificate presented by the server, so it needs to have access to the CA certificate that was used to sign the server certificate. This was the one I loaded into Windows Certificate Manager. Am I wrong? And, are there any sample certificates that I can use (for instance, the ones you guys, contributors of resiprocate, use to make tests)? Thanks.

 

From: Adam Roach [mailto:adam@xxxxxxxxxxx]
Sent: quarta-feira, 1 de julho de 2015 11:21
To: resiprocate-devel@xxxxxxxxxxxxxxx
Subject: Re: [reSIProcate] WSS connection from JsSIP to resiprocate

 

On 7/1/15 08:28, Diego Carvalho Domingos wrote:

Hi all,

 

I'm trying to establish a WSS connection from a page running JsSIP (0.6.33) to an application running resiprocate (1.9.10). I get the following errors (slightly different results from chrome and firefox)

 

chrome:

 ...
2015-07-01:09.07.30 (1) reSIP    ERROR   (TlsConnection.cxx:48) Got TLS SSL_read error=5 ret=0

2015-07-01:09.07.30 (1) reSIP    WARNING (TlsConnection.cxx:469) err=5 sometimes indicates that intermediate certificates may be missing from local PEM file

 

firefox:

...
2015-07-01:09.19.04 (1) reSIP    ERROR   (TlsConnection.cxx:44) error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
...

 

Does anyone know what the problem is? Also, has someone here tried to make such connection?

If this is a problem with the certificates I'm using, can someone point me sample certificates to use? I used self-signed certificates and loaded the CA certificate into windows certificate manager (I'm not sure if this is the correct way).


Based on the errors above, I'd say that OpenSSL doesn't like your self-signed certs. As far as I know, none of the resip code look at native cert stores like the Windows Certificate Manager. You might want to take a look at <https://www.resiprocate.org/Certificates>.

/a