[reSIProcate] Resiprocate Client with OpenSER server.....tryingto establish TLS connection :- Error when verifying server'schain of certificates: unable to get local issuer certificate
Kundan Kumar
kundancs at gmail.com
Thu May 3 08:02:02 CDT 2007
Thanks for reply...
This time I did not get error " self signed certificate in certificate chain
"
But still getting error as
====================================================
TLS connection failed ok=-1 err=5 error:00000005:lib(0):func(0):DH
(SSL Error want syscall)
Error may be because trying ssl connection to tls server20070503
Couldn't TLS connect trying ssl connection to tls server20070503
====================================================
Under TlsConnection.cxx in resiprocate/stack/, ssl_connect( ) is failing and
returns -1. The error description is as above. But we are puzzled why the
client is trying SSL connection as we have given sslType as TLSV1.
Plz help us folks......
Best Regards,
Kundan.
On 5/3/07, Scott Godin <slgodin at icescape.com> wrote:
>
> Assuming from the CN=OpenSER that this is a certificate presented from
> OpenSER….
>
>
>
> You must have the *RootCA certificate of the CA that created the OpenSER
> certificate* present in the correct directory for resip. Resip is failing
> to verify the certificate presented by OpenSER.
>
>
>
> *From:* Kundan Kumar [mailto:kundancs at gmail.com]
> *Sent:* Thursday, May 03, 2007 6:33 AM
> *To:* Scott Godin
> *Cc:* Ryan Kereliuk; resiprocate-devel at list.resiprocate.org
> *Subject:* Re: [reSIProcate] Resiprocate Client with OpenSER
> server.....tryingto establish TLS connection :- Error when verifying
> server'schain of certificates: unable to get local issuer certificate
>
>
>
> Thanks for Information..
> I generated
> CA certificate(cacert.pem) through makeCA which is given in
> resiprocate/resip/certs/
> Private Key(domain_key_DOMAIN-NAME.pem)
> public key as domain_cert_DOMAIN- NAME.pem through makeCert which is given
> in resiprocate/resip/certs/
>
> But still getting same Error as:
> =====================================================================
> Error when verifying server's chain of certificates: self signed
> certificate in certificate chain, depth=1
> /CN=OpenSER/ST=SIP/C=IP/emailAddres
> TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
> =====================================================================
> so please give pointer to solve above problems.
> I will be very much obliged at your kind n response....
> Thanks!!!!!
>
> On 5/2/07, *Scott Godin* < slgodin at icescape.com > wrote:
>
> Also some info here: http://www.resiprocate.org/Certificates
>
>
>
> Scott
>
>
> ------------------------------
>
> *From:* resiprocate-devel-bounces at list.resiprocate.org on behalf of Ryan
> Kereliuk
> *Sent:* Wed 5/2/2007 8:21 AM
> *To:* Kundan Kumar
> *Cc:* resiprocate-devel at list.resiprocate.org
> *Subject:* Re: [reSIProcate] Resiprocate Client with OpenSER
> server.....tryingto establish TLS connection :- Error when verifying
> server'schain of certificates: unable to get local issuer certificate
>
> Have a look at the code in Security.cxx - the expected directories and
> file names are documented in the code there. The exact location depends
> on what platform you're using. Try $HOME/.sipCerts/root_cert_blah.pem.
>
> Thanks,
> -Ryan
>
> On 2007-05-02 at 10h15, Kundan Kumar wrote:
> > hi...
> > yeah.. I am using root certificate in PEM format as cacert.pem at
> > /resiprocate/resip/certs and I gave path in /etc/ssl/openssl.cnf.
> > Actually I have given the path for the certs also @
> > /resiprocate/resip/certs/openssl.cnf. I am confused where exactly is
> this
> > resiprocate looking for the exact path for the root CA certificate for
> > verification of Server certificate. Correct me if I am wrong.
> >
> > The following message is being seen in my logs....
> > =====================================================================
> >
> > Error whennnnnnnn verifying server's chain of certificates: self signed
> > certificate in certificate chain, depth=1
> > /CN=OpenSER/ST=SIP/C=IP/emailAddres
> > ilnCode = 0
> > TLS connection failed ok=-1 err=1
> error:00000001:lib(0):func(0):reason(1)
> > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify
> > failed
> > Error code = 336134278 file=s3_clnt.c
> line=89401:lib(0):func(0):reason(1)
> > Couldn't TLS connect
> >
> > =====================================================================
> >
> > I will be very much obliged at your kind n earliest response....
> >
> >
> > Thanks and regards,
> > Kundan.
> >
> >
> > On 5/1/07, Ryan Kereliuk <ryker at ryker.org> wrote:
> > >
> > >Are you sure you have the root certificate in PEM format in a location
> > >that resiprocate is looking at? If you enable DebugLog logging, do you
> > >see a message like "Trying to load file <your_root_cert_file>"?
> > >
> > >Thanks,
> > >-Ryan
> > >
> > >On 2007-05-01 at 17h43, Kundan Kumar wrote:
> > >>
> > >> While attempting TLS connection through resiprocate with openSER
> > >server
> > >> ...giving following errors:
> > >>
> =======================================================================
> > >> Error when verifying server's chain of certificates: unable to get
> local
> > >> issuer certificate, depth=0 /C=IN/ST=AP/O=OC/OU=OCD/CN=VPN/emailAddre
>
> > >>
> ========================================================================
> > >>
> > >> I generated root certificate using openssl and modified
> openssl.cnfplaced
> > >> at /etc/ssl/openssl.cnf and resiprocate/resip/certs/openssl.cnf .....
> I
> > >have
> > >> added the cacert.pem at the resiprocate client also.
> > >>
> > >> Can anyone help me regarding above problem??
> > >
> >
> >
> >
> > --
> > KUNDAN KUMAR.....
>
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at list.resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
>
>
>
>
> --
> KUNDAN KUMAR.....
>
--
KUNDAN KUMAR.....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20070503/a3b9eb46/attachment.htm>
More information about the resiprocate-devel
mailing list