[reSIProcate] Problem while establishing TLS connection between Resiprocate Client and OpenSER Server..........................

kapatralla ahmed kapatralla80 at gmail.com
Thu May 3 14:15:32 CDT 2007 

Hi folks..

I am using a Resiprocate Client in which TLS is being used as transport...I
am trying to register the same with a OpenSER server.
On the server side,
1. I configured the openser.cfg (tls_verify_client = 0 &
tls_request_certificate = 0) and openserctl.   (  * I am not providing the
whole cfg file as I dont have with me as of now...but its configured
properly  :-)   )
2. I created a RootCA using # openserctl tls rootCA at OpenSER
3. and then use certs using # openserctl tls usercert user at OpenSER

On the Client side,

3. Then I copied the exact OpenSER cacert.pem from server to the client
machine into the path resiprocate/resip/certs which has been given as my
certs path using security object passed to the stack constructor.
                    Security* security = new Security;
                    SipStack stack(security);
4. Now I tried running my client which gave me the following errors:


----------------------------------------------------------------------------------------------------------------------------------------
Its actually entering the VerifyCallback(ilnCode, plnStore) in the
Security.cxx where the passed-in ilnCode = 0 coz the verification failed.

Error when  verifying server's chain of certificates: self signed
certificate in certificate chain, depth=1
/CN=OpenSER/ST=SIP/C=IP/emailAddres
TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
----------------------------------------------------------------------------------------------------------------------------------------

I have few questions here:

1. If just adding the cacert.pem to the client is not enough, thn what else
should I do to add the same to the trusted root CA store of the client in
resiprocate??
 On OpenSER, I can do the same by appending the cacert.pem into the
ca_list.pem

2. How to solve this OpenSER certificate verification problem at resiprocate
Client side.

3. Do I need to do in addition to addin the cacert.pem at the Client.

I used Repro server ..still the same problem persists...

Can someone tell me the seuqential procedures to make resiprocate
Client connect on TLS  with OpenSER server and how to solve the above said
problem..

I will be very much obliged at your kind and earliest response.

Best regards,
Irshad.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20070504/c7faa062/attachment.htm>

More information about the resiprocate-devel mailing list