[reSIProcate] Problem while establishing TLS connection betweenResiprocate Client and OpenSER Server..........................

[Scott Godin]

Some notes:

1.        The code snippet you show below does not pass the cert path
that you mentioned.

2.        The Root cert must be named correctly - please see the
following link for more info: http://www.resiprocate.org/Certificates

 

Scott

 

From: resiprocate-devel-bounces at list.resiprocate.org
[mailto:resiprocate-devel-bounces at list.resiprocate.org] On Behalf Of
kapatralla ahmed
Sent: Thursday, May 03, 2007 3:16 PM
To: resiprocate-devel at list.resiprocate.org
Subject: [reSIProcate] Problem while establishing TLS connection
betweenResiprocate Client and OpenSER Server..........................

 

Hi folks..

 

I am using a Resiprocate Client in which TLS is being used as
transport...I am trying to register the same with a OpenSER server.

On the server side, 

1. I configured the openser.cfg (tls_verify_client = 0 &
tls_request_certificate = 0) and openserctl.   (  * I am not providing
the whole cfg file as I dont have with me as of now...but its configured
properly  :-)   ) 

2. I created a RootCA using # openserctl tls rootCA at OpenSER

3. and then use certs using # openserctl tls usercert user at OpenSER

 

On the Client side,

 

3. Then I copied the exact OpenSER cacert.pem from server to the client
machine into the path resiprocate/resip/certs which has been given as my
certs path using security object passed to the stack constructor.

                    Security* security = new Security;
                    SipStack stack(security);

4. Now I tried running my client which gave me the following errors:

 

------------------------------------------------------------------------
----------------------------------------------------------------
Its actually entering the VerifyCallback(ilnCode, plnStore) in the
Security.cxx  where the passed-in ilnCode = 0 coz the verification
failed.

 

Error when  verifying server's chain of certificates: self signed
certificate in certificate chain, depth=1
/CN=OpenSER/ST=SIP/C=IP/emailAddres 
TLS connection failed ok=-1 err=1
error:00000001:lib(0):func(0):reason(1) 

------------------------------------------------------------------------
----------------------------------------------------------------

 

I have few questions here:

 

1. If just adding the cacert.pem to the client is not enough, thn what
else should I do to add the same to the trusted root CA store of the
client in resiprocate??

 On OpenSER, I can do the same by appending the cacert.pem into the
ca_list.pem

 

2. How to solve this OpenSER certificate verification problem at
resiprocate Client side.

 

3. Do I need to do in addition to addin the cacert.pem at the Client.

 

I used Repro server ..still the same problem persists...

 

Can someone tell me the seuqential procedures to make resiprocate Client
connect on TLS  with OpenSER server and how to solve the above said
problem..

 

I will be very much obliged at your kind and earliest response.

 

Best regards,

Irshad.
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20070503/adfd125a/attachment.htm>