[reSIProcate] Problem while establishing TLS connection betweenResiprocate Client and OpenSER Server..........................

kapatralla ahmed kapatralla80 at gmail.com
Thu May 3 14:49:30 CDT 2007 

Yeah ...Forgot to metion that I renamed the rootCA as root_cert_cacert.pem
....I guess this should suffice...Please let me know If I am wrong...

Regarding the path....I set as

                    Security* security = new
Security("/resiprocate/resip/certs");
                    SipStack stack(security);


Thanks,
Irshad.


On 5/4/07, Scott Godin <slgodin at icescape.com> wrote:
>
>  Some notes:
>
> 1.        The code snippet you show below does not pass the cert path that
> you mentioned.
>
> 2.        The Root cert must be named correctly – please see the following
> link for more info: http://www.resiprocate.org/Certificates
>
>
>
> Scott
>
>
>
> *From:* resiprocate-devel-bounces at list.resiprocate.org [mailto:
> resiprocate-devel-bounces at list.resiprocate.org] *On Behalf Of *kapatralla
> ahmed
> *Sent:* Thursday, May 03, 2007 3:16 PM
> *To:* resiprocate-devel at list.resiprocate.org
> *Subject:* [reSIProcate] Problem while establishing TLS connection
> betweenResiprocate Client and OpenSER Server..........................
>
>
>
> Hi folks..
>
>
>
> I am using a Resiprocate Client in which TLS is being used as
> transport...I am trying to register the same with a OpenSER server.
>
> On the server side,
>
> 1. I configured the openser.cfg (tls_verify_client = 0 &
> tls_request_certificate = 0) and openserctl.   (  * I am not providing the
> whole cfg file as I dont have with me as of now...but its configured
> properly  :-)   )
>
> 2. I created a RootCA using # openserctl tls rootCA at OpenSER
>
> 3. and then use certs using # openserctl tls usercert user at OpenSER
>
>
>
> On the Client side,
>
>
>
> 3. Then I copied the exact OpenSER cacert.pem from server to the client
> machine into the path resiprocate/resip/certs which has been given as my
> certs path using security object passed to the stack constructor.
>
>                     Security* security = new Security;
>                     SipStack stack(security);
>
> 4. Now I tried running my client which gave me the following errors:
>
>
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------
> Its actually entering the VerifyCallback(ilnCode, plnStore) in the
> Security.cxx  where the passed-in ilnCode = 0 coz the verification failed.
>
>
>
> Error when  verifying server's chain of certificates: self signed
> certificate in certificate chain, depth=1
> /CN=OpenSER/ST=SIP/C=IP/emailAddres
> TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>
>
> I have few questions here:
>
>
>
> 1. If just adding the cacert.pem to the client is not enough, thn what
> else should I do to add the same to the trusted root CA store of the client
> in resiprocate??
>
>  On OpenSER, I can do the same by appending the cacert.pem into the
> ca_list.pem
>
>
>
> 2. How to solve this OpenSER certificate verification problem at
> resiprocate Client side.
>
>
>
> 3. Do I need to do in addition to addin the cacert.pem at the Client.
>
>
>
> I used Repro server ..still the same problem persists...
>
>
>
> Can someone tell me the seuqential procedures to make resiprocate
> Client connect on TLS  with OpenSER server and how to solve the above said
> problem..
>
>
>
> I will be very much obliged at your kind and earliest response.
>
>
>
> Best regards,
>
> Irshad.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20070504/4ac90d6c/attachment.htm>

More information about the resiprocate-devel mailing list