[reSIProcate] WSS connection from JsSIP to resiprocate

Diego Carvalho Domingos ddomingos at daitangroup.com
Wed Jul 1 09:44:09 CDT 2015 

I’m doing exactly what is explained in that page but I only know the basics of TLS so I might be doing something wrong. What I said about Windows Certificate Manager is for the client side (JsSIP running in a browser in Windows) not for the server side (application running resiprocate in Linux) because, as I understand, the client needs a way to validate the certificate presented by the server, so it needs to have access to the CA certificate that was used to sign the server certificate. This was the one I loaded into Windows Certificate Manager. Am I wrong? And, are there any sample certificates that I can use (for instance, the ones you guys, contributors of resiprocate, use to make tests)? Thanks.

From: Adam Roach [mailto:adam at nostrum.com]
Sent: quarta-feira, 1 de julho de 2015 11:21
To: resiprocate-devel at resiprocate.org
Subject: Re: [reSIProcate] WSS connection from JsSIP to resiprocate

On 7/1/15 08:28, Diego Carvalho Domingos wrote:
Hi all,

I'm trying to establish a WSS connection from a page running JsSIP (0.6.33) to an application running resiprocate (1.9.10). I get the following errors (slightly different results from chrome and firefox)

chrome:
 ...
2015-07-01:09.07.30 (1) reSIP    ERROR   (TlsConnection.cxx:48) Got TLS SSL_read error=5 ret=0
2015-07-01:09.07.30 (1) reSIP    WARNING (TlsConnection.cxx:469) err=5 sometimes indicates that intermediate certificates may be missing from local PEM file

firefox:

...
2015-07-01:09.19.04 (1) reSIP    ERROR   (TlsConnection.cxx:44) error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
...


Does anyone know what the problem is? Also, has someone here tried to make such connection?
If this is a problem with the certificates I'm using, can someone point me sample certificates to use? I used self-signed certificates and loaded the CA certificate into windows certificate manager (I'm not sure if this is the correct way).

Based on the errors above, I'd say that OpenSSL doesn't like your self-signed certs. As far as I know, none of the resip code look at native cert stores like the Windows Certificate Manager. You might want to take a look at <https://www.resiprocate.org/Certificates><https://www.resiprocate.org/Certificates>.

/a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20150701/4a649930/attachment.htm>

More information about the resiprocate-devel mailing list