We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I have received an error that the certificate could not be found
Oct 18 13:04:35 Debian9-104 /usr/local/sbin/kamailio[5675]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
Oct 18 13:04:35 Debian9-104 /usr/local/sbin/kamailio[5675]: ERROR: [core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f54c3613588 r: 0x7f54c3613608 (-1)
kamailio -v
version: kamailio 5.2.5 (x86_64/linux) e10d4f flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: e10d4f compiled on 11:51:09 Oct 18 2019 with gcc 6.3.0
[server:default] method = SSLv23 verify_certificate = no require_certificate = no private_key = my.key certificate = my.crt
[client:default] verify_certificate = yes require_certiificate = yes
Operating System:
Distributor ID: Debian Description: Debian GNU/Linux 9.9 (stretch) Release: 9.9 Codename: stretch
Linux Debian9-104 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u5 (2019-08-11) x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered:
Try to set debug=3 in kamailio.cfg and see if you get further details via the DEBUG messages.
I blind shoot, maybe the libssl you have is no longer supporting sslv23, try to set method to TLSv1+.
The other suggestion, be sure that the files with the certificates are having the proper access rights and format.
Sorry, something went wrong.
@miconda thanks for suggestion. I will be testing this.
@thadeu - do you got some results from the tests?
Closing this one, does not seem related to the c code -- anyhow, if new debugging data becomes available, add it and reopen.
No branches or pull requests
Description
I have received an error that the certificate could not be found
Log Messages
Oct 18 13:04:35 Debian9-104 /usr/local/sbin/kamailio[5675]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
Oct 18 13:04:35 Debian9-104 /usr/local/sbin/kamailio[5675]: ERROR: [core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f54c3613588 r: 0x7f54c3613608 (-1)
Additional Information
kamailio -v
version: kamailio 5.2.5 (x86_64/linux) e10d4f
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: e10d4f
compiled on 11:51:09 Oct 18 2019 with gcc 6.3.0
[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = my.key
certificate = my.crt
[client:default]
verify_certificate = yes
require_certiificate = yes
Operating System:
Distributor ID: Debian
Description: Debian GNU/Linux 9.9 (stretch)
Release: 9.9
Codename: stretch
Linux Debian9-104 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u5 (2019-08-11) x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: