Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERROR tls: alert certificate unknown #2104

Closed
thadeu opened this issue Oct 18, 2019 · 4 comments
Closed

ERROR tls: alert certificate unknown #2104

thadeu opened this issue Oct 18, 2019 · 4 comments

Comments

@thadeu
Copy link

thadeu commented Oct 18, 2019
edited

Description

I have received an error that the certificate could not be found

Log Messages

Oct 18 13:04:35 Debian9-104 /usr/local/sbin/kamailio[5675]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown

Oct 18 13:04:35 Debian9-104 /usr/local/sbin/kamailio[5675]: ERROR: [core/tcp_read.c:1505]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f54c3613588 r: 0x7f54c3613608 (-1)

Additional Information

  • Kamailio Version - output of kamailio -v

version: kamailio 5.2.5 (x86_64/linux) e10d4f
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: e10d4f
compiled on 11:51:09 Oct 18 2019 with gcc 6.3.0

  • tls.cfg

[server:default]
method = SSLv23
verify_certificate = no
require_certificate = no
private_key = my.key
certificate = my.crt

[client:default]
verify_certificate = yes
require_certiificate = yes

Operating System:

Distributor ID: Debian
Description: Debian GNU/Linux 9.9 (stretch)
Release: 9.9
Codename: stretch

Linux Debian9-104 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u5 (2019-08-11) x86_64 GNU/Linux
@miconda
Copy link
Member

miconda commented Oct 24, 2019

Try to set debug=3 in kamailio.cfg and see if you get further details via the DEBUG messages.

I blind shoot, maybe the libssl you have is no longer supporting sslv23, try to set method to TLSv1+.

The other suggestion, be sure that the files with the certificates are having the proper access rights and format.

@thadeu
Copy link
Author

thadeu commented Oct 24, 2019

@miconda thanks for suggestion. I will be testing this.

@henningw
Copy link
Contributor

@thadeu - do you got some results from the tests?

@miconda
Copy link
Member

miconda commented Nov 12, 2019

Closing this one, does not seem related to the c code -- anyhow, if new debugging data becomes available, add it and reopen.

@miconda miconda closed this as completed Nov 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@thadeu @miconda @henningw