Asterisk Forums

[jj_chiou]

Hello guys :

I follow the o'rellybook guide http://www.asteriskdocs.org/en/3rd_Edit ... index.html for tls peering test in chapter 7 .

Why has different error message , and what error it happen ?

Thank you
for the following error message : ( I do tlsdontverifyserver=yes)

server A :
SSL CA file(/var/lib/asterisk/keys/ca.crt)/path() error
SSL certificate ok
[Oct 9 09:23:04] WARNING[29940]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!
[Oct 9 09:23:18] WARNING[29943]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!

ServerB:
SSL certificate ok
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Oct 9 09:25:24] WARNING[27002]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!

[jj_chiou]

More detail information :

TLS certification failure

Sip.conf

server A :

tlsenable=yes ; Enable server for incoming TLS (secure) connections (default is no)
tlsbindaddr=0.0.0.0 ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
; Optionally add a port number, 192.168.1.1:5063 (default is port 5061)
; Remember that the IP address must match the common name (hostname) in the
; certificate, so you don't want to bind a TLS socket to multiple IP addresses.
; For details how to construct a certificate for SIP see

transport=tls ; http://tools.ietf.org/html/draft-ietf-sip-domain-certs
tlscertfile=</var/lib/asterisk/keys/serverB.pem>
tlscafile=</var/lib/asterisk/keys/ca.crt>
tlsdontverifyserver=[yes]





serverB:


tlsenable=yes ; Enable server for incoming TLS (secure) connections (default is no)
tlsbindaddr=0.0.0.0 ; IP address for TLS server to bind to (0.0.0.0) binds to all interfaces)
transport=tls ; Set the default transports. The order determines the primary default transport.
; If tcpenable=no and the transport set is tcp, we will fallback to UDP.


tlscertfile=</var/lib/asterisk/keys/serverB.pem>
tlscafile=</var/lib/asterisk/keys/ca.crt>
tlsdontverifyserver=[yes]


Error message :

ServerA:

SSL CA file(</var/lib/asterisk/keys/ca.crt>)/path() error
SSL certificate ok
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Oct 9 10:49:01] WARNING[30633]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!
[Oct 9 10:49:11] WARNING[30634]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!

serverB:

SSL CA file(</var/lib/asterisk/keys/ca.crt>)/path() error
SSL certificate ok
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Oct 9 10:50:49] WARNING[27668]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!
[Oct 9 10:50:53] WARNING[27669]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!

[jj_chiou]

I change configuration again , and recreate the CA , because I refer the document

https://techlib.barracuda.com/display/b ... +sip+proxy

recreate ca , pem file with ip ( -C 192.168.x.x)

It change the error message , it made me crazy .

SSL certificate ok
[Oct 9 14:54:30] ERROR[30433]: tcptls.c:220 handle_tcptls_connection: Certificate did not verify: certificate signature failure
SSL certificate ok

[jj_chiou]

Hello :

Thanks ! I have solve the problem !

Best Regard

[dbangia]

hi JJ,

I also observing same error in my asterisk.. Can you please share your steps to resolve this problem.

[Oct 27 13:35:02] WARNING[3663]: tcptls.c:272 handle_tcptls_connection: FILE * open failed!

Regards,
Dhiraj Bangia