[Turnserver-devel] SSL client authentication issue

[Sebastien V. <se...@ji...>]

Hi,

Do you have tried the sample test_turn_client ? Does it works or not  ?


Le mercredi 18 juillet 2012, Sébastien GISSINGER <sgi...@gm...> a
écrit
> I use a C# SSL client code to make TLS over TCP STUNS requests. This code
works well with ejabberd SSL STUN implementation
>
>
> I noted that you were waiting a certificate from the TURN client. So I
send one using the following method
http://msdn.microsoft.com/en-us/library/ms145061(v=vs.80).aspx
> It gives the following piece of code, where turnServer is the IP of the
host, clientCertificates is a collection of certificates which contains
only one certificate and the boolean has no impact here :
>
>
sslStream.AuthenticateAsClient(turnServer, clientCertificates,
SslProtocols.Tls, true);
>
> But when this method tries to authenticate on the client side, I get this
error
> The certificate chain was issued by an authority that is not trusted.
> Which should be handled by a callback method returning always true for
debugging purpose to make my code trusts any certificate valid or not.
> But this callback is never fired with turnserver whereas it's fired when
I make the same request on ejabberd SSL STUN.
> http://msdn.microsoft.com/en-us/library/ms145054(v=vs.80).aspx
>
>
> And I also got the following errors on server side
> [turnserver.c:4661]     Received TLS on listening address
> [turnserver.c:4588]     Received data from TLS client
> SSL_ERROR_WANT_READ
> [turnserver.c:4624]     Error: Succès
> [turnserver.c:4588]     Received data from TLS client
> SSL_ERROR_SSL: no certificate returned
> [turnserver.c:4624]     Error: Succès
> [turnserver.c:4588]     Received data from TLS client
> [turnserver.c:4641]     Error: Succès
>
> I'm not a POSIX C guru so I don't understand what's happening. I made a
little trip to http://www.openssl.org/docs/ssl/SSL_get_error.html but
without any success.
> Help will be really appreciated.
> Thanks