Re: [Turnserver-devel] SSL client authentication issue

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I tried the test_turn_client and it works.

I used what I self-made for my apache server :
 -k Private Key
 -s Client Certificate
 -a CA Certificate (me)

The difference with my Windows C# client is that I do not have any CA
Certificate to send in the SSL request because it's a self-signed one.

And if I try to bypass -a parameter test_turn_client is not happy

2012/7/19 Sebastien Vincent <se...@ji...>

> Hi,
>
> Do you have tried the sample test_turn_client ? Does it works or not  ?
>
>
> Le mercredi 18 juillet 2012, Sébastien GISSINGER <sgi...@gm...> a
> écrit
>
> > I use a C# SSL client code to make TLS over TCP STUNS requests. This
> code works well with ejabberd SSL STUN implementation
> >
> >
> > I noted that you were waiting a certificate from the TURN client. So I
> send one using the following method
> http://msdn.microsoft.com/en-us/library/ms145061(v=vs.80).aspx
> > It gives the following piece of code, where turnServer is the IP of the
> host, clientCertificates is a collection of certificates which contains
> only one certificate and the boolean has no impact here :
> >
> >
> sslStream.AuthenticateAsClient(turnServer, clientCertificates, SslProtocols.Tls, true);
> >
> > But when this method tries to authenticate on the client side, I get
> this error
> > The certificate chain was issued by an authority that is not trusted.
> > Which should be handled by a callback method returning always true for
> debugging purpose to make my code trusts any certificate valid or not.
> > But this callback is never fired with turnserver whereas it's fired when
> I make the same request on ejabberd SSL STUN.
> > http://msdn.microsoft.com/en-us/library/ms145054(v=vs.80).aspx
> >
> >
> > And I also got the following errors on server side
> > [turnserver.c:4661]     Received TLS on listening address
> > [turnserver.c:4588]     Received data from TLS client
> > SSL_ERROR_WANT_READ
> > [turnserver.c:4624]     Error: Succès
> > [turnserver.c:4588]     Received data from TLS client
> > SSL_ERROR_SSL: no certificate returned
> > [turnserver.c:4624]     Error: Succès
> > [turnserver.c:4588]     Received data from TLS client
> > [turnserver.c:4641]     Error: Succès
> >
> > I'm not a POSIX C guru so I don't understand what's happening. I made a
> little trip to http://www.openssl.org/docs/ssl/SSL_get_error.html but
> without any success.
> > Help will be really appreciated.
> > Thanks
>