Menu
▾
▴
Re: [Turnserver-devel] SSL client authentication issue
|
From: Sébastien G. <sgi...@gm...> - 2012-07-19 16:00:54
|
YEAHAA, I found the answer to my issue with your helpful test_turn_client advice And the answer is that I made the following command line where my.crt and my.key are the certificates I configured in /etc/turnserver.conf openssl pkcs12 -export -out my.pfx -in /home/certs/my.crt -inkey /home/private/my.key It creates a PKCS #12 certificate containing the private key and I can use in my C# client 2012/7/19 Sébastien GISSINGER <sgi...@gm...> > I tried the test_turn_client and it works. > > I used what I self-made for my apache server : > -k Private Key > -s Client Certificate > -a CA Certificate (me) > > > The difference with my Windows C# client is that I do not have any CA > Certificate to send in the SSL request because it's a self-signed one. > > And if I try to bypass -a parameter test_turn_client is not happy > > > > 2012/7/19 Sebastien Vincent <se...@ji...> > >> Hi, >> >> Do you have tried the sample test_turn_client ? Does it works or not ? >> >> >> Le mercredi 18 juillet 2012, Sébastien GISSINGER <sgi...@gm...> >> a écrit >> >> > I use a C# SSL client code to make TLS over TCP STUNS requests. This >> code works well with ejabberd SSL STUN implementation >> > >> > >> > I noted that you were waiting a certificate from the TURN client. So I >> send one using the following method >> http://msdn.microsoft.com/en-us/library/ms145061(v=vs.80).aspx >> > It gives the following piece of code, where turnServer is the IP of the >> host, clientCertificates is a collection of certificates which contains >> only one certificate and the boolean has no impact here : >> > >> > >> sslStream.AuthenticateAsClient(turnServer, clientCertificates, SslProtocols.Tls, true); >> > >> > But when this method tries to authenticate on the client side, I get >> this error >> > The certificate chain was issued by an authority that is not trusted. >> > Which should be handled by a callback method returning always true for >> debugging purpose to make my code trusts any certificate valid or not. >> > But this callback is never fired with turnserver whereas it's fired >> when I make the same request on ejabberd SSL STUN. >> > http://msdn.microsoft.com/en-us/library/ms145054(v=vs.80).aspx >> > >> > >> > And I also got the following errors on server side >> > [turnserver.c:4661] Received TLS on listening address >> > [turnserver.c:4588] Received data from TLS client >> > SSL_ERROR_WANT_READ >> > [turnserver.c:4624] Error: Succès >> > [turnserver.c:4588] Received data from TLS client >> > SSL_ERROR_SSL: no certificate returned >> > [turnserver.c:4624] Error: Succès >> > [turnserver.c:4588] Received data from TLS client >> > [turnserver.c:4641] Error: Succès >> > >> > I'm not a POSIX C guru so I don't understand what's happening. I made a >> little trip to http://www.openssl.org/docs/ssl/SSL_get_error.html but >> without any success. >> > Help will be really appreciated. >> > Thanks >> > > |
