I am having a problem with asterisk 13.10.0 pbx.
It is connecting to a SIP server and it registers okay with TLS but only because the SIP server allows connection without proper certificate checking.
When I look at the TLS setup in wireshark I can see the PBX is being requested for a certificate but it does not provide a certificate.
It has a ssl certificate and CA list installed which I believe should be correct and match the paths etc defined in the sip.conf configuration file.
The CA file has the trust chain of the client certificate.
I do see some errors on the command line ( note that TLS is being setup but without requested client certificate). The errors seem to indicate a problem with the CA file but I cannot figure out what the problem is.
[Mar 26 10:59:39] ERROR: tcptls.c:875 __ssl_setup: TLS/SSL CA file(/etc/asterisk/keys/gateway1.calist.pem)/path() error
== TLS/SSL ECDH initialized (automatic), faster PFS ciphers enabled
== TLS/SSL certificate ok
[Mar 26 10:59:39] ERROR: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Mar 26 10:59:39] WARNING: tcptls.c:684 handle_tcptls_connection: FILE * open failed!
Extract from sip.conf file
tlsenable=yes ; Enable server for incoming TLS (secure) connections (default is no)
defaultexpiry=75 ; Default length of incoming/outgoing registration