[Linphone-developers] Re3: Where can I write bug report for Linphone 3.7 Linux and Windows TLS SRTP?

[Vladislav Vetrov]

Mon, 30 Jun 2014 12:03:04 +0200 от BIENKOWSKI Guillaume <address@hidden>:

Here is the best place to send a bug report, all the Linphone developers have a look here once in a while.

OK. 

One side - Server Asterisk 11.10.2 

section sip.conf

transport=udp,tcp

tlsenable=yes
tlscertfile=ast.pem
tlscafile=ca.crt
tlscipher=ALL
tlsdontverifyserver=no
tlsclientmethod=tlsv1 

section users.conf 

[777]
transport=tls
encryption=yes
videosupport=yes
fullname=testuser
secret=secretwords
vmsecret=8348
context=out
host=dynamic
nat=force_rport,comedia
qualify=yes
canreinvite=no
sipreinvite=no
permit=94.85.76.04/32
disallow=all
allow=speex16,speex8,alaw,ulaw,gsm

==========

Another client side - Linphone 3.7 for Windows, Linux
Transport - SIP TLS with SRTP encryption (mandatory), behind NAT

====================

About my certifiecates

Selfsigned. How it makes:

# openssl genrsa -des3 -out ca.key 4096
# openssl req -new -x509 -days 365 -key ca.key -out ca.crt

For sever asterisk 

# openssl genrsa -out key-server.pem 1024
# openssl req -new -key key-server.pem -out req-server.csr
# openssl x509 -req -days 365 -in req-server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out cert-server.crt
# cp key-server.pem ast.pem
# cat cert-server.crt >> ast.pem

For client Linphone

# openssl genrsa -out key-client.pem 1024
# openssl req -new -key key-client.pem -out req-client.csr
# openssl x509 -req -days 365 -in req-client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out cert-client.crt

# cp key-client.pem alex_k.pem
# cat cert-client.crt >> alex_k.pem
# cp alex_k.pem rootca.pem
# cat ca.key  >> rootca.pem

and then I make 

For Linux 
# cp rootca.pem /etc/ssl/cert/

For Windows
# copy rootca.pem "Program Files/Linphone/share/linphone/" (if I don't mistake about path)

=========

Start Linphone and get this output for both Linux and Windows:

Error - Channel [04E6A3D8]: SSL handshake failed : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed

Important note: Linphone 3.6.1 is OK with absolute equal client and server parameters.

==============================

 

> Cheers,

> Guillaume BIENKOWSKI

> http://www.belledonne-communications.com/

> sip:address@hidden

On Mon, Jun 30, 2014 at 11:06 AM, Vladislav Vetrov <address@hidden> wrote:

Where can I write bug report for Linphone 3.7 Linux and Windows? There is a bug with TLS + SRTP for both version - Linux and Windows. Linphone 3.6.1 works fine with the equal parameters.

Error - Channel [04E6A3D8]: SSL handshake failed : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed

_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers