[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Linphone-users] using tls with linphone 3.8.4 on arch linux
From: |
François Grisez |
Subject: |
Re: [Linphone-users] using tls with linphone 3.8.4 on arch linux |
Date: |
Wed, 08 Jul 2015 09:24:33 +0200 |
User-agent: |
KMail/4.14.10 (Linux/4.0.7-2-ARCH; KDE/4.14.10; x86_64; ; ) |
Hi,
Le mardi 7 juillet 2015, 12:02:33 Information Technology Works a écrit :
> I created my certs following the freeswitch wiki here:
>
> https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration
>
> copied my ca.crt to /etc/ssl/certs and added to end of
> /usr/share/linphone/rootca.pem for good measure.
>
> with default /home/user/.linphonerc ...
>
> verify_server_certs=1
> verify_server_cn=1
>
> i get:
>
> error: 2015-07-07 11:45:49:092 Channel [0x2ae7d10]: SSL handshake failed
>
> : X509 - Certificate verification failed, e.g. CRL, CA or signature
>
> check failed
On Unix systems Linphone only looks for certificate in /etc/ssl. But, be
careful, the name of certificate files seems to have an importance. You should
get information about that.
> with modified /home/user/.linphonerc ...
>
> verify_server_certs=0
> verify_server_cn=0
>
> i get:
>
> warning: 2015-07-07 11:47:51:534 No client certificate key found in (null)
> message: 2015-07-07 11:47:51:539 Channel [0x218bad0]: SSL handshake in
> progress...
> error: 2015-07-07 11:47:51:592 Channel [0x218bad0]: SSL handshake failed
>
> : SSL - A fatal alert message was received from our peer
>
> error: 2015-07-07 11:47:51:592 Cannot connect to [TLS://REDACTED:5061]
That sounds that your server require a certificate to authenticate clients.
That's why you failed to connect any client with TLS. You should disable the
client certificate authentication in the settings of FreeSwitch.
Regards,
--
François Grisez
Software Engineer
Belledonne Communications
signature.asc
Description: This is a digitally signed message part.