Re: [Linphone-users] Linphone-users Digest, Vol 152, Issue 8

[Information Technology Works]

On 07/08/2015 06:46 AM, address@hidden wrote:
> Send Linphone-users mailing list submissions to
>       address@hidden
>
> To subscribe or unsubscribe via the World Wide Web, visit
>       https://lists.nongnu.org/mailman/listinfo/linphone-users
> or, via email, send a message with subject or body 'help' to
>       address@hidden
>
> You can reach the person managing the list at
>       address@hidden
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Linphone-users digest..."
>
>
> Today's Topics:
>
>    1.  using tls with linphone 3.8.4 on arch linux
>       (Information Technology Works)
>    2. Re:  PSTN providers that support encryption (J G Miller)
>    3. Re:  Dial plan with Linphone (J G Miller)
>    4. Re:  PSTN providers that support encryption (Jack Dodds)
>    5. Re:  using tls with linphone 3.8.4 on arch linux (Fran?ois Grisez)
>    6.  unable to load openh264 and msx264 plugins (Mircea Coman)
>    7.  Linphone Web support dead? (Bart Coninckx)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 7 Jul 2015 12:02:33 -0500
> From: Information Technology Works <address@hidden>
> To: address@hidden
> Subject: [Linphone-users] using tls with linphone 3.8.4 on arch linux
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset=utf-8
>
> hi,
>
> i have a freeswitch server (1.4.20-1) out on the web i'm trying to
> register with over tls using linphone desktop client in arch linux. The
> server works fine with csipsimple and ip phone *without* tls. haven't
> gotten tls working with any client yet.
>
>
> I created my certs following the freeswitch wiki here:
>
> https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration
>
> copied my ca.crt to /etc/ssl/certs and added to end of
> /usr/share/linphone/rootca.pem for good measure.
>
> with default /home/user/.linphonerc ...
>
> verify_server_certs=1
> verify_server_cn=1
>
> i get:
>
> error: 2015-07-07 11:45:49:092 Channel [0x2ae7d10]: SSL handshake failed
> : X509 - Certificate verification failed, e.g. CRL, CA or signature
> check failed
>
> with modified /home/user/.linphonerc ...
>
> verify_server_certs=0
> verify_server_cn=0
>
> i get:
>
> warning: 2015-07-07 11:47:51:534 No client certificate key found in (null)
> message: 2015-07-07 11:47:51:539 Channel [0x218bad0]: SSL handshake in
> progress...
> error: 2015-07-07 11:47:51:592 Channel [0x218bad0]: SSL handshake failed
> : SSL - A fatal alert message was received from our peer
> error: 2015-07-07 11:47:51:592 Cannot connect to [TLS://REDACTED:5061]
>
>
> Thanks in advance.
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 7 Jul 2015 21:31:16 +0200
> From: J G Miller <address@hidden>
> To: Linphone Users Mailing List <address@hidden>
> Subject: Re: [Linphone-users] PSTN providers that support encryption
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset=US-ASCII
>
> At 11:46h, on Monday, July 06, 2015,
> in message <address@hidden>,
> on the subject of "Re: [Linphone-users] PSTN providers that support 
> encryption", you wrote -
>
>> This creates an issue since there's little legal protection against wiretaps 
>> for international
>> calls into North America.
> What protection do you have against wiretaps in North America whether they 
> are done legally
> or not?
>
> How do you know that your call originating and terminating in North America 
> is not being
> routed/switched via another country where there is no legal protection 
> against wiretaps?
>
> Do you naively believe that security agencies and goverment employees in any 
> country
> always adhere to legal requirements?
>
> And how would you even know if your telephone call on the PSTN side of the 
> VOIP -> PSTN
> call had been intercepted?
>
> If you want to keep your conversation secret, you should not be using the 
> public telephone
> network no matter in which country you are making the call.
>
> All an encrypted call to a VOIP->PSTN gateway will assure you with is that 
> nobody in
> the Internet chain between you and the VOIP company can listen in, unless of 
> course they
> have already cracked the encryption method.
>
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 7 Jul 2015 21:40:21 +0200
> From: J G Miller <address@hidden>
> To: Linphone Users Mailing List <address@hidden>
> Subject: Re: [Linphone-users] Dial plan with Linphone
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset=US-ASCII
>
> At 08:37h, on Tuesday, July 07, 2015,
> in message <address@hidden>,
> on the subject of "Re: [Linphone-users] Dial plan with Linphone", you wrote -
>
>  > Maybe what I want to do is so much in the minority, that it might be 
>  > easier for me to alter Linphone source for a special version to have the 
>  > "contacts" preset to only the few I want permitted 
>
> Perhaps it would be simpler not to give your account details to other people
> to ensure that your account is not misused?
>
> In fact I would be surprised if when you entered into an agreement with your
> VOIP provider there was not a restriction in the small print requiring you
> not to pass on your account details to other parties.
>
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 07 Jul 2015 21:59:10 -0400
> From: Jack Dodds <address@hidden>
> To: address@hidden
> Subject: Re: [Linphone-users] PSTN providers that support encryption
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset="windows-1252"
>
> Hello J. G. Miller,
>
> Of course all the problems that you identify are real and I am well
> aware of them.  The entire subject is both fascinating and important. 
> It's perhaps a bit off topic in this forum which is specifically about
> Linphone, so let me explain how I see it very concisely.
>
> If interception of telephone calls is technically easy, it does not
> matter how many laws are enacted to prevent it.  Those who don't care
> about the law, or believe that their mission places them above it, will
> do it.
>
> If interception of telephone calls is technically difficult, but
> entirely legal, people who can command substantial resources will try to
> intercept calls and will succeed in some percentage of cases (by
> compromising endpoint security, finding bugs in encryption protocols,
> exploiting mistakes made by their targets ... ).
>
> The more technically difficult it is to intercept telephone calls, then
> the greater the number of people who must put effort into the
> interception, and the greater the probability that one of them will have
> some scruples and stop the process or blow the whistle - IF interception
> is against the law.
>
> So if we want to avoid a dystopian society in which everyone behaves as
> if their telephone calls can be intercepted, we need BOTH strong laws
> AND strong encryption.
>
> Jack
>
>
> On 07/07/15 03:31 PM, J G Miller wrote:
>> At 11:46h, on Monday, July 06, 2015,
>> in message <address@hidden>,
>> on the subject of "Re: [Linphone-users] PSTN providers that support 
>> encryption", you wrote -
>>
>>> This creates an issue since there's little legal protection against 
>>> wiretaps for international
>>> calls into North America.
>> What protection do you have against wiretaps in North America whether they 
>> are done legally
>> or not?
>>
>> How do you know that your call originating and terminating in North America 
>> is not being
>> routed/switched via another country where there is no legal protection 
>> against wiretaps?
>>
>> Do you naively believe that security agencies and goverment employees in any 
>> country
>> always adhere to legal requirements?
>>
>> And how would you even know if your telephone call on the PSTN side of the 
>> VOIP -> PSTN
>> call had been intercepted?
>>
>> If you want to keep your conversation secret, you should not be using the 
>> public telephone
>> network no matter in which country you are making the call.
>>
>> All an encrypted call to a VOIP->PSTN gateway will assure you with is that 
>> nobody in
>> the Internet chain between you and the VOIP company can listen in, unless of 
>> course they
>> have already cracked the encryption method.
>>
>> _______________________________________________
>> Linphone-users mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/linphone-users
>>
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 473 bytes
> Desc: OpenPGP digital signature
> URL: 
> <http://lists.nongnu.org/archive/html/linphone-users/attachments/20150707/b8b9dbb0/attachment.pgp>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 08 Jul 2015 09:24:33 +0200
> From: Fran?ois Grisez <address@hidden>
> To: address@hidden
> Cc: address@hidden
> Subject: Re: [Linphone-users] using tls with linphone 3.8.4 on arch
>       linux
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> Le mardi 7 juillet 2015, 12:02:33 Information Technology Works a ?crit :
>> I created my certs following the freeswitch wiki here:
>>
>> https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration
>>
>> copied my ca.crt to /etc/ssl/certs and added to end of
>> /usr/share/linphone/rootca.pem for good measure.
>>
>> with default /home/user/.linphonerc ...
>>
>> verify_server_certs=1
>> verify_server_cn=1
>>
>> i get:
>>
>> error: 2015-07-07 11:45:49:092 Channel [0x2ae7d10]: SSL handshake failed
>>
>> : X509 - Certificate verification failed, e.g. CRL, CA or signature
>>
>> check failed
> On Unix systems Linphone only looks for certificate in /etc/ssl. But, be 
> careful, the name of certificate files seems to have an importance. You 
> should 
> get information about that.
>
>
>> with modified /home/user/.linphonerc ...
>>
>> verify_server_certs=0
>> verify_server_cn=0
>>
>> i get:
>>
>> warning: 2015-07-07 11:47:51:534 No client certificate key found in (null)
>> message: 2015-07-07 11:47:51:539 Channel [0x218bad0]: SSL handshake in
>> progress...
>> error: 2015-07-07 11:47:51:592 Channel [0x218bad0]: SSL handshake failed
>>
>> : SSL - A fatal alert message was received from our peer
>>
>> error: 2015-07-07 11:47:51:592 Cannot connect to [TLS://REDACTED:5061]
> That sounds that your server require a certificate to authenticate clients. 
> That's why you failed to connect any client with TLS. You should disable the 
> client certificate authentication in the settings of FreeSwitch.
>
> Regards,
Thanks, that was the issue.

-- 
Information Technology Works
https://ITwrx.org

Email disclaimer:
The information contained in this communication is intended for the addressee 
only. Any use by third parties, including disclosure, copying,
or distribution of this information is prohibited. 

Please note that neither Information Technology Works nor the sender
accepts any responsibility for malware and it is your responsibility
to scan or otherwise check this email and any attachments.