Re: [Linphone-users] Linphone rejects valid certificate

linphone-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-users] Linphone rejects valid certificate

From:	Robert Dyck
Subject:	Re: [Linphone-users] Linphone rejects valid certificate
Date:	Sat, 14 Nov 2020 08:16:58 -0800

After reading up about appimage I came to the conclusion that TLS with Let's 
Encrypt was not going to work. Appimages don't use system libraries and other 
system resources such as the CA bundle. It would seem that the intermediate 
certificate for Lets's Encrypt is missing from the bundle.

On Monday, November 9, 2020 1:45:01 P.M. PST Robert Dyck wrote:
> In Linphone is the location of the CA bundle configurable? What is the
> default location?
> For completeness I am using Fedora, which is probably the same as Centos or
> RHEL.
> Also using a different softphone with TLS on the same computer is OK.
> 
> On Sunday, November 8, 2020 4:44:55 P.M. PST Chris Woods wrote:
> > On Sun, 8 Nov 2020, 23:38 Robert Dyck, <rob.dyck@telus.net> wrote:
> > > Version Core 4.4.0-13-gc99cb9c88 Appimage
> > > 
> > >  The server/proxy is opensips. The certificate that is installed in
> > > 
> > > opensips
> > > works for other user agents. Linphone rejects the certificate. The
> > > certificate
> > > was generated by Lets Encrypt.
> > > 
> > > 2020-11-08 15:23:44:071 [AppRun.wrapped/belle-sip] MESSAGE Channel
> > > [0x4c70290]: SSL handshake in progress...
> > > 2020-11-08 15:23:44:091 [AppRun.wrapped/belle-sip] MESSAGE Found
> > > certificate
> > > depth=[0], flags=[not-trusted ]:
> > > cert. version     : 3
> > > serial number     :
> > > 03:3D:58:6A:10:1B:E4:D8:68:7C:2F:14:41:57:D4:C9:D0:8B
> > > issuer name       : C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
> > > subject name      : CN=bogus.com
> > > issued  on        : 2020-09-25 15:29:57
> > > expires on        : 2020-12-24 15:29:57
> > > signed using      : RSA with SHA-256
> > > RSA key size      : 2048 bits
> > > basic constraints : CA=false
> > > subject alt name  : bogus.com
> > > key usage         : Digital Signature, Key Encipherment
> > > ext key usage     : TLS Web Server Authentication, TLS Web Client
> > > Authentication
> > > 
> > > 2020-11-08 15:23:44:091 [AppRun.wrapped/belle-sip] ERROR Channel
> > > [0x4c70290]:
> > > SSL handshake failed : X509 - Certificate verification failed, e.g. CRL,
> > > CA or
> > > signature check failed
> > 
> > That sounds symptomatic of Linphone either using its own CA bundle, which
> > may be out of date and doesn't include the Let's Encrypt Root CA certs, or
> > the app is not able to query the system CA root bundle to validate your
> > end
> > entity cert.
> 
> _______________________________________________
> Linphone-users mailing list
> Linphone-users@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/linphone-users

[Prev in Thread]

Current Thread

[Next in Thread]

[Linphone-users] Linphone rejects valid certificate, Robert Dyck, 2020/11/08
- Re: [Linphone-users] Linphone rejects valid certificate, Chris Woods, 2020/11/08
  - Re: [Linphone-users] Linphone rejects valid certificate, Robert Dyck, 2020/11/09
    - Re: [Linphone-users] Linphone rejects valid certificate, Robert Dyck <=

Prev by Date: Re: [Linphone-users] Linphone 4.2.2
Next by Date: [Linphone-users] new on the list / traffic in here?
Previous by thread: Re: [Linphone-users] Linphone rejects valid certificate
Next by thread: [Linphone-users] Linux Linphone Appimage click to call
Index(es):
- Date
- Thread