linphone-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-users] TLS failed on windows host and self-signed certific

From: Mathys Frédéric
Subject: Re: [Linphone-users] TLS failed on windows host and self-signed certificate
Date: Mon, 4 May 2015 11:09:12 +0000

After some wireshark analysis, I found that :

 

-          Client packet Secure Socket Layer “Client Hello” : Version TLS 1.2

-          Server packet Secure Socket Layer “Server Hello” : Version TLS 1.0

 

Shouldn’t the client adapt its version to the “Server Hello” response? If not, can we force Linphone to use TLS 1.0? The best solution would be to force kamailio server to use TLS 1.2, I’m currently working on that but my question still makes sense as this scenario should happen. The certificate is ok as I could connect with “openssl s_client …” command while forcing TLS 1.0.

 

Regards,

Frederic

 

From: linphone-users-bounces+address@hidden [mailto:linphone-users-bounces+address@hidden On Behalf Of Guillaume Bienkowski
Sent: Thursday 30 April 2015 15:53
To: address@hidden
Subject: Re: [Linphone-users] TLS failed on windows host and self-signed certificate

 

Can you check that openssl can connect using your RootCa.pem file ? I don’t remember the CLI correctly, it should be something along ‘openssl -client something something'

 

Otherwise it should be OK to append your rootCa public key, we do that all the time for people that need their own self-signed certificates.

 

Guillaume Bienkowski

 

 

 

Le 30 avr. 2015 à 15:11, Mathys Frédéric <address@hidden> a écrit :

 

Hello,

 

Using Linphone 3.8.1 for Windows, I’ve set a user to connect with TLS to a Kamailio server; this server has a self-signed certificate. When connecting with the client, I have the following error :

 

error: 2015-04-30 14:58:33:040 Channel [06B887E8]: SSL handshake failed : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed

error: 2015-04-30 14:58:33:040 Cannot connect to [TLS://10.3.3.19:5061]

 

I understand (and at ease) that Linphone doesn’t want to connect to a server with an unknown certificate, but even after added it at the end of the …/Linphone/share/linphone/rootca.pem file of the user hosts the connection is refused. How should I proceed to allow my client to connect to this server? I also tried with the Linux client (linphone 3.7.0) with the same result. I confident my server is well configured as I could connect with another client which is accepting all certificates.

 

Thank you

 

Frederic Mathys

System Integration & Validation Engineer

P Please consider the environment - do you really need to print this email ?

 

_______________________________________________
Linphone-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-users

 

reply via email to
[Prev in Thread] Current Thread [Next in Thread]