[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Linphone-users] Linphone rejects valid certificate
From: |
Robert Dyck |
Subject: |
Re: [Linphone-users] Linphone rejects valid certificate |
Date: |
Mon, 09 Nov 2020 13:45:01 -0800 |
In Linphone is the location of the CA bundle configurable? What is the default
location?
For completeness I am using Fedora, which is probably the same as Centos or
RHEL.
Also using a different softphone with TLS on the same computer is OK.
On Sunday, November 8, 2020 4:44:55 P.M. PST Chris Woods wrote:
> On Sun, 8 Nov 2020, 23:38 Robert Dyck, <rob.dyck@telus.net> wrote:
> > Version Core 4.4.0-13-gc99cb9c88 Appimage
> >
> > The server/proxy is opensips. The certificate that is installed in
> >
> > opensips
> > works for other user agents. Linphone rejects the certificate. The
> > certificate
> > was generated by Lets Encrypt.
> >
> > 2020-11-08 15:23:44:071 [AppRun.wrapped/belle-sip] MESSAGE Channel
> > [0x4c70290]: SSL handshake in progress...
> > 2020-11-08 15:23:44:091 [AppRun.wrapped/belle-sip] MESSAGE Found
> > certificate
> > depth=[0], flags=[not-trusted ]:
> > cert. version : 3
> > serial number : 03:3D:58:6A:10:1B:E4:D8:68:7C:2F:14:41:57:D4:C9:D0:8B
> > issuer name : C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
> > subject name : CN=bogus.com
> > issued on : 2020-09-25 15:29:57
> > expires on : 2020-12-24 15:29:57
> > signed using : RSA with SHA-256
> > RSA key size : 2048 bits
> > basic constraints : CA=false
> > subject alt name : bogus.com
> > key usage : Digital Signature, Key Encipherment
> > ext key usage : TLS Web Server Authentication, TLS Web Client
> > Authentication
> >
> > 2020-11-08 15:23:44:091 [AppRun.wrapped/belle-sip] ERROR Channel
> > [0x4c70290]:
> > SSL handshake failed : X509 - Certificate verification failed, e.g. CRL,
> > CA or
> > signature check failed
>
> That sounds symptomatic of Linphone either using its own CA bundle, which
> may be out of date and doesn't include the Let's Encrypt Root CA certs, or
> the app is not able to query the system CA root bundle to validate your end
> entity cert.