linphone-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-users] Linphone rejects valid certificate


From: Robert Dyck
Subject: Re: [Linphone-users] Linphone rejects valid certificate
Date: Mon, 09 Nov 2020 13:45:01 -0800

In Linphone is the location of the CA bundle configurable? What is the default 
location?
For completeness I am using Fedora, which is probably the same as Centos or 
RHEL.
Also using a different softphone with TLS on the same computer is OK.

On Sunday, November 8, 2020 4:44:55 P.M. PST Chris Woods wrote:
> On Sun, 8 Nov 2020, 23:38 Robert Dyck, <rob.dyck@telus.net> wrote:
> > Version Core 4.4.0-13-gc99cb9c88 Appimage
> > 
> >  The server/proxy is opensips. The certificate that is installed in
> > 
> > opensips
> > works for other user agents. Linphone rejects the certificate. The
> > certificate
> > was generated by Lets Encrypt.
> > 
> > 2020-11-08 15:23:44:071 [AppRun.wrapped/belle-sip] MESSAGE Channel
> > [0x4c70290]: SSL handshake in progress...
> > 2020-11-08 15:23:44:091 [AppRun.wrapped/belle-sip] MESSAGE Found
> > certificate
> > depth=[0], flags=[not-trusted ]:
> > cert. version     : 3
> > serial number     : 03:3D:58:6A:10:1B:E4:D8:68:7C:2F:14:41:57:D4:C9:D0:8B
> > issuer name       : C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
> > subject name      : CN=bogus.com
> > issued  on        : 2020-09-25 15:29:57
> > expires on        : 2020-12-24 15:29:57
> > signed using      : RSA with SHA-256
> > RSA key size      : 2048 bits
> > basic constraints : CA=false
> > subject alt name  : bogus.com
> > key usage         : Digital Signature, Key Encipherment
> > ext key usage     : TLS Web Server Authentication, TLS Web Client
> > Authentication
> > 
> > 2020-11-08 15:23:44:091 [AppRun.wrapped/belle-sip] ERROR Channel
> > [0x4c70290]:
> > SSL handshake failed : X509 - Certificate verification failed, e.g. CRL,
> > CA or
> > signature check failed
> 
> That sounds symptomatic of Linphone either using its own CA bundle, which
> may be out of date and doesn't include the Let's Encrypt Root CA certs, or
> the app is not able to query the system CA root bundle to validate your end
> entity cert.







reply via email to

[Prev in Thread] Current Thread [Next in Thread]