linphone-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] TLS Handshake Error with Self Signed Certific


From: Vladislav Vetrov
Subject: Re: [Linphone-developers] TLS Handshake Error with Self Signed Certificate for Linphone 3.9.1
Date: Sat, 30 Apr 2016 03:46:37 +0300

I've also try use absolute path to /home/user/.cert in ~/.linphonerc
and make symbol link for linphone rootca.pem file:
ln -s /usr/local/share/linphone/rootca.pem /home/user/.cert/rootca.crt

strace linphone | grep cert

stat("/home/user/.cert/.", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/home/user/.cert/..", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
stat("/home/user/.cert/ca.crt", {st_mode=S_IFREG|0444, st_size=2114, ...}) = 0
open("/home/user/.cert/ca.crt", O_RDONLY) = 20
stat("/home/user/.cert/rootca.crt", {st_mode=S_IFREG|0644, st_size=251344, ...}) = 0
open("/home/user/.cert/rootca.crt", O_RDONLY) = 20

But it doesn't help again! :-(

/home/sun/.cert/rootca.crt

Суббота, 30 апреля 2016, 3:15 +03:00 от Vladislav Vetrov <address@hidden>:

I've put my root certificate file ca.crt to ~/.cert folder and make this entry in ~/.linphonerc :

[sip]
root_ca=~/.cert

But It doesn't work!.. :(


My solutions is:

[sip]
verify_server_certs=0
verify_server_cn=0

But I'm not sure - is this method secure?

  30 april 2016, 0:36 +03:00 от Johan Pascal <address@hidden>:

Hi,
you can set a custom root certificate in your linphonerc using
[sip]
root_ca=<path to a local directory storing my self generated root certificate>

and it shall work. Default, on linux system is /etc/ssl/certs, you could also add your custom root certificate in this directory but it's better not to mess with it.

regards,

johan

On 29/04/16 18:49, Vladislav Vetrov wrote:
TLS Handshake Error with Signed Certificate for Linphone 3.9.1. I've killed a few days for it, but it doesn't work!

error: 2016-04-29 19:48:16:093 Channel [0x238f390]: SSL handshake failed : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
error: 2016-04-29 19:48:16:093 Cannot connect to [TLS://xx.xx.xx.xx:yyyy]


_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers

_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers



_______________________________________________
Linphone-developers mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-developers




reply via email to

[Prev in Thread] Current Thread [Next in Thread]