[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Linphone-users] eXosip error: Couldn't read CA list
From: |
alekcejk |
Subject: |
[Linphone-users] eXosip error: Couldn't read CA list |
Date: |
Fri, 26 Jul 2013 15:02:14 +0300 |
User-agent: |
KNode/4.10.5 |
Hi,
Linphone 3.5.2 and 3.6.1 built for Fedora have registration problem
with SIP(TLS) protocol:
ortp-message-TLS server method
ortp-error-eXosip: Couldn't read CA list
ortp-message-eXosip: Trusted CA folder : '/etc/ssl/certs'
ortp-error-Cannot load certificates from Microsoft Certificate Store
ortp-error-verify error:num=20:unable to get local issuer
certificate:depth=1:/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
ortp-error-SSL ERROR
ortp-error-SSL_connect error
There are files in /etc/ssl/certs:
ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
So changing /etc/ssl/certs to /etc/ssl/certs/ca-bundle.crt in
coreapi/linphonecore.c
fixes registration problem:
message: TLS server method
error: Cannot load certificates from Microsoft Certificate Store
message: eXosip: Trusted CA file : '/etc/ssl/certs/ca-bundle.crt'
error: Cannot load certificates from Microsoft Certificate Store
message: SSL_is_init_finished not already done
message: SSL_connect retry
message: SSL_connect (timeout not data to read) (0 ms)
message: socket node:sip.linphone.org, socket 21 [pos=0], connected (ssl in
progress)
message: eXosip: timer sec:1 usec:975024!
message: SSL_is_init_finished not already done
error: depth=2:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST
Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
error: depth=1:/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
error: depth=0:/OU=Domain Control Validated/OU=Gandi Standard
SSL/CN=sip.linphone.org
message: SSL_connect retry
message: SSL_connect (timeout not data to read) (0 ms)
message: eXosip: timer sec:1 usec:904134!
message: SSL_is_init_finished not already done
message: SSL_connect succeeded
message: SSL_is_init_finished done
message: tls_connect: remote certificate: subject:/OU=Domain Control
Validated/OU=Gandi Standard SSL/CN=sip.linphone.org
message: tls_connect: remote certificate: issuer: /C=FR/O=GANDI SAS/CN=Gandi
Standard SSL CA
Is such fix acceptable or possible other way to fix this problem?
--
Alexey Kurov <address@hidden>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Linphone-users] eXosip error: Couldn't read CA list,
alekcejk <=