[Freeswitch-users] Freeswitch TLS and Yealink t26p

Antonio asilva at wirelessmundi.com
Fri Dec 21 14:54:56 MSK 2012


Answer to myself....

In the yealink configuration, in the account parameters, the "transport"
must be force to TLS.  

I don't know why it just works.... Before i was using DNS-SRV, that
should be the first option, yealink should have some issue here... i
will report to them.


Thanks,
António

On Fri, 2012-12-21 at 10:35 +0100, Antonio wrote:

> Hi,
> 
> I'm trying to register a yealink with TLS, using my one certificates.
> 
> I follow the wiki and In fs i have both agent.pem and cafile.pem . I
> install in the phone the root certificate.
> 
> But when i try to register, i have (tport log):
> 
> 
> tport.c:3186 tport_recv_iovec() tport_recv_iovec(0x808fb0) msg
> 0x7fe9d0aa8180 from (udp/192.168.10.1:5060) has 340 bytes, veclen = 1
> tport.c:3004 tport_deliver() tport_deliver(0x808fb0): msg
> 0x7fe9d0aa8180 (340 bytes) from udp/192.168.10.23:5060/sip next=(nil)
> tport.c:4202 tport_release() tport_release(0x808fb0): 0x7fe9d01142f0
> by 0x7fe9d025d920 with 0x7fe9d0aa8180
> tport.c:2730 tport_wakeup_pri() tport_wakeup_pri(0x7fe9c802aad0):
> events IN
> tport.c:869 tport_alloc_secondary()
> tport_alloc_secondary(0x7fe9c802aad0): new secondary tport
> 0x7fe9c03e8450
> tport_type_tls.c:603 tport_tls_accept()
> tport_tls_accept(0x7fe9c03e8450): new connection from
> tls/192.168.10.36:48754/sips
> tport_tls.c:869 tls_connect() tls_connect(0x7fe9c03e8450): events
> NEGOTIATING
> tport_tls.c:869 tls_connect() tls_connect(0x7fe9c03e8450): events
> NEGOTIATING
> tport_tls.c:526 tls_post_connection_check()
> tls_post_connection_check(0x7fe9c03e8450): Peer did not provide X.509
> Certificate.
> 
> 
> 
> I could make it work and have a register in the tls profile when i
> check on the phone the option in Security->Trusted Certificates: "Only
> Accept Trusted Certificates: DISABLED".
> Could it be some bug in the yealink, or I’m missing something in the
> conf...
> 
> Another question, is there any problem if i choose to use this
> configuration... since is the phone that ignores the certificate and
> the validation is done by the server and not by the client. 
> 
> Can you help me?
> 
> Thanks,
> António 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org


-- 

Un cordial saludo / Best regards, 

 _________________________

António Silva

E-mail:asilva at wirelessmundi.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20121221/b8607120/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list