[Freeswitch-users] Freeswitch TLS and Yealink t26p

William King william.king at quentustech.com
Wed Jan 2 21:56:52 MSK 2013


Another thing to be aware of is that there is an outstanding bug where
Yealinks are not able to load certain custom CA's because the time on
the phone is not being synced to NTP before the CA is validated and loaded.

Once you changed the transport have you run into any new issues?

William King
Senior Engineer
Quentus Technologies, INC
1037 NE 65th St Suite 273
Seattle, WA 98115
Main:   (877) 211-9337
Office: (206) 388-4772
Cell:   (253) 686-5518
william.king at quentustech.com

On 12/21/2012 03:54 AM, Antonio wrote:
> Answer to myself....
> 
> In the yealink configuration, in the account parameters, the "transport"
> must be force to TLS. 
> 
> I don't know why it just works.... Before i was using DNS-SRV, that
> should be the first option, yealink should have some issue here... i
> will report to them.
> 
> 
> Thanks,
> António
> 
> On Fri, 2012-12-21 at 10:35 +0100, Antonio wrote:
>> Hi,
>>
>> I'm trying to register a yealink with TLS, using my one certificates.
>>
>> I follow the wiki and In fs i have both agent.pem and cafile.pem . I
>> install in the phone the root certificate.
>>
>> But when i try to register, i have (tport log):
>>
>>
>> tport.c:3186 tport_recv_iovec() tport_recv_iovec(0x808fb0) msg
>> 0x7fe9d0aa8180 from (udp/192.168.10.1:5060) has 340 bytes, veclen = 1
>> tport.c:3004 tport_deliver() tport_deliver(0x808fb0): msg
>> 0x7fe9d0aa8180 (340 bytes) from udp/192.168.10.23:5060/sip next=(nil)
>> tport.c:4202 tport_release() tport_release(0x808fb0): 0x7fe9d01142f0
>> by 0x7fe9d025d920 with 0x7fe9d0aa8180
>> tport.c:2730 tport_wakeup_pri() tport_wakeup_pri(0x7fe9c802aad0):
>> events IN
>> tport.c:869 tport_alloc_secondary()
>> tport_alloc_secondary(0x7fe9c802aad0): new secondary tport 0x7fe9c03e8450
>> tport_type_tls.c:603 tport_tls_accept()
>> tport_tls_accept(0x7fe9c03e8450): new connection from
>> tls/192.168.10.36:48754/sips
>> tport_tls.c:869 tls_connect() tls_connect(0x7fe9c03e8450): events
>> NEGOTIATING
>> tport_tls.c:869 tls_connect() tls_connect(0x7fe9c03e8450): events
>> NEGOTIATING
>> tport_tls.c:526 tls_post_connection_check()
>> tls_post_connection_check(0x7fe9c03e8450): Peer did not provide X.509
>> Certificate.
>>
>>
>>
>> I could make it work and have a register in the tls profile when i
>> check on the phone the option in Security->Trusted Certificates: "Only
>> Accept Trusted Certificates: DISABLED".
>> Could it be some bug in the yealink, or I’m missing something in the
>> conf...
>>
>> Another question, is there any problem if i choose to use this
>> configuration... since is the phone that ignores the certificate and
>> the validation is done by the server and not by the client.
>>
>> Can you help me?
>>
>> Thanks,
>> António
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
> 
> -- 
> 
> Un cordial saludo / Best regards, 
> 
>  _________________________
> 
> António Silva
> 
> E-mail:asilva at wirelessmundi.com <mailto:asilva at wirelessmundi.com>
> 
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list