<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.30.3">
</HEAD>
<BODY>
Answer to myself....<BR>
<BR>
In the yealink configuration, in the account parameters, the "transport" must be force to TLS. <BR>
<BR>
I don't know why it just works.... Before i was using DNS-SRV, that should be the first option, yealink should have some issue here... i will report to them.<BR>
<BR>
<BR>
Thanks,<BR>
António<BR>
<BR>
On Fri, 2012-12-21 at 10:35 +0100, Antonio wrote:<BR>
<BLOCKQUOTE TYPE=CITE>
Hi,<BR>
<BR>
I'm trying to register a yealink with TLS, using my one certificates.<BR>
<BR>
I follow the wiki and In fs i have both agent.pem and cafile.pem . I install in the phone the root certificate.<BR>
<BR>
But when i try to register, i have (tport log):<BR>
<BR>
<BR>
tport.c:3186 tport_recv_iovec() tport_recv_iovec(0x808fb0) msg 0x7fe9d0aa8180 from (udp/192.168.10.1:5060) has 340 bytes, veclen = 1<BR>
tport.c:3004 tport_deliver() tport_deliver(0x808fb0): msg 0x7fe9d0aa8180 (340 bytes) from udp/192.168.10.23:5060/sip next=(nil)<BR>
tport.c:4202 tport_release() tport_release(0x808fb0): 0x7fe9d01142f0 by 0x7fe9d025d920 with 0x7fe9d0aa8180<BR>
tport.c:2730 tport_wakeup_pri() tport_wakeup_pri(0x7fe9c802aad0): events IN<BR>
tport.c:869 tport_alloc_secondary() tport_alloc_secondary(0x7fe9c802aad0): new secondary tport 0x7fe9c03e8450<BR>
tport_type_tls.c:603 tport_tls_accept() tport_tls_accept(0x7fe9c03e8450): new connection from tls/192.168.10.36:48754/sips<BR>
tport_tls.c:869 tls_connect() tls_connect(0x7fe9c03e8450): events NEGOTIATING<BR>
tport_tls.c:869 tls_connect() tls_connect(0x7fe9c03e8450): events NEGOTIATING<BR>
tport_tls.c:526 tls_post_connection_check() tls_post_connection_check(0x7fe9c03e8450): Peer did not provide X.509 Certificate.<BR>
<BR>
<BR>
<BR>
I could make it work and have a register in the tls profile when i check on the phone the option in Security->Trusted Certificates: "Only Accept Trusted Certificates: DISABLED".<BR>
Could it be some bug in the yealink, or I’m missing something in the conf...<BR>
<BR>
Another question, is there any problem if i choose to use this configuration... since is the phone that ignores the certificate and the validation is done by the server and not by the client. <BR>
<BR>
Can you help me?<BR>
<BR>
Thanks,<BR>
António
<PRE>
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<A HREF="mailto:consulting@freeswitch.org">consulting@freeswitch.org</A>
<A HREF="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</A>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<A HREF="http://www.cudatel.com">http://www.cudatel.com</A>
Official FreeSWITCH Sites
<A HREF="http://www.freeswitch.org">http://www.freeswitch.org</A>
<A HREF="http://wiki.freeswitch.org">http://wiki.freeswitch.org</A>
<A HREF="http://www.cluecon.com">http://www.cluecon.com</A>
FreeSWITCH-users mailing list
<A HREF="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</A>
<A HREF="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</A>
UNSUBSCRIBE:<A HREF="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</A>
<A HREF="http://www.freeswitch.org">http://www.freeswitch.org</A>
</PRE>
</BLOCKQUOTE>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<PRE>
--
Un cordial saludo / Best regards,
_________________________
António Silva
E-mail:<A HREF="mailto:asilva@wirelessmundi.com">asilva@wirelessmundi.com</A>
</PRE>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>