<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.30.3">
</HEAD>
<BODY>
Hi,<BR>
<BR>
Nice to now.<BR>
I didn't have this problem, i could upload a custom certificate and with the option "Only Accept Trusted Certificates" to enabled.<BR>
<BR>
I had another issue with ldap navigation, i report to them, they were quite fast to reply, and there is a new firmware 6.70.0.120 that solves the problem.<BR>
<BR>
Best regards,<BR>
<BR>
António Silva<BR>
<BR>
<BR>
On Wed, 2013-01-02 at 10:56 -0800, William King wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
Another thing to be aware of is that there is an outstanding bug where
Yealinks are not able to load certain custom CA's because the time on
the phone is not being synced to NTP before the CA is validated and loaded.
Once you changed the transport have you run into any new issues?
William King
Senior Engineer
Quentus Technologies, INC
1037 NE 65th St Suite 273
Seattle, WA 98115
Main: (877) 211-9337
Office: (206) 388-4772
Cell: (253) 686-5518
<A HREF="mailto:william.king@quentustech.com">william.king@quentustech.com</A>
On 12/21/2012 03:54 AM, Antonio wrote:
> Answer to myself....
>
> In the yealink configuration, in the account parameters, the "transport"
> must be force to TLS.
>
> I don't know why it just works.... Before i was using DNS-SRV, that
> should be the first option, yealink should have some issue here... i
> will report to them.
>
>
> Thanks,
> António
>
> On Fri, 2012-12-21 at 10:35 +0100, Antonio wrote:
>> Hi,
>>
>> I'm trying to register a yealink with TLS, using my one certificates.
>>
>> I follow the wiki and In fs i have both agent.pem and cafile.pem . I
>> install in the phone the root certificate.
>>
>> But when i try to register, i have (tport log):
>>
>>
>> tport.c:3186 tport_recv_iovec() tport_recv_iovec(0x808fb0) msg
>> 0x7fe9d0aa8180 from (udp/192.168.10.1:5060) has 340 bytes, veclen = 1
>> tport.c:3004 tport_deliver() tport_deliver(0x808fb0): msg
>> 0x7fe9d0aa8180 (340 bytes) from udp/192.168.10.23:5060/sip next=(nil)
>> tport.c:4202 tport_release() tport_release(0x808fb0): 0x7fe9d01142f0
>> by 0x7fe9d025d920 with 0x7fe9d0aa8180
>> tport.c:2730 tport_wakeup_pri() tport_wakeup_pri(0x7fe9c802aad0):
>> events IN
>> tport.c:869 tport_alloc_secondary()
>> tport_alloc_secondary(0x7fe9c802aad0): new secondary tport 0x7fe9c03e8450
>> tport_type_tls.c:603 tport_tls_accept()
>> tport_tls_accept(0x7fe9c03e8450): new connection from
>> tls/192.168.10.36:48754/sips
>> tport_tls.c:869 tls_connect() tls_connect(0x7fe9c03e8450): events
>> NEGOTIATING
>> tport_tls.c:869 tls_connect() tls_connect(0x7fe9c03e8450): events
>> NEGOTIATING
>> tport_tls.c:526 tls_post_connection_check()
>> tls_post_connection_check(0x7fe9c03e8450): Peer did not provide X.509
>> Certificate.
>>
>>
>>
>> I could make it work and have a register in the tls profile when i
>> check on the phone the option in Security->Trusted Certificates: "Only
>> Accept Trusted Certificates: DISABLED".
>> Could it be some bug in the yealink, or I’m missing something in the
>> conf...
>>
>> Another question, is there any problem if i choose to use this
>> configuration... since is the phone that ignores the certificate and
>> the validation is done by the server and not by the client.
>>
>> Can you help me?
>>
>> Thanks,
>> António
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> <A HREF="mailto:consulting@freeswitch.org">consulting@freeswitch.org</A> <<A HREF="mailto:consulting@freeswitch.org">mailto:consulting@freeswitch.org</A>>
>> <A HREF="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</A>
>>
>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
>> <A HREF="http://www.cudatel.com">http://www.cudatel.com</A>
>>
>> Official FreeSWITCH Sites
>> <A HREF="http://www.freeswitch.org">http://www.freeswitch.org</A>
>> <A HREF="http://wiki.freeswitch.org">http://wiki.freeswitch.org</A>
>> <A HREF="http://www.cluecon.com">http://www.cluecon.com</A>
>>
>> FreeSWITCH-users mailing list
>> <A HREF="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</A> <<A HREF="mailto:FreeSWITCH-users@lists.freeswitch.org">mailto:FreeSWITCH-users@lists.freeswitch.org</A>>
>> <A HREF="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</A>
>> UNSUBSCRIBE:<A HREF="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</A>
>> <A HREF="http://www.freeswitch.org">http://www.freeswitch.org</A>
>
> --
>
> Un cordial saludo / Best regards,
>
> _________________________
>
> António Silva
>
> E-mail:<A HREF="mailto:asilva@wirelessmundi.com">asilva@wirelessmundi.com</A> <<A HREF="mailto:asilva@wirelessmundi.com">mailto:asilva@wirelessmundi.com</A>>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> <A HREF="mailto:consulting@freeswitch.org">consulting@freeswitch.org</A>
> <A HREF="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</A>
>
> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
> <A HREF="http://www.cudatel.com">http://www.cudatel.com</A>
>
> Official FreeSWITCH Sites
> <A HREF="http://www.freeswitch.org">http://www.freeswitch.org</A>
> <A HREF="http://wiki.freeswitch.org">http://wiki.freeswitch.org</A>
> <A HREF="http://www.cluecon.com">http://www.cluecon.com</A>
>
> FreeSWITCH-users mailing list
> <A HREF="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</A>
> <A HREF="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</A>
> UNSUBSCRIBE:<A HREF="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</A>
> <A HREF="http://www.freeswitch.org">http://www.freeswitch.org</A>
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<A HREF="mailto:consulting@freeswitch.org">consulting@freeswitch.org</A>
<A HREF="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</A>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<A HREF="http://www.cudatel.com">http://www.cudatel.com</A>
Official FreeSWITCH Sites
<A HREF="http://www.freeswitch.org">http://www.freeswitch.org</A>
<A HREF="http://wiki.freeswitch.org">http://wiki.freeswitch.org</A>
<A HREF="http://www.cluecon.com">http://www.cluecon.com</A>
FreeSWITCH-users mailing list
<A HREF="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</A>
<A HREF="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</A>
UNSUBSCRIBE:<A HREF="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</A>
<A HREF="http://www.freeswitch.org">http://www.freeswitch.org</A>
</PRE>
</BLOCKQUOTE>
<BR>
</BODY>
</HTML>