<div dir="ltr">Note that Linphone uses its own CA list (derived from Mozilla's list).<br><br>If you are using a self-signed cert, then you need to add the FS CA cert into the Linphone rootca.pem file. You'll either need a rooted/jail broken phone to do this, or compile your own version with your CA cert appended to rootca.pem<br>
<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Sep 16, 2013 at 3:46 AM, Dror Lupu <span dir="ltr"><<a href="mailto:drorlupu@gmail.com" target="_blank">drorlupu@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I followed the steps in the Wiki: <a href="http://wiki.freeswitch.org/wiki/SIP_TLS" target="_blank">http://wiki.freeswitch.org/wiki/SIP_TLS</a><br>
Using the gentls_cert script.<br>
<br>
I verified that all .pem files got created.<br>
<div><div class="h5"><br>
-----Original Message-----<br>
From: <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-bounces@lists.freeswitch.org</a><br>
[mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-bounces@lists.freeswitch.org</a>] On Behalf Of Brian<br>
West<br>
Sent: Sunday, September 15, 2013 8:35 PM<br>
To: FreeSWITCH Users Help<br>
Subject: Re: [Freeswitch-users] TLS problem<br>
<br>
Its probably going to be the cipher suite, how did you generate the<br>
certificate?<br>
--<br>
Brian West<br>
<a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a><br>
FreeSWITCH Solutions, LLC<br>
PO BOX PO BOX 2531<br>
Brookfield, WI 53008-2531<br>
Twitter: @FreeSWITCH_Wire , @briankwest<br>
<a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br>
<a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a><br>
<br>
T: <a href="tel:%2B1.918.420.9001" value="+19184209001">+1.918.420.9001</a> | F: <a href="tel:%2B1.918.420.9002" value="+19184209002">+1.918.420.9002</a> | M: +1.918.424.WEST<br>
iNUM: <a href="tel:%2B883%205100%201420%209001" value="+883510014209001">+883 5100 1420 9001</a><br>
ISN: 410*543<br>
Skype:briankwest<br>
PGP Key: <a href="http://www.bkw.org/key.txt" target="_blank">http://www.bkw.org/key.txt</a> (AB93356707C76CED)<br>
<br>
On Sep 14, 2013, at 1:35 PM, Dror Lupu <<a href="mailto:drorlupu@gmail.com">drorlupu@gmail.com</a>> wrote:<br>
<br>
> Hi Guys,<br>
><br>
> I've done the steps for TLS setup as shown on the Wiki (using the server's<br>
IP address in CN and ALT), but I can't get TLS to work (UDP/TCP works fine).<br>
> All certificates seem to be in place and generated correctly.<br>
> I get this error, when using Linphone (I installed the root CA on my<br>
machine).<br>
> 1. tport.c:2745 tport_wakeup_pri() tport_wakeup_pri(0xb5062a60):<br>
> events IN 2. tport.c:869 tport_alloc_secondary()<br>
> tport_alloc_secondary(0xb5062a60): new secondary tport 0xb67c0410 3.<br>
> tport_type_tls.c:607 tport_tls_accept() tport_tls_accept(0xb67c0410):<br>
> new connection from tls/<a href="http://172.16.111.211:61942/sips" target="_blank">172.16.111.211:61942/sips</a> 4. tport_tls.c:873<br>
> tls_connect() tls_connect(0xb67c0410): events NEGOTIATING 5.<br>
> tport_tls.c:873 tls_connect() tls_connect(0xb67c0410): events<br>
> NEGOTIATING 6. tport_tls.c:962 tls_connect() tls_connect(0xb67c0410):<br>
> TLS setup failed (error:00000001:lib(0):func(0):reason(1))<br>
> 7. tport.c:2092 tport_close() tport_close(0xb67c0410):<br>
tls/<a href="http://172.16.111.211:61942/sips" target="_blank">172.16.111.211:61942/sips</a><br>
> 8.<br>
> Any ideas?<br>
><br>
> Thanks in advance,<br>
<br>
<br>
<br>
</div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br></div>