<div dir="ltr"><a href="https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse/docs/how_to_make_your_own_ca_correctly.txt?at=79b3cdfc967376511d113d6386e450a5f7ab0db2&raw">https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse/docs/how_to_make_your_own_ca_correctly.txt?at=79b3cdfc967376511d113d6386e450a5f7ab0db2&raw</a><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 17, 2014 at 6:07 AM, Emrah <span dir="ltr"><<a href="mailto:lists@kavun.ch" target="_blank">lists@kavun.ch</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Hi all,<div><br></div><div>I tried regenerating new certificates with a lower key size, bypassed the commercial component and instead uploaded the CA on my devices, changed the SSL port and… Well still stuck.</div><div><br></div><div>Your help is more than welcome! </div><div><br></div><div>Any idea?</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>Emrah</div></font></span><div><div class="h5"><div><br></div><div><br><div><blockquote type="cite"><div>On Nov 14, 2014, at 5:14 PM, Emrah <<a href="mailto:lists@kavun.ch" target="_blank">lists@kavun.ch</a>> wrote:</div><br><div><div style="word-wrap:break-word">Hi list,<div><br></div><div>I am able to use FS with SSLv23 with Blink Pro on Mac OS, but that’s about it.</div><div>I get the following error if I connect with any other device (Bria iOS, Yealink phone, Join Softphone):</div><div><div style="margin:0px;font-size:11px;font-family:Menlo">TLS setup failed (error:00000001:lib(0):func(0):reason(1))</div></div><div style="margin:0px;font-size:11px;font-family:Menlo"><br></div><div style="margin:0px;font-size:11px;font-family:Menlo">I came across this thread: <a href="http://freeswitch-users.2379917.n2.nabble.com/FS-with-SSL-TLS-issues-td7587736.html" target="_blank">http://freeswitch-users.2379917.n2.nabble.com/FS-with-SSL-TLS-issues-td7587736.html</a> but it doesn’t seem to apply to my scenario.</div><div style="margin:0px;font-size:11px;font-family:Menlo"><br></div><div style="margin:0px;font-size:11px;font-family:Menlo">I am using a commercial certificate. My devices connect to a domain which has an SRV record which points to itself on the SSL port. SSL host is an A record and matches the CN in the certificate. Server cA check is even turned off on certain phones.</div><div style="margin:0px;font-size:11px;font-family:Menlo"><br></div><div style="margin:0px;font-size:11px;font-family:Menlo">The only error I get on my Yealink phone is this:</div><div style="margin:0px"><div style="margin:0px"><font face="Menlo"><span style="font-size:11px">Nov 14 11:04:03 SIP [524]: SDL <6+info > [000] SSL_connect (read done)</span></font></div><div style="margin:0px"><font face="Menlo"><span style="font-size:11px">Nov 14 11:04:03 SIP [524]: SDL <3+error > [000] SSL ERROR</span></font></div><div style="margin:0px"><font face="Menlo"><span style="font-size:11px">Nov 14 11:04:03 SIP [524]: SDL <3+error > [000] SSL_connect error</span></font></div><div style="font-family:Menlo;font-size:11px"><br></div></div><div style="margin:0px;font-size:11px;font-family:Menlo">I would appreciate to know how I could debug this further. Or if you have any clue at what may be going on.</div><div style="margin:0px;font-size:11px;font-family:Menlo"><br></div><div style="margin:0px;font-size:11px;font-family:Menlo">Thanks!</div><div style="margin:0px;font-size:11px;font-family:Menlo">Emrah</div></div></div></blockquote></div><br></div></div></div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p>
<p><font face="courier new, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div>
</div>