[Freeswitch-users] Freeswitch TLS and Yealink t26p
Antonio Silva
asilva at wirelessmundi.com
Wed Jan 16 15:18:27 MSK 2013
Hi,
Nice to now.
I didn't have this problem, i could upload a custom certificate and
with the option "Only Accept Trusted Certificates" to enabled.
I had another issue with ldap navigation, i report to them, they were
quite fast to reply, and there is a new firmware 6.70.0.120 that solves
the problem.
Best regards,
António Silva
On Wed, 2013-01-02 at 10:56 -0800, William King wrote:
> Another thing to be aware of is that there is an outstanding bug where
> Yealinks are not able to load certain custom CA's because the time on
> the phone is not being synced to NTP before the CA is validated and loaded.
>
> Once you changed the transport have you run into any new issues?
>
> William King
> Senior Engineer
> Quentus Technologies, INC
> 1037 NE 65th St Suite 273
> Seattle, WA 98115
> Main: (877) 211-9337
> Office: (206) 388-4772
> Cell: (253) 686-5518
> william.king at quentustech.com
>
> On 12/21/2012 03:54 AM, Antonio wrote:
> > Answer to myself....
> >
> > In the yealink configuration, in the account parameters, the "transport"
> > must be force to TLS.
> >
> > I don't know why it just works.... Before i was using DNS-SRV, that
> > should be the first option, yealink should have some issue here... i
> > will report to them.
> >
> >
> > Thanks,
> > António
> >
> > On Fri, 2012-12-21 at 10:35 +0100, Antonio wrote:
> >> Hi,
> >>
> >> I'm trying to register a yealink with TLS, using my one certificates.
> >>
> >> I follow the wiki and In fs i have both agent.pem and cafile.pem . I
> >> install in the phone the root certificate.
> >>
> >> But when i try to register, i have (tport log):
> >>
> >>
> >> tport.c:3186 tport_recv_iovec() tport_recv_iovec(0x808fb0) msg
> >> 0x7fe9d0aa8180 from (udp/192.168.10.1:5060) has 340 bytes, veclen = 1
> >> tport.c:3004 tport_deliver() tport_deliver(0x808fb0): msg
> >> 0x7fe9d0aa8180 (340 bytes) from udp/192.168.10.23:5060/sip next=(nil)
> >> tport.c:4202 tport_release() tport_release(0x808fb0): 0x7fe9d01142f0
> >> by 0x7fe9d025d920 with 0x7fe9d0aa8180
> >> tport.c:2730 tport_wakeup_pri() tport_wakeup_pri(0x7fe9c802aad0):
> >> events IN
> >> tport.c:869 tport_alloc_secondary()
> >> tport_alloc_secondary(0x7fe9c802aad0): new secondary tport 0x7fe9c03e8450
> >> tport_type_tls.c:603 tport_tls_accept()
> >> tport_tls_accept(0x7fe9c03e8450): new connection from
> >> tls/192.168.10.36:48754/sips
> >> tport_tls.c:869 tls_connect() tls_connect(0x7fe9c03e8450): events
> >> NEGOTIATING
> >> tport_tls.c:869 tls_connect() tls_connect(0x7fe9c03e8450): events
> >> NEGOTIATING
> >> tport_tls.c:526 tls_post_connection_check()
> >> tls_post_connection_check(0x7fe9c03e8450): Peer did not provide X.509
> >> Certificate.
> >>
> >>
> >>
> >> I could make it work and have a register in the tls profile when i
> >> check on the phone the option in Security->Trusted Certificates: "Only
> >> Accept Trusted Certificates: DISABLED".
> >> Could it be some bug in the yealink, or I’m missing something in the
> >> conf...
> >>
> >> Another question, is there any problem if i choose to use this
> >> configuration... since is the phone that ignores the certificate and
> >> the validation is done by the server and not by the client.
> >>
> >> Can you help me?
> >>
> >> Thanks,
> >> António
> >> _________________________________________________________________________
> >> Professional FreeSWITCH Consulting Services:
> >> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> >> http://www.freeswitchsolutions.com
> >>
> >>
> >>
> >>
> >> Official FreeSWITCH Sites
> >> http://www.freeswitch.org
> >> http://wiki.freeswitch.org
> >> http://www.cluecon.com
> >>
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> http://www.freeswitch.org
> >
> > --
> >
> > Un cordial saludo / Best regards,
> >
> > _________________________
> >
> > António Silva
> >
> > E-mail:asilva at wirelessmundi.com <mailto:asilva at wirelessmundi.com>
> >
> >
> >
> > _________________________________________________________________________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> >
> >
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://wiki.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130116/7b0a262f/attachment-0001.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list