[Freeswitch-users] TLS problem
Dror Lupu
drorlupu at gmail.com
Mon Sep 16 08:10:35 MSD 2013
Ok, thanks - I'll try that.
From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Peter
Sent: Monday, September 16, 2013 3:45 AM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] TLS problem
Note that Linphone uses its own CA list (derived from Mozilla's list).
If you are using a self-signed cert, then you need to add the FS CA cert
into the Linphone rootca.pem file. You'll either need a rooted/jail broken
phone to do this, or compile your own version with your CA cert appended to
rootca.pem
On Mon, Sep 16, 2013 at 3:46 AM, Dror Lupu <drorlupu at gmail.com
<mailto:drorlupu at gmail.com> > wrote:
I followed the steps in the Wiki: http://wiki.freeswitch.org/wiki/SIP_TLS
Using the gentls_cert script.
I verified that all .pem files got created.
-----Original Message-----
From: freeswitch-users-bounces at lists.freeswitch.org
<mailto:freeswitch-users-bounces at lists.freeswitch.org>
[mailto:freeswitch-users-bounces at lists.freeswitch.org
<mailto:freeswitch-users-bounces at lists.freeswitch.org> ] On Behalf Of Brian
West
Sent: Sunday, September 15, 2013 8:35 PM
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] TLS problem
Its probably going to be the cipher suite, how did you generate the
certificate?
--
Brian West
brian at freeswitch.org <mailto:brian at freeswitch.org>
FreeSWITCH Solutions, LLC
PO BOX PO BOX 2531
Brookfield, WI 53008-2531
Twitter: @FreeSWITCH_Wire , @briankwest
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com
T: +1.918.420.9001 <tel:%2B1.918.420.9001> | F: +1.918.420.9002
<tel:%2B1.918.420.9002> | M: +1.918.424.WEST
iNUM: +883 5100 1420 9001 <tel:%2B883%205100%201420%209001>
ISN: 410*543
Skype:briankwest
PGP Key: http://www.bkw.org/key.txt (AB93356707C76CED)
On Sep 14, 2013, at 1:35 PM, Dror Lupu <drorlupu at gmail.com
<mailto:drorlupu at gmail.com> > wrote:
> Hi Guys,
>
> I've done the steps for TLS setup as shown on the Wiki (using the server's
IP address in CN and ALT), but I can't get TLS to work (UDP/TCP works fine).
> All certificates seem to be in place and generated correctly.
> I get this error, when using Linphone (I installed the root CA on my
machine).
> 1. tport.c:2745 tport_wakeup_pri() tport_wakeup_pri(0xb5062a60):
> events IN 2. tport.c:869 tport_alloc_secondary()
> tport_alloc_secondary(0xb5062a60): new secondary tport 0xb67c0410 3.
> tport_type_tls.c:607 tport_tls_accept() tport_tls_accept(0xb67c0410):
> new connection from tls/172.16.111.211:61942/sips
<http://172.16.111.211:61942/sips> 4. tport_tls.c:873
> tls_connect() tls_connect(0xb67c0410): events NEGOTIATING 5.
> tport_tls.c:873 tls_connect() tls_connect(0xb67c0410): events
> NEGOTIATING 6. tport_tls.c:962 tls_connect() tls_connect(0xb67c0410):
> TLS setup failed (error:00000001:lib(0):func(0):reason(1))
> 7. tport.c:2092 tport_close() tport_close(0xb67c0410):
tls/172.16.111.211:61942/sips <http://172.16.111.211:61942/sips>
> 8.
> Any ideas?
>
> Thanks in advance,
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130916/f99ae919/attachment.html
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list