[Freeswitch-users] TLS with Cisco SPA112
Nick Vines
jnvines at gmail.com
Mon Sep 23 19:28:22 MSD 2013
Thanks Brian.
I couldn't find an earlier version of the gentls in git, but I'm still new
to git. I tried modifying gentls to use rsa:1024 instead of ec, but I'm
still getting the same error messages in the sofia log when the SPA112
tries to connect. FSClient connects with both rsa:1024 and rsa:2048, but I
haven't tried to connect any other devices to the server.
Changes made to gentls_cert:
setup_ca():
openssl req -out "${CONFDIR}/CA/cacert.pem" -new -x509 -keyout
"${CONFDIR}/CA/cakey.pem" -newkey rsa:1024 -config "${TMPFILE}.cfg" -nodes
-days ${DAYS} -sha1 >/dev/null || exit 1
generate_cert():
openssl req -new -out "${TMPFILE}.req" -newkey rsa:1024 -keyout
"${TMPFILE}.key" -config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1
On Sun, Sep 22, 2013 at 5:14 PM, Brian West <brian at freeswitch.org> wrote:
> Its going to be a cipher suite issue, I think the changing of gen_tlscert
> to do EC certs was a BAD IDEA. Some devices can't deal with it properly.
>
> /b
>
> On Sep 22, 2013, at 2:38 PM, Nick Vines <jnvines at gmail.com> wrote:
>
> > Has anyone successfully setup the spa112 or spa122 to use TLS? I tried
> setting my spa112 up following the generic TLS guide, but I am getting the
> following repeated error when I use `sofia loglevel all 9`:
> >
> > tport.c:2730 tport_wakeup_pri() tport_wakeup_pri(0x7fb6d40054c0): events
> IN
> > tport.c:869 tport_alloc_secondary()
> tport_alloc_secondary(0x7fb6d40054c0): new secondary tport 0x7fb6d40e9b00
> > tport_type_tls.c:603 tport_tls_accept()
> tport_tls_accept(0x7fb6d40e9b00): new connection from
> tls/my_ip_address:my_port/sips
> > tport_tls.c:869 tls_connect() tls_connect(0x7fb6d40e9b00): events
> NEGOTIATING
> > tport_tls.c:958 tls_connect() tls_connect(0x7fb6d40e9b00): TLS setup
> failed (error:00000001:lib(0):func(0):reason(1))
> > tport.c:2084 tport_close() tport_close(0x7fb6d40e9b00):
> tls/my_ip_address:my_port/sips
> >
> >
> > I double checked that TLS would work using fsclient to connect to my
> server, and that connected instantly.
> >
> > Thanks,
> > Nick
> >
> >
> > _________________________________________________________________________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> >
> >
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://wiki.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130923/24a403ab/attachment.html
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list