In Linphone is the location of the CA bundle configurable? What is the default location? For completeness I am using Fedora, which is probably the same as Centos or RHEL. Also using a different softphone with TLS on the same computer is OK.
On Sunday, November 8, 2020 4:44:55 P.M. PST Chris Woods wrote: > On Sun, 8 Nov 2020, 23:38 Robert Dyck, <[email protected]> wrote: > > Version Core 4.4.0-13-gc99cb9c88 Appimage > > > > The server/proxy is opensips. The certificate that is installed in > > > > opensips > > works for other user agents. Linphone rejects the certificate. The > > certificate > > was generated by Lets Encrypt. > > > > 2020-11-08 15:23:44:071 [AppRun.wrapped/belle-sip] MESSAGE Channel > > [0x4c70290]: SSL handshake in progress... > > 2020-11-08 15:23:44:091 [AppRun.wrapped/belle-sip] MESSAGE Found > > certificate > > depth=[0], flags=[not-trusted ]: > > cert. version : 3 > > serial number : 03:3D:58:6A:10:1B:E4:D8:68:7C:2F:14:41:57:D4:C9:D0:8B > > issuer name : C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 > > subject name : CN=bogus.com > > issued on : 2020-09-25 15:29:57 > > expires on : 2020-12-24 15:29:57 > > signed using : RSA with SHA-256 > > RSA key size : 2048 bits > > basic constraints : CA=false > > subject alt name : bogus.com > > key usage : Digital Signature, Key Encipherment > > ext key usage : TLS Web Server Authentication, TLS Web Client > > Authentication > > > > 2020-11-08 15:23:44:091 [AppRun.wrapped/belle-sip] ERROR Channel > > [0x4c70290]: > > SSL handshake failed : X509 - Certificate verification failed, e.g. CRL, > > CA or > > signature check failed > > That sounds symptomatic of Linphone either using its own CA bundle, which > may be out of date and doesn't include the Let's Encrypt Root CA certs, or > the app is not able to query the system CA root bundle to validate your end > entity cert. _______________________________________________ Linphone-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/linphone-users
