[Blink] TLS Server Verify not functioning

Adrian Georgescu ag at ag-projects.com
Mon Apr 19 03:16:47 CEST 2021 

This took awhile but is now implemented into latest python3-sipsimple trunk based on this thread:

https://github.com/AGProjects/python-sipsimple/pull/7

This and other changes and improvements will be available soon in Blink and SylkServer alike.

Regards,
Adrian


> On 20 Mar 2020, at 10:22, Dr. Karl Heinz Grube <grube at technikum-wien.at> wrote:
> 
> Hello!
> 
> I have an Asterisk server running and with Linphone and Jami I am able to verify the TLS certificates, but with blink it does not work:
> 
> pjsip_trace.txt:
> 
> [blink 5147] (5) 2020-03-20 12:07:33.353       endpoint Request msg REGISTER/cseq=1 (tdta0x7f648010daf0) created.
> [blink 5147] (5) 2020-03-20 12:07:33.353 tsx0x7f648010c .Transaction created for Request msg REGISTER/cseq=1 (tdta0x7f648010daf0)
> [blink 5147] (5) 2020-03-20 12:07:33.353 tsx0x7f648010c Sending Request msg REGISTER/cseq=1 (tdta0x7f648010daf0) in state Null
> [blink 5147] (5) 2020-03-20 12:07:33.353  sip_resolve.c .Target '10.47.0.14:0' type=TLS resolved to '10.47.0.14:5061' type=TLS (TLS transport)
> [blink 5147] (4) 2020-03-20 12:07:33.353 tlsc0x7f648018 .TLS client transport created
> [blink 5147] (4) 2020-03-20 12:07:33.353 tlsc0x7f648018 .TLS transport 10.133.0.3:43721 is connecting to 10.47.0.14:5061...
> [blink 5147] (5) 2020-03-20 12:07:33.353 tsx0x7f648010c .State changed from Null to Calling, event=TX_MSG
> [blink 5147] (3) 2020-03-20 12:07:33.412 tlsc0x7f648018 TLS connect() error: SSL certificate verification error (PJSIP_TLS_ECERTVERIF) [code=171173]
> [blink 5147] (3) 2020-03-20 12:07:33.412 tsx0x7f648010c Failed to send Request msg REGISTER/cseq=1 (tdta0x7f648010daf0)! err=171173 (SSL certificate verification error (PJSIP_TLS_ECERTVERIF))
> [blink 5147] (5) 2020-03-20 12:07:33.412 tsx0x7f648010c State changed from Calling to Terminated, event=TRANSPORT_ERROR
> [blink 5147] (5) 2020-03-20 12:07:33.412 tlsc0x7f648018 TLS send() error, sent=-171173
> [blink 5147] (5) 2020-03-20 12:07:33.416 tsx0x7f648010c Timeout timer event
> [blink 5147] (5) 2020-03-20 12:07:33.416 tsx0x7f648010c .State changed from Terminated to Destroyed, event=TIMER
> [blink 5147] (5) 2020-03-20 12:07:33.416 tsx0x7f648010c Transaction destroyed!
> 
> /etc/asterisk/sip.conf:
> 
> [general]
> context=public
> bindaddr=::
> tlsbindaddr=::
> allowoverlap=yes
> externip=(replaced for this email)
> localnet=10.0.0.0/255.0.0.0
> qualify=yes
> qualifyfreq=60
> transport=tls,udp
> tlsclientmethod=tlsv1.2
> tlsenable=yes
> udpenable=yes
> tcpenable=no
> encryption=yes
> tlscipher=EDH+aRSA+AES256:EECDH+aRSA+AES256
> tlscertfile=(replaced for this email)
> tlsprivatekey=(replaced for this email)
> rtcachefriends=yes
> nat=auto_force_rport,auto_comedia
> directmedia=no
> subscribecontext=phone-hints
> callcounter=yes
> videosupport=yes
> disallow=all
> allow=g722
> allow=speex
> allow=speex16
> allow=speex32
> allow=ulaw
> allow=alaw
> allow=ilbc
> allow=gsm
> allow=vp8
> 
> 
> I use /etc/ssl/certs/ca-certificates as the CA.
> 
> 
> Oh and I used openssl strace and the certificate is valid (with this CA as well)
> 
> 
> -- Karl
> 
> _______________________________________________
> Blink mailing list
> Blink at lists.ag-projects.com
> https://lists.ag-projects.com/mailman/listinfo/blink

More information about the Blink mailing list