22 Jan
2010
22 Jan
'10
5:03 p.m.
(forgotten to cc the list)
Andreas Rehbein schrieb:
Hi Klaus,
until now (OpenSER 1.3.x without client verification) it was not necessary
to import certs into snom.
To force the snom to send Messages via tls, you need to insert something
like "192.168.0.89:5061;transport=tls" in the outbound proxy field (but
I'm
sure you already knew)
Looks like SNOMs TLS implementation is a piece of crap.
If the server uses a TLS certificate with depth 1 (CA->server-cert),
then the SNOM phone accepts the certificate and handshake succeeds. If
the certificate has depth 2 (CA->subCA->server-cert), then the SNOM
phone raises an error during handshake.
And strangely, the "trusted certificates" are not used at all for
validation. Thus, SNOM uses the TLS connection solely for encryption,
not for server authentication.
regards
klaus
regards
Andreas
-----Ursprüngliche Nachricht-----
Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at]
Gesendet: Freitag, 22. Januar 2010 13:17
An: Andreas Rehbein
Cc: sr-users(a)lists.sip-router.org
Betreff: Re: AW: AW: AW: [SR-Users] TLS problems
Andreas Rehbein schrieb:
Hello Klaus,
Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5
OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Hi Andreas!
I fail to configure SNOM to accept the certificate. I imported the CA
cert as trusted certificates, but TLS handshake is not successful. Is
there something else I need to take care of?
I'm quite sure my certificates are OK as it works with eyebeam and QjSimple.
regards
Klaus
5418
days inactive
5418
days old
0 comments
1 participants
participants (1)
-
Klaus Darilion