This took awhile but is now implemented into latest python3-sipsimple trunk based on this thread:
https://github.com/AGProjects/python-sipsimple/pull/7 This and other changes and improvements will be available soon in Blink and SylkServer alike. Regards, Adrian > On 20 Mar 2020, at 10:22, Dr. Karl Heinz Grube <gr...@technikum-wien.at> > wrote: > > Hello! > > I have an Asterisk server running and with Linphone and Jami I am able to > verify the TLS certificates, but with blink it does not work: > > pjsip_trace.txt: > > [blink 5147] (5) 2020-03-20 12:07:33.353 endpoint Request msg > REGISTER/cseq=1 (tdta0x7f648010daf0) created. > [blink 5147] (5) 2020-03-20 12:07:33.353 tsx0x7f648010c .Transaction created > for Request msg REGISTER/cseq=1 (tdta0x7f648010daf0) > [blink 5147] (5) 2020-03-20 12:07:33.353 tsx0x7f648010c Sending Request msg > REGISTER/cseq=1 (tdta0x7f648010daf0) in state Null > [blink 5147] (5) 2020-03-20 12:07:33.353 sip_resolve.c .Target > '10.47.0.14:0' type=TLS resolved to '10.47.0.14:5061' type=TLS (TLS transport) > [blink 5147] (4) 2020-03-20 12:07:33.353 tlsc0x7f648018 .TLS client transport > created > [blink 5147] (4) 2020-03-20 12:07:33.353 tlsc0x7f648018 .TLS transport > 10.133.0.3:43721 is connecting to 10.47.0.14:5061... > [blink 5147] (5) 2020-03-20 12:07:33.353 tsx0x7f648010c .State changed from > Null to Calling, event=TX_MSG > [blink 5147] (3) 2020-03-20 12:07:33.412 tlsc0x7f648018 TLS connect() error: > SSL certificate verification error (PJSIP_TLS_ECERTVERIF) [code=171173] > [blink 5147] (3) 2020-03-20 12:07:33.412 tsx0x7f648010c Failed to send > Request msg REGISTER/cseq=1 (tdta0x7f648010daf0)! err=171173 (SSL certificate > verification error (PJSIP_TLS_ECERTVERIF)) > [blink 5147] (5) 2020-03-20 12:07:33.412 tsx0x7f648010c State changed from > Calling to Terminated, event=TRANSPORT_ERROR > [blink 5147] (5) 2020-03-20 12:07:33.412 tlsc0x7f648018 TLS send() error, > sent=-171173 > [blink 5147] (5) 2020-03-20 12:07:33.416 tsx0x7f648010c Timeout timer event > [blink 5147] (5) 2020-03-20 12:07:33.416 tsx0x7f648010c .State changed from > Terminated to Destroyed, event=TIMER > [blink 5147] (5) 2020-03-20 12:07:33.416 tsx0x7f648010c Transaction destroyed! > > /etc/asterisk/sip.conf: > > [general] > context=public > bindaddr=:: > tlsbindaddr=:: > allowoverlap=yes > externip=(replaced for this email) > localnet=10.0.0.0/255.0.0.0 > qualify=yes > qualifyfreq=60 > transport=tls,udp > tlsclientmethod=tlsv1.2 > tlsenable=yes > udpenable=yes > tcpenable=no > encryption=yes > tlscipher=EDH+aRSA+AES256:EECDH+aRSA+AES256 > tlscertfile=(replaced for this email) > tlsprivatekey=(replaced for this email) > rtcachefriends=yes > nat=auto_force_rport,auto_comedia > directmedia=no > subscribecontext=phone-hints > callcounter=yes > videosupport=yes > disallow=all > allow=g722 > allow=speex > allow=speex16 > allow=speex32 > allow=ulaw > allow=alaw > allow=ilbc > allow=gsm > allow=vp8 > > > I use /etc/ssl/certs/ca-certificates as the CA. > > > Oh and I used openssl strace and the certificate is valid (with this CA as > well) > > > -- Karl > > _______________________________________________ > Blink mailing list > Blink@lists.ag-projects.com > https://lists.ag-projects.com/mailman/listinfo/blink _______________________________________________ Blink mailing list Blink@lists.ag-projects.com https://lists.ag-projects.com/mailman/listinfo/blink
