On 27/01/14 14:43, Simon McVittie wrote: > On Mon, 20 Jan 2014 at 11:49:06 +0100, Daniel Pocock wrote: >> Could you please suggest a recommended configuration for debian.org SIP >> users to use Empathy? >> I've tried it myself but it fails to register (using 0.7.4-1 from wheezy) > You require TLS, right? I think this is probably the same thing as > <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699103>. > > I'll try the workaround from that bug; as a first step, it'd be good to > confirm that a workaround exists. If that works, as discussed on #699103, > either sofia-sip or telepathy-rakia could be patched to use the Debian > CA certificates by default.
One other thing to be aware of: - the certificate on the proxy has the name "debian.org" as a subjectAltName, it does not have the hostname - if the user is configuring the exact hostname (e.g. "vogler.debian.org") then the TLS client code may think there is a certificate mismatch - if the client code is using NAPTR and SRV records, and no explicit hostname is entered in the user account settings, the it should trust the certificate for "debian.org" I can also speak to DSA about creating a certificate with additional subjectAltName values if required (e.g. we could have one associated with an A record as well as those associated with the NAPTR), this will only work if Empathy supports multiple subjectAltNames in certificates -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
