I discovered a non-obvious solution to a TLS issue when trying to connect to a SIP proxy.
The Accounts tab just kept reporting connection failed without giving any useful feedback why. I recently discovered how to get debugging messages from: org.freedesktop.Telepathy.Connection.sofiasip.sip.<account> /org/freedesktop/Telepathy/debug org.freedesktop.Telepathy.Debug.GetMessages That reported a detailed error message about failing to validate the certificate chain. I was confused as I was using a real (StartCom) certificate whose root certificate is available in both /etc/ssl/certs and KDE System Settings > SSL Preferences. I then discovered buried in the NEWS for telepathy-rakia: - Verify the validity of TLS certificates presented by SIP connection peers. This change is disruptive: it relies on root CA certificates being available to sofia-sip in the default verification path ``~/.sip/auth`` or file ``~/.sip/auth/cafile.pem``, or sofia-sip changed to use OpenSSL library defaults for verification path (sf.net #3306245). The connection parameter "ignore-tls-errors" is added to disable verification. Once I stuck the root certificate in ~/.sip/auth/cafile.pem it could connect, however that's a whole host of user unfriendly problems there. 1) ktp should give a better error message preferably about why the certificate is invalid 2) the "ignore-tls-errors" setting should be made visible in the advanced account configuration dialog in kde-telepathy 3) there really should be some way of either setting the certificate via dbus, or at least some method to help the user put the root certificate in the right spot. (At the very least posting this should hopefully make the work-around available to search engines). Diane _______________________________________________ KDE-Telepathy mailing list [email protected] https://mail.kde.org/mailman/listinfo/kde-telepathy
