Re: [Freeswitch-users] How to debug TLS handshake errors?
My distro is fedora 10 with all the current patches. SSLwatch fails to build and it seems more than a trivial change to make it work; however, it seems that the error message from Freeswitch tells it all... Is there any special debug statement in Freeswitch to see more about its TLS negotations? Thanks, __Yehavi: 2009/12/21 Brian West br...@freeswitch.org You have to watch it with TLS. Make sure your distro didn't mess up your SSL libs due to the recent vulnerability found. I havn't tested with my polycom in a few weeks but it was working on my Polycom after I uploaded the ca cert and marked it as trusted/used on the phone. /b On Dec 20, 2009, at 8:26 AM, Yehavi Bourvine wrote: I am trying now to set a Polycom to work with FreeSwitch and TLS. I have a Polycom-501 which does not have an internal certificate, thus only one-way certificate validation is needed. I've downloaded the root certificate to he Polyciom, and Freeswitch gives me the following error: Peer did not provide X.509 Certificate I understand that it tries to do mutual authentication which is not possible in this case. How can I tell FreeSwitch to ignore the client's certificate? BTW, I am running 1.0.5pre9, and it works ok using TLS with SNOM and Yealink. Thanks! __Yehavi: ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] How to debug TLS handshake errors?
I am trying now to set a Polycom to work with FreeSwitch and TLS. I have a Polycom-501 which does not have an internal certificate, thus only one-way certificate validation is needed. I've downloaded the root certificate to he Polyciom, and Freeswitch gives me the following error: Peer did not provide X.509 Certificate I understand that it tries to do mutual authentication which is not possible in this case. How can I tell FreeSwitch to ignore the client's certificate? BTW, I am running 1.0.5pre9, and it works ok using TLS with SNOM and Yealink. Thanks! __Yehavi: 2009/12/17 Yehavi Bourvine yehavi.bourv...@gmail.com I am trying Audiocodes and Vegastream ATAs, and work with either the manufacturer or the local representative here. On SNOM I managed to make it work, and will try Polycom soon (once I manage to grab one unit from our users...). Thanks, __yehavi: 2009/12/17 Brian West br...@freeswitch.org Also what device are you using? I haven't tested with many so far... Polycom, Snom and a few others do TLS (see interop page on wiki) others do it wrong. /b On Dec 17, 2009, at 10:04 AM, Kristian Kielhofner wrote: You could try ssldump: http://www.rtfm.com/ssldump/ ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] How to debug TLS handshake errors?
You have to watch it with TLS. Make sure your distro didn't mess up your SSL libs due to the recent vulnerability found. I havn't tested with my polycom in a few weeks but it was working on my Polycom after I uploaded the ca cert and marked it as trusted/used on the phone. /b On Dec 20, 2009, at 8:26 AM, Yehavi Bourvine wrote: I am trying now to set a Polycom to work with FreeSwitch and TLS. I have a Polycom-501 which does not have an internal certificate, thus only one-way certificate validation is needed. I've downloaded the root certificate to he Polyciom, and Freeswitch gives me the following error: Peer did not provide X.509 Certificate I understand that it tries to do mutual authentication which is not possible in this case. How can I tell FreeSwitch to ignore the client's certificate? BTW, I am running 1.0.5pre9, and it works ok using TLS with SNOM and Yealink. Thanks! __Yehavi: ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] How to debug TLS handshake errors?
You could try ssldump: http://www.rtfm.com/ssldump/ On Thu, Dec 17, 2009 at 12:16 AM, Yehavi Bourvine yehavi.bourv...@gmail.com wrote: Hello, I am trying to debug a TLS handshake error between FreeSwitch and some ATA. When setting the loglevel to 9 I get only a message that TLS handshake failed. Is there some other debug command to show what happens during the TLS handshake process? Thanks! __Yehavi: ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org -- Kristian Kielhofner http://www.astlinux.org http://blog.krisk.org http://www.star2star.com http://www.submityoursip.com http://www.voalte.com ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] How to debug TLS handshake errors?
I am trying Audiocodes and Vegastream ATAs, and work with either the manufacturer or the local representative here. On SNOM I managed to make it work, and will try Polycom soon (once I manage to grab one unit from our users...). Thanks, __yehavi: 2009/12/17 Brian West br...@freeswitch.org Also what device are you using? I haven't tested with many so far... Polycom, Snom and a few others do TLS (see interop page on wiki) others do it wrong. /b On Dec 17, 2009, at 10:04 AM, Kristian Kielhofner wrote: You could try ssldump: http://www.rtfm.com/ssldump/ ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
[Freeswitch-users] How to debug TLS handshake errors?
Hello, I am trying to debug a TLS handshake error between FreeSwitch and some ATA. When setting the loglevel to 9 I get only a message that TLS handshake failed. Is there some other debug command to show what happens during the TLS handshake process? Thanks! __Yehavi: ___ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org