On 24-03-14 21:28, Patrick Laimbock wrote: [snip]
== Problem setting up ssl connection: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure [Mar 24 21:20:56] WARNING[28467]: tcptls.c:272 handle_tcptls_connection:
So others may find the fix: make sure the server and client certificates have the proper keyUsage. The ast_gen_tls script does not set them and this caused the handshake/verification to fail.
The client certificate needs something like: keyUsage = digitalSignature, keyEncipherment extendedKeyUsage = clientAuth The server certificate needs something like: keyUsage = digitalSignature, keyEncipherment extendedKeyUsage = serverAuth HTH, Patrick -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
