date:20211028

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

2021-10-28 Thread Lars Noodén


On 10/28/21 19:56, Adrian Georgescu wrote:

Try this command in a Terminal:

openssl s_client -connect proxy.sipthor.net:5061 



It returned the following:

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = sip2sip.info
verify return:1
CONNECTED(0003)
---
Certificate chain
 0 s:CN = sip2sip.info
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-BEGIN CERTIFICATE-
MIIFQjCCBCqgAwIBAgISBJ4BuE1hGOUGZ2rQVugrE9dkMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEwMTkyMjAxMDFaFw0yMjAxMTcyMjAxMDBaMBcxFTATBgNVBAMT
DHNpcDJzaXAuaW5mbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjS
td1Vm9gjozuux97+tzjgBdx+wS5h4XVnTvLn+ZbMS4f83ws1uPpl9m6mZtRja1Pz
DruIrzExHVXyWI1miae3LZUF45AxlaW3yIL09QsfMbKO0kKsK6K9LfoT8NbhzMWG
HDVrsZtXHeLhX3hHR1uGdEnvTa/AbezO+E7RfGaOtd+KC/zbHuxnodHd/IlFMH7v
q8+51ZOHcYV0wBF+AiQ7jPpHGZXJz/XuS9LvpheRzpsAlKaNvvqB9ULbztirtxo5
8Gh6j310vaQmP8h4OEkjPIpI/954keg0SBdBm7Xpwz1wpquzHuLjWn+aSzTZq1iA
aKsnHdef4x9NQa/OnE8CAwEAAaOCAmswggJnMA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUibj6bp60DbsM0d7XTAjsOMVABNQwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA
5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu
by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w
PAYDVR0RBDUwM4IRcHJveHkuc2lwdGhvci5uZXSCDHNpcDJzaXAuaW5mb4IQd3d3
LnNpcDJzaXAuaW5mbzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEB
ATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMG
CisGAQQB1nkCBAIEgfQEgfEA7wB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do
8JBilgb2AAABfJrJYKQDAEcwRQIhAJttKmhLEaYmTH0jc2xEzKWzwmmJzpUO
NcfNRU0iN1a1AiA9tAf6DwP3U8jaQTAN7LN3LGAx7hOO9UbyxcXXm95X4gB1ACl5
vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfJrJYHYAAAQDAEYwRAIg
IyJdN94OVm97wQZWu5GxywEDAzN+6MsK4IhdP+qDpFkCIBW4maL+qCQs3P3TsCdt
UwdQ7Ic1fnVUN2pJua3ncoZCMA0GCSqGSIb3DQEBCwUAA4IBAQBbmNZfHbjzvhux
THLOF08Ox3adk6Jl0azlWEsSDUY/xCYeo9cnqNJJzzA3Fg7w9PCUbRrOINi+ICNe
yprxADbHUHplmsX9oUx+s56q1+GA9yshKqoIdAk/GhzepR3VNwVr78lKE34/i0bC
8HTK12QMoR2CJZKOkafiP3ioz3U4P5AXzeeOZqCQdBqXHslCt0217yZFNCKcSla8
sn1qHZQ0RZf1iR74tcvpbgp/2IHQNp0A6KN7EVYYIQzV/KQDWUQdQJP5ZhvzDoOD
IuXxY0SyLfV+kKt5Xb1/QYQky5+gFVb0cyLlLRVre+EVGf/MmpyDaxau2Pa8odlf
M60CyzB1
-END CERTIFICATE-
subject=CN = sip2sip.info

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Requested Signature Algorithms:
ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Shared Requested Signature Algorithms:
ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4673 bytes and written 419 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol  : TLSv1.3
Cipher: TLS_AES_256_GCM_SHA384
Session-ID:
48507559565B481EDF60F8822F39CD3AC13071778D475BDEA427BE9089A60AB3
Session-ID-ctx:
Resumption PSK:
25DA4631F5DB9835B57642FE18C8264AAEE46761638972226F50395AC6FCD1E53050648DA2822DE0A670A098E7D44026
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
 - 7b c4 d5 6f 43 be 7a 88-fe 2c 16 f2 4a 25 b8 74
{..oC.z..,..J%.t
0010 - 8e 36 0a 6c 7e df c5 34-c6 65 cb b4 a9 f4 2d a2
.6.l~..4.e-.
0020 - 56 86 94 77 f4 14 80 f7-8f 12 2f b9 3d 4a 32 6d
V..w../.=J2m
0030 - 47 7b 26 8b f4 bc 34 71-72 4b 79 9c 54 ad 80 7c
G{&...4qrKy.T..|
0040 - c5 3f 85 18 1a 79 ae e6-3d 22 6f 45 13 af a5 1b
.?...y..="oE
0050 - 64 b6 44 24 5c cc 8d e0-b4 0e 54 bf 72 3a 30 56
d.D$\.T.r:0V
0060 - a8 cb 27 9d cc 15 cf 09-f5 cf 9e 53 7d f8 c5 55
..'S}..U
0070 - d8 12 9b d3 ce 64 a5 0a-ab d6 ea 7b 87 97 d8 61
.d.{...a
0080 - 4c 45 10 75 13 5c c6 eb-98 97 03 bf 79 13 f3 fd
LE.u.\..y...
0090 - 4a df 2d 5f 7a 4c 8a 61-06 44 fb f4 3a 8e 5f d0
J.-_zL.a.D..:._.
00a0 - 9b 08 e7 e7 fe e3 5e cd-e4 ba 8c d0 7f ba 40 cb
..^...@.
00b0 - 3b 44 ba 05 f8 1b 22 b8-c3 e7 89 47 8b f4 80 7f
;D"G
00c0 - 65

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

2021-10-28 Thread Adrian Georgescu

Try this command in a Terminal:

openssl s_client -connect proxy.sipthor.net:5061 



> On 28 Oct 2021, at 13:29, Lars Noodén  wrote:
> 
> On 10/28/21 19:18, Adrian Georgescu wrote:
>> If you enable pjsip trace you can find more info about the TLS negotiation...
> 
> Thanks.  Would that be Blink -> Preferences -> Logging -> Trace
> Notifications?  That has a lot of entries about "SSL certificate
> verification error (PJSIP_TLS_ECERTVERIF)"
> 
> I'll send the short log separately, offlist.
> 
> /Lars
> ___
> Blink mailing list
> Blink@lists.ag-projects.com
> https://lists.ag-projects.com/mailman/listinfo/blink
> 

___
Blink mailing list
Blink@lists.ag-projects.com
https://lists.ag-projects.com/mailman/listinfo/blink

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

2021-10-28 Thread Adrian Georgescu

It means that sip2sip.info  TLS server certificate is not 
recognised by your system perhaps the CA list is not up to date…



> On 28 Oct 2021, at 13:29, Lars Noodén  wrote:
> 
> On 10/28/21 19:18, Adrian Georgescu wrote:
>> If you enable pjsip trace you can find more info about the TLS negotiation...
> 
> Thanks.  Would that be Blink -> Preferences -> Logging -> Trace
> Notifications?  That has a lot of entries about "SSL certificate
> verification error (PJSIP_TLS_ECERTVERIF)"
> 
> I'll send the short log separately, offlist.
> 
> /Lars
> ___
> Blink mailing list
> Blink@lists.ag-projects.com
> https://lists.ag-projects.com/mailman/listinfo/blink
> 

___
Blink mailing list
Blink@lists.ag-projects.com
https://lists.ag-projects.com/mailman/listinfo/blink

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

2021-10-28 Thread Lars Noodén


On 10/28/21 19:18, Adrian Georgescu wrote:

If you enable pjsip trace you can find more info about the TLS negotiation...


Thanks.  Would that be Blink -> Preferences -> Logging -> Trace
Notifications?  That has a lot of entries about "SSL certificate
verification error (PJSIP_TLS_ECERTVERIF)"

I'll send the short log separately, offlist.

/Lars
___
Blink mailing list
Blink@lists.ag-projects.com
https://lists.ag-projects.com/mailman/listinfo/blink

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

2021-10-28 Thread Adrian Georgescu

If you enable pjsip trace you can find more info about the TLS negotiation...

> On 28 Oct 2021, at 13:07, Lars Noodén  wrote:
> 
> On 10/6/21 02:12, Adrian Georgescu wrote:> Sorry for these problems
> still persist, we have a forst of servers
> > and we still could not replace all certs, I am discovering strange
> > combinations of certs /OS incompatibilities still myself.
> >
> > Thank you for reporting Lars, and thank you for clarifications Jeff!
> >
> > Adrian
> 
> Hi,
> 
> I've checked the client I have here and it seems like that might be ok.
> So the expired certificate must be elsewhere and hard to find?
> 
> $ openssl verify -CAfile /usr/share/blink/tls/ca.crt \
>   /usr/share/blink/tls/default.crt
> /usr/share/blink/tls/default.crt: OK
> 
> That's with Blink 5.1.7focal
> 
> /Lars
> ___
> Blink mailing list
> Blink@lists.ag-projects.com
> https://lists.ag-projects.com/mailman/listinfo/blink
> 

___
Blink mailing list
Blink@lists.ag-projects.com
https://lists.ag-projects.com/mailman/listinfo/blink

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

2021-10-28 Thread Lars Noodén


On 10/6/21 02:12, Adrian Georgescu wrote:> Sorry for these problems
still persist, we have a forst of servers
> and we still could not replace all certs, I am discovering strange
> combinations of certs /OS incompatibilities still myself.
>
> Thank you for reporting Lars, and thank you for clarifications Jeff!
>
> Adrian

Hi,

I've checked the client I have here and it seems like that might be ok.
 So the expired certificate must be elsewhere and hard to find?

$ openssl verify -CAfile /usr/share/blink/tls/ca.crt \
/usr/share/blink/tls/default.crt
/usr/share/blink/tls/default.crt: OK

That's with Blink 5.1.7focal

/Lars
___
Blink mailing list
Blink@lists.ag-projects.com
https://lists.ag-projects.com/mailman/listinfo/blink

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

Re: [Blink] Expired certificate for Ubuntu Focal Repository?

6 matches

Site Navigation

Mail list logo

Footer information