Hello and thanks for answer.
But I still need help.
1. the only unchecked on screenshot is "Verify incoming
certificates, as a server"
But I do not use SFL as server. I use it as a client:
SFL is client connecting to SIP server of provider (which sends
TLS server (!) hello message). That is the server, not SFL.
On the other side - I have the correct checkbox checked:
"Verify certs from answer. as a client"
That should be the correct one for what I want.
??
2. But - let assume, that the checkboxes in SFL are swapped.
I still need to know, what where to put.
Descriptions:
- "Certificate of authority list"
- "Public endpoint cert. file"
do not make sense for me..
I'm working with certs but I newer had hear about something like
"Certificate of authority list".
Thank you
--kapetr
Dne 20.7.2015 v 18:56 Emmanuel Lepage napsal(a):
Hello kapetr,
The connection always succeed because you unchecked the validation checkbox at
the bottom. Unfortunately, due to a bug in 1.3.0, some servers may require this
checkbox to be unchecked to work. This bug has been fixed in recent Ring
version (it still exist in SFLphone 1.4.1). You are right that, in 1.3.0, you
can use a cat picture as a certificate and as long as the validation checkbox
is unchecked, it will still work (the file is ignored). Newer Ring versions
have much tougher security validation code and will at least warn you about
those issues (currently only exposed in the interface by the KDE client).
As for Ring, SFLPhone 2.0.0 (never released) = Ring 2.0.0 (released April 2).
Ring currently doesn't have all SFLphone features, but it is getting close. It
would be hard to port Ring to Ubuntu 12.04 as it use newer technologies such as
C++11 and LibAV that didn't exist or were not mature enough in 2012.
SFLphone/Ring usually support the latest Ubuntu LTS release. We dropped the
support for 12.04 1 week after 14.04 was released to be able to take advantage
of the technological improvements. Ring also have many new features such as
peer to peer calling, much better contact integration, auto completion and tons
of bugs/reliability fixes.
Regards,
Emmanuel
----- Original Message -----
From: [email protected]
To: "SFLphone" <[email protected]>
Sent: Monday, July 20, 2015 9:46:13 AM
Subject: [SFLphone] TLS settings
Hello.
I have problem with SIPS - TLS config.
See
http://ulozto.cz/xt7FkfX8/sflph-png
I would like to ask where to put registrar-server-crt, where to
put CA-crt (issuer of this server-crt).
I tried put them in all possible places, but the TLS connection
ALLWAYS succeeds, even if I use only one crt or even wrong crt.
How to enforce crt validation ? Where to put what ?
Note: ver. 1.3.0 = newest available on U12.04
Thanks.
P.S.: what is the relationship between sflphone and rign their
version numbers ?
As I can see, there is no ring vesion for older U12.04 (nor ppa
exists) ?
Thank you.
--kapetr
_______________________________________________
SFLphone mailing list
[email protected]
https://lists.savoirfairelinux.net/mailman/listinfo/sflphone
_______________________________________________
SFLphone mailing list
[email protected]
https://lists.savoirfairelinux.net/mailman/listinfo/sflphone
