Hi Tal, Please follow the inline comments.. On Wed, Dec 16, 2009 at 8:11 PM, Tal Fromm <tal.fromm at gmail.com> wrote: > Greetings, > > I have been using pjsip libraries for a while, and I also worked with the > TLS transport. > For now I'm authenticating the server and I'm using his CA file. > When I used version 1.4 or 1.4.5 all worked well on WM/Win32/Linux. > > After upgrading to version 1.5, and I know the ssl was rewrite I found that > the certification test?failed. > > While examining the code I found that the supplied file in > tls_setting.ca_list_file is not loaded by the library. > Here is what I did, and I want to get conformation that what I did is > correct. > > 1. In pjsip_tls_transport_start function the code checks if there is > cert_file value, but it doesn't check the other value. Ah I see, in this case only ca_list_file is set? This should be a bug then. > 2. Why are you calling pj_ssl_cert_load_from_file and then you use > pj_ssl_sock_set_certificate? The idea is to accommodate various certificate source types, e.g: file, store, memory, it's just currently only file is supported. > ??? Can't I use the &listener->ssock->cert as the last value in > pj_ssl_cert_load_from_file? pj_ssl_cert_load_from_file() is for loading cert from file only, moreover pj_ssl_sock is opaque, so you can't. > > After the change it still didn't work, so I added the certificate setting to > tls->ssock also in lis_create_transport. Yes, just done a quick check, there seems to be another silly bug. Modified #1005 to just include all TLS issues. Thanks for those reports! BR, nanang
