Is this fix available in SVN? I could not find information from the logs. Regards Sarun.M.N. -----Original Message----- From: pjsip-bounces@xxxxxxxxxxxxxxx [mailto:pjsip-bounces at lists.pjsip.org] On Behalf Of Nanang Izzuddin Sent: Wednesday, December 16, 2009 8:38 AM To: pjsip list Subject: Re: Problems with TLS in version 1.5 Hi Tal, Please follow the inline comments.. On Wed, Dec 16, 2009 at 8:11 PM, Tal Fromm <tal.fromm at gmail.com> wrote: > Greetings, > > I have been using pjsip libraries for a while, and I also worked with > the TLS transport. > For now I'm authenticating the server and I'm using his CA file. > When I used version 1.4 or 1.4.5 all worked well on WM/Win32/Linux. > > After upgrading to version 1.5, and I know the ssl was rewrite I found > that the certification test?failed. > > While examining the code I found that the supplied file in > tls_setting.ca_list_file is not loaded by the library. > Here is what I did, and I want to get conformation that what I did is > correct. > > 1. In pjsip_tls_transport_start function the code checks if there is > cert_file value, but it doesn't check the other value. Ah I see, in this case only ca_list_file is set? This should be a bug then. > 2. Why are you calling pj_ssl_cert_load_from_file and then you use > pj_ssl_sock_set_certificate? The idea is to accommodate various certificate source types, e.g: file, store, memory, it's just currently only file is supported. > ??? Can't I use the &listener->ssock->cert as the last value in > pj_ssl_cert_load_from_file? pj_ssl_cert_load_from_file() is for loading cert from file only, moreover pj_ssl_sock is opaque, so you can't. > > After the change it still didn't work, so I added the certificate > setting to > tls->ssock also in lis_create_transport. Yes, just done a quick check, there seems to be another silly bug. Modified #1005 to just include all TLS issues. Thanks for those reports! BR, nanang _______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip at lists.pjsip.org http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
