TLS/SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello All,

I have PJSIP built with the OPENSSL library and?everything seems to be fine, but I am having trouble figuring out the certificate portion. I am testing out the server verify portion flag on. Everything below was done programmatically. 

1. I generated a self-signed certificate (CA.pem) using an RSA key (CAkey.pem)
2. I generated a Certificate Signing Request (CSR) with another RSA key (VoipPrivKey.pem) and signed it with the CAkey.pem to become my certificate (cert.pem)
3. I repeated step two twice so App#1 and App#2 both had the same CA.pem file but their respective VoipPrivkey.pem and cert.pem

When generating the CSR, ?I call X509_REQ_verify(req, privatekey) and it passes. 
When I sign the CSR, I call X509_verify(cert, CAkey) and it passes. 
?
When I make a VOIP call and it tries to verify the server certificate I created. I believe it call X509_verify() from inside internal_verify() and it returns to PJSIP?(X509_V_ERR_CERT_SIGNATURE_FAILURE).

Does anyone have experience with this that could help me see what I may be doing wrong? When?verify_server is PJ_FALSE, everything is all dandy.

/////////////////////////////////////////////////////////////
//Certificate of Authority Private Key
/////////////////////////////////////////////////////////////
#defineCAKEY_FILE "CAkey.pem"

/////////////////////////////////////////////////////////////
//Certificate of Authority
/////////////////////////////////////////////////////////////
#define CA_FILE CA.pem

/////////////////////////////////////////////////////////////
//Certificate
/////////////////////////////////////////////////////////////
#define CERTIFICATE_FILE cert.pem

/////////////////////////////////////////////////////////////
//Private Key
/////////////////////////////////////////////////////////////
#define PRIVKEY_FILE VoipPrivKey.pem


udp_cfg.tls_setting.ca_list_file = pj_str(CA_FILE);
udp_cfg.tls_setting.cert_file = pj_str(CERTIFICATE_FILE);
udp_cfg.tls_setting.privkey_file = pj_str(PRIVKEY_FILE);
udp_cfg.tls_setting.verify_client = PJ_FALSE;
udp_cfg.tls_setting.verify_server = PJ_TRUE;?????????????



[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux