Re: [reSIProcate-users] Please help, TLS not working on XP, urgrently
Using a public cert should not really change anything, other than the
fact that using acert from a different root may avoid whatever issue
is happening here. A workaround you can try is to use Security
instead of WinSecurity and place the cert pem files in a directory to
be loaded instead of the windows cert store.
Scott
On 4/20/09, Xiexin <xiexin1008@xxxxxxxxx> wrote:
> Dear Scott, if I'm not use the self-signed certificate and buy a certificate
> from verisign, then will avoid this issue, right ?
> thanks
>
>
> On Sun, Apr 19, 2009 at 9:32 PM, Scott Godin <sgodin@xxxxxxxxxxxxxxx> wrote:
>
>> Try logging the return value from the call to X509_STORE_add_cert.
>> Scott
>>
>> On Sat, Apr 18, 2009 at 11:50 PM, Xiexin <xiexin1008@xxxxxxxxx> wrote:
>>
>>> Hi Soctt, another ting, you told me add the login in for
>>> BaseSecurity::addCertX509 function, there is the code, what are
>>> items(parameters) need to log ?
>>> thanks
>>>
>>> void
>>> BaseSecurity::addCertX509(PEMType type, const Data& key, X509* cert, bool
>>> write) const
>>> {
>>> switch (type)
>>> {
>>> case DomainCert:
>>> {
>>> mDomainCerts.insert(std::make_pair(key, cert));
>>> }
>>> break;
>>> case UserCert:
>>> {
>>> mUserCerts.insert(std::make_pair(key, cert));
>>> }
>>> break;
>>> case RootCert:
>>> {
>>> X509_STORE_add_cert(mRootTlsCerts,cert);
>>> X509_STORE_add_cert(mRootSslCerts,cert);
>>> X509_free(cert);
>>> }
>>> break;
>>> default:
>>> {
>>> assert(0);
>>> }
>>> }
>>>
>>> if (write)
>>> {
>>> // creates a read/write BIO buffer.
>>> BIO *out = BIO_new(BIO_s_mem());
>>> assert(out);
>>> try
>>> {
>>> int ret = PEM_write_bio_X509(out, cert);
>>> assert(ret);
>>>
>>> BIO_flush(out);
>>> // get content in BIO buffer to our buffer.
>>> char* p = 0;
>>> size_t len = BIO_get_mem_data(out,&p);
>>> assert(p);
>>> assert(len);
>>> Data buf(Data::Borrow, p, len);
>>>
>>> this->onWritePEM(key, type, buf);
>>> }
>>> catch(...)
>>> {
>>> ErrLog(<<"Caught exception: ");
>>> BIO_free(out);
>>> throw;
>>> }
>>> BIO_free(out);
>>>
>>> }
>>> }
>>>
>>>
>>> On Sun, Apr 19, 2009 at 11:48 AM, Xiexin <xiexin1008@xxxxxxxxx> wrote:
>>>
>>>> Thank you Scott, I have try to delete the duplicate certs, but still
>>>> can't working.
>>>>
>>>> I'm read the wiki: http://www.resiprocate.org/Certificates
>>>> there says:
>>>> Place the base64 PEM format certificates in the path specified, and use
>>>> the following naming scheme:
>>>>
>>>> * root_cert_<rootCA-name>.pem - public key for root CA
>>>> * domain_cert_<domain-name>.pem - public key used for domain
>>>> validation in TLS
>>>> * domain_key_<domain-name>.pem - private key used for domain
>>>> validation in TLS (Server)
>>>>
>>>> Do I need install three certificates in window? Currently I just
>>>> installed the root certificate only(I'm using WinSecurity class), do not
>>>> install the domain_cert and domain_key certificates, so it leads my
>>>> error ?
>>>> But on vista, my UA and eyebeam all are working with TLS even if just
>>>> install the
>>>> root certificates only.
>>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Apr 17, 2009 at 9:08 AM, Scott Godin
>>>> <sgodin@xxxxxxxxxxxxxxx>wrote:
>>>>
>>>>> On your XP logs it appears as if did not find the appropriate root
>>>>> certificate in the store. I have seen issues with WinSecurity, that I
>>>>> never
>>>>> really got the bottom of, where the windows certificate store contains
>>>>> multiple copies of the same/similar certificate (ie. sometimes same
>>>>> certificate serial number, sometimes just the same certificate name).
>>>>> I
>>>>> never really nailed down exactly what constituted a "duplicated"
>>>>> certificate, but adding the 2nd "duplicate" cert to the OpenSSL
>>>>> certificate
>>>>> store was getting an error. Unfortunately I don't believe resiprocate
>>>>> will
>>>>> currently log anything if X509_STORE_add_cert fails - you might want to
>>>>> try
>>>>> adding some debugging code to BaseSecurity::addCertX509. Also check
>>>>> your
>>>>> windows certificate store to see if you think there are "duplicate"
>>>>> certs,
>>>>> and try removing all but the correct one.
>>>>> Scott
>>>>>
>>>>> On Thu, Apr 16, 2009 at 1:41 PM, Xiexin <xiexin1008@xxxxxxxxx> wrote:
>>>>>
>>>>>> Hi all, I'm using the reSIProcate 1.4.1 for my UA, the UA use TLS for
>>>>>> SIP message with SIP server,
>>>>>> now I got a strange issue, the UA working fine on Vista via TLS, but
>>>>>> on
>>>>>> XP, got the error: certificate verify failed.
>>>>>>
>>>>>> These two PCs installed same root certificate file - it was installed
>>>>>> in the root trusted store area. and I'm using the winSecureity for my
>>>>>> UA.
>>>>>>
>>>>>> I have attached two log files- the textfile1.txt which generated on
>>>>>> XP,
>>>>>> the textfile2.txt on the Vista.
>>>>>>
>>>>>> Please help me, thank you in advance.
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> resiprocate-users mailing list
>>>>>> resiprocate-users@xxxxxxxxxxxxxxx
>>>>>> List Archive: http://list.resiprocate.org/archive/resiprocate-users/
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
--
Sent from my mobile device
- References:
- [reSIProcate-users] Please help, TLS not working on XP, urgrently
- Re: [reSIProcate-users] Please help, TLS not working on XP, urgrently
- Re: [reSIProcate-users] Please help, TLS not working on XP, urgrently
- Re: [reSIProcate-users] Please help, TLS not working on XP, urgrently
- Re: [reSIProcate-users] Please help, TLS not working on XP, urgrently
- Re: [reSIProcate-users] Please help, TLS not working on XP, urgrently