It can be any name.
From:
resiprocate-users-bounces@xxxxxxxxxxxxxxx
[mailto:resiprocate-users-bounces@xxxxxxxxxxxxxxx] On Behalf Of Xiexin
Sent: Monday, April 20, 2009 10:18 AM
To: Scott Godin
Cc: resiprocate-users@xxxxxxxxxxxxxxx
Subject: Re: [reSIProcate-users] Please help, TLS not working on XP,
urgrently
Yes, I read it, excuse me, last
question: the <rootCA-name> can be as any name ? Or must matching
with the certificate properties?
thanks
On Mon, Apr 20, 2009 at 10:10 PM, Scott Godin <sgodin@xxxxxxxxxxxxxxx> wrote:
It must be named root_cert_.... - see http://www.resiprocate.org/Certificates.
Scott
On Mon, Apr 20, 2009 at 9:53 AM, Xiexin <xiexin1008@xxxxxxxxx>
wrote:
Thanks Soctt, if use the Security instead of WinSecurity,
does the root certificate must named root_cert_<rootCA-name>.pem ?
Or it can be as xxxxxxx.pem ?
thanks
On Mon, Apr 20, 2009 at 8:16 PM, Scott Godin <sgodin@xxxxxxxxxxxxxxx>
wrote:
Using a public cert should not really change anything, other
than the
fact that using acert from a different root may avoid whatever issue
is happening here. A workaround you can try is to use Security
instead of WinSecurity and place the cert pem files in a directory to
be loaded instead of the windows cert store.
Scott
On 4/20/09, Xiexin <xiexin1008@xxxxxxxxx>
wrote:
> Dear Scott, if I'm not use the self-signed certificate and buy a
certificate
> from verisign, then will avoid this issue, right ?
> thanks
>
>
> On Sun, Apr 19, 2009 at 9:32 PM, Scott Godin <sgodin@xxxxxxxxxxxxxxx>
wrote:
>
>> Try logging the return value from the call to X509_STORE_add_cert.
>> Scott
>>
>> On Sat, Apr 18, 2009 at 11:50 PM, Xiexin <xiexin1008@xxxxxxxxx>
wrote:
>>
>>> Hi Soctt, another ting, you told me add the login in for
>>> BaseSecurity::addCertX509 function, there is the code, what are
>>> items(parameters) need to log ?
>>> thanks
>>>
>>> void
>>> BaseSecurity::addCertX509(PEMType type, const Data& key, X509*
cert, bool
>>> write) const
>>> {
>>> switch (type)
>>> {
>>> case DomainCert:
>>> {
>>>
mDomainCerts.insert(std::make_pair(key, cert));
>>> }
>>> break;
>>> case UserCert:
>>> {
>>> mUserCerts.insert(std::make_pair(key,
cert));
>>> }
>>> break;
>>> case RootCert:
>>> {
>>>
X509_STORE_add_cert(mRootTlsCerts,cert);
>>>
X509_STORE_add_cert(mRootSslCerts,cert);
>>> X509_free(cert);
>>> }
>>> break;
>>> default:
>>> {
>>> assert(0);
>>> }
>>> }
>>>
>>> if (write)
>>> {
>>> // creates a read/write BIO buffer.
>>> BIO *out = BIO_new(BIO_s_mem());
>>> assert(out);
>>> try
>>> {
>>> int ret =
PEM_write_bio_X509(out, cert);
>>> assert(ret);
>>>
>>> BIO_flush(out);
>>> // get content in BIO buffer to
our buffer.
>>> char* p = 0;
>>> size_t len =
BIO_get_mem_data(out,&p);
>>> assert(p);
>>> assert(len);
>>> Data buf(Data::Borrow, p,
len);
>>>
>>> this->onWritePEM(key, type,
buf);
>>> }
>>> catch(...)
>>> {
>>> ErrLog(<<"Caught
exception: ");
>>> BIO_free(out);
>>> throw;
>>> }
>>> BIO_free(out);
>>>
>>> }
>>> }
>>>
>>>
>>> On Sun, Apr 19, 2009 at 11:48 AM, Xiexin <xiexin1008@xxxxxxxxx>
wrote:
>>>
>>>> Thank you Scott, I have try to delete the duplicate certs, but
still
>>>> can't working.
>>>>
>>>> I'm read the wiki: http://www.resiprocate.org/Certificates
>>>> there says:
>>>> Place the base64 PEM format certificates in the path specified,
and use
>>>> the following naming scheme:
>>>>
>>>> * root_cert_<rootCA-name>.pem - public key
for root CA
>>>> * domain_cert_<domain-name>.pem - public
key used for domain
>>>> validation in TLS
>>>> * domain_key_<domain-name>.pem - private
key used for domain
>>>> validation in TLS (Server)
>>>>
>>>> Do I need install three certificates in window?
Currently I just
>>>> installed the root certificate only(I'm using WinSecurity
class), do not
>>>> install the domain_cert and domain_key certificates, so it
leads my
>>>> error ?
>>>> But on vista, my UA and eyebeam all are working with TLS
even if just
>>>> install the
>>>> root certificates only.
>>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Apr 17, 2009 at 9:08 AM, Scott Godin
>>>> <sgodin@xxxxxxxxxxxxxxx>wrote:
>>>>
>>>>> On your XP logs it appears as if did not find the
appropriate root
>>>>> certificate in the store. I have seen issues with
WinSecurity, that I
>>>>> never
>>>>> really got the bottom of, where the windows certificate
store contains
>>>>> multiple copies of the same/similar certificate (ie.
sometimes same
>>>>> certificate serial number, sometimes just the same
certificate name).
>>>>> I
>>>>> never really nailed down exactly what constituted a
"duplicated"
>>>>> certificate, but adding the 2nd "duplicate" cert
to the OpenSSL
>>>>> certificate
>>>>> store was getting an error. Unfortunately I don't
believe resiprocate
>>>>> will
>>>>> currently log anything if X509_STORE_add_cert fails - you
might want to
>>>>> try
>>>>> adding some debugging code to BaseSecurity::addCertX509.
Also check
>>>>> your
>>>>> windows certificate store to see if you think there are
"duplicate"
>>>>> certs,
>>>>> and try removing all but the correct one.
>>>>> Scott
>>>>>
>>>>> On Thu, Apr 16, 2009 at 1:41 PM, Xiexin <xiexin1008@xxxxxxxxx>
wrote:
>>>>>
>>>>>> Hi all, I'm using the reSIProcate 1.4.1 for my UA, the
UA use TLS for
>>>>>> SIP message with SIP server,
>>>>>> now I got a strange issue, the UA working fine on
Vista via TLS, but
>>>>>> on
>>>>>> XP, got the error: certificate verify failed.
>>>>>>
>>>>>> These two PCs installed same root certificate file -
it was installed
>>>>>> in the root trusted store area. and I'm using the
winSecureity for my
>>>>>> UA.
>>>>>>
>>>>>> I have attached two log files- the textfile1.txt which
generated on
>>>>>> XP,
>>>>>> the textfile2.txt on the Vista.
>>>>>>
>>>>>> Please help me, thank you in advance.
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> resiprocate-users mailing list
>>>>>> resiprocate-users@xxxxxxxxxxxxxxx
>>>>>> List Archive: http://list.resiprocate.org/archive/resiprocate-users/
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
--
Sent from my mobile device
|