[pjsip] Problems with TLS in version 1.5

Tal Fromm tal.fromm at gmail.com
Wed Dec 16 08:11:31 EST 2009


Greetings,

I have been using pjsip libraries for a while, and I also worked with the
TLS transport.
For now I'm authenticating the server and I'm using his CA file.
When I used version 1.4 or 1.4.5 all worked well on WM/Win32/Linux.

After upgrading to version 1.5, and I know the ssl was rewrite I found that
the certification test failed.

While examining the code I found that the supplied file in
tls_setting.ca_list_file is not loaded by the library.
Here is what I did, and I want to get conformation that what I did is
correct.

1. In pjsip_tls_transport_start function the code checks if there is
cert_file value, but it doesn't check the other value.
2. Why are you calling pj_ssl_cert_load_from_file and then you use
pj_ssl_sock_set_certificate?
    Can't I use the &listener->ssock->cert as the last value in
pj_ssl_cert_load_from_file?

After the change it still didn't work, so I added the certificate setting to
tls->ssock also in lis_create_transport.

The changes mentioned fixed the problem, and I can now connect with server
verification.
What am I missing?

Best regards,
Tal Fromm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20091216/7ac6361b/attachment.html>


More information about the pjsip mailing list