#2600 tls faild when check server enable

[Anonymous]

Originally created by: tywtyw2...@gmail.com

What steps will reproduce the problem?
1. Set up an account with TLS transport
2. Enable "Check server" in the secure transport settings.
3. Connection fails with "service unavailable" message. Log message: "TLS connect() error: SSL certificate verification error (PJSIP_TLS_ECERTVERIF) [code=171173]"

What is the expected output? What do you see instead?
With a valid certificate, the connection should be established.

What version of the product are you using? On what device / operating
system?
nexus 7 2012 version

Please provide any additional information below.

i check the ssl via openssl and bria(ios version)

tyw@CosHiM-MAC:~|⇒  openssl s_client -connect xxxxxxxx:5061 -showcerts

Server certificate
subject=/description=7xr8tGkgywoTYten/C=CA/CN=xxxxx/emailAddress=xxxxxx
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 5375 bytes and written 448 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DES-CBC3-SHA
    Session-ID: D2A0CA24FE358C7F5E112CF6C0C586692E489EE37F01A98A4A2DBDBAE15F7715
    Session-ID-ctx:
    Master-Key: 40D09F6F01B8320F347D24E0F327A2B3867DF94F5499E3BE4E9CEBC7249774BC71492A70DDA03B7B4B9B5FAD4A95E5CA
    Key-Arg   : None
    Start Time: 1387710531
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

[Anonymous]

Originally posted by: tywtyw2...@gmail.com

the log file from csipsimple, i already email to developers@csipsimple.com

[Anonymous]

Originally posted by: r3gis...@gmail.com

Hi,

When I check the certificate manually on my side I get :

verify error:num=19:self signed certificate in certificate chain
verify return:0

It makes me think there is maybe some problem with the certificate that makes think android OS it's self signed (maybe not the case on all platform because CA list is not the same). It seems to be confirmed by the logs you get :
"TLS connect() error: SSL certificate verification error (PJSIP_TLS_ECERTVERIF) [code=171173]" which means that the ssl certificate verification failed.

Can you try to manually install the CA (or the server certificate) on your android phone. There is usually this option in android settings > security.

Status: Need-Details

[Anonymous]

Originally posted by: tywtyw2...@gmail.com

After I Install StartCom Class 1 Primary Intermediate Server CA, this problem not solved.

NOW the openssl shows
twu5@ug01:~|⇒  openssl s_client -connect xxxxxx:5061 -CApath /etc/ssl/certs
CONNECTED(00000003)
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority
verify return:1
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA
verify return:1
depth=0 description = 7xr8tGkgywoTYten, C = CA, CN = xxxxxx, emailAddress = xxxxxxx
verify return:1

and i can see the  StartCom Certification Authority already in android CA,
and i manually install StartCom Class 1 Primary Intermediate Server CA

[Anonymous]

Originally posted by: r3gis...@gmail.com

(No comment was entered for this change.)

Status: Accepted

[Anonymous]

Originally posted by: iantma...@gmail.com

Hello, did you find a solution to this problem?

Than you.

[Anonymous]

Originally posted by: pabstr...@compuserve.com

Added a comment to issue 2303, perhaps that helps you to solve this issue yourself.