<div dir="ltr"><div dir="ltr">On Thu, Feb 11, 2021 at 9:01 PM Ruisheng Peng <<a href="mailto:rpeng@ifa.hawaii.edu">rpeng@ifa.hawaii.edu</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:small">Sorry, my bad. I failed to change the transport to tls on the provision for the hardphone, nor did change the transport on the linphone setup. However, after I do that, the hardphone (Yealink T32G) failed to register, citing:</div><div style="font-size:small"><br></div><div><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><font face="monospace"><span style="font-variant-ligatures:no-common-ligatures">[Feb 11 14:16:03] </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(180,36,25)">WARNING</span><span style="font-variant-ligatures:no-common-ligatures">[24936]: </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(192,192,192)">pjproject</span><span style="font-variant-ligatures:no-common-ligatures">: </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(192,192,192)"><?></span><span style="font-variant-ligatures:no-common-ligatures">: <span style="white-space:pre-wrap"> </span> SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900> <SSL routines-SSL23_GET_CLIENT_HELLO-unknown protocol> len: 0 peer: <a href="http://128.171.77.34:30401" target="_blank">128.171.77.34:30401</a></span></font></p></div></div></div></div></blockquote><div><br></div><div>This would be caused by the TLS transport configuration on Asterisk or the phone potentially. You'd need to provide the transport definition from pjsip.conf. Without that I can say the "method" option is likely needing changing. I'm not familiar with what is supported by Yealink.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:small">on the linphone side, it also fails to register:</div><div style="font-size:small"><br></div><div><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:637 [linphone/belle-sip] MESSAGE Trying to connect to [TLS://::ffff:<a href="http://128.171.77.23:5061" target="_blank">128.171.77.23:5061</a>]</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:652 [linphone/belle-sip] MESSAGE Channel [0x7fc8b8000000]: Connected at TCP level, now doing TLS handshake with cname=128.171.77.23</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:654 [linphone/belle-sip] MESSAGE Channel [0x7fc8b8000000]: SSL handshake in progress...</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate depth=[2], flags=[]:</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">cert. version : 3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">serial number : 44:AF:B0:80:D6:A3:27:BA:89:30:39:86:2E:F8:40:6B</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issuer name : O=Digital Signature Trust Co., CN=DST Root CA X3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">subject name : O=Digital Signature Trust Co., CN=DST Root CA X3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issued on : 2000-09-30 21:12:19</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">expires on : 2021-09-30 14:01:15</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">signed using : RSA with SHA1</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">RSA key size : 2048 bits</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">basic constraints : CA=true</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">key usage : Key Cert Sign, CRL Sign</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0);min-height:25px"><font face="monospace"><span style="font-variant-ligatures:no-common-ligatures"></span><br></font></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate depth=[1], flags=[]:</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">cert. version : 3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">serial number : 40:01:75:04:83:14:A4:C8:21:8C:84:A9:0C:16:CD:DF</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issuer name : O=Digital Signature Trust Co., CN=DST Root CA X3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">subject name : C=US, O=Let's Encrypt, CN=R3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issued on : 2020-10-07 19:21:40</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">expires on : 2021-09-29 19:21:40</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">signed using : RSA with SHA-256</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">RSA key size : 2048 bits</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">basic constraints : CA=true, max_pathlen=0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">key usage : Digital Signature, Key Cert Sign, CRL Sign</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">ext key usage : TLS Web Server Authentication, TLS Web Client Authentication</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0);min-height:25px"><font face="monospace"><span style="font-variant-ligatures:no-common-ligatures"></span><br></font></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate depth=[0], flags=[CN-mismatch ]:</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">cert. version : 3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">serial number : 03:F0:83:3C:5D:41:76:BC:4E:B2:E6:AB:60:8C:F9:5E:27:86</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issuer name : C=US, O=Let's Encrypt, CN=R3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">subject name : CN=<a href="http://voip1.ifa.hawaii.edu" target="_blank">voip1.ifa.hawaii.edu</a></font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issued on : 2020-12-30 02:56:29</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">expires on : 2021-03-30 02:56:29</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">signed using : RSA with SHA-256</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">RSA key size : 2048 bits</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">basic constraints : CA=false</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">subject alt name : <a href="http://voip1.ifa.hawaii.edu" target="_blank">voip1.ifa.hawaii.edu</a></font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">key usage : Digital Signature, Key Encipherment</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">ext key usage : TLS Web Server Authentication, TLS Web Client Authentication</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0);min-height:25px"><font face="monospace"><span style="font-variant-ligatures:no-common-ligatures"></span><br></font></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:674 [linphone/belle-sip] ERROR Channel [0x7fc8b8000000]: SSL handshake failed : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:674 [linphone/belle-sip] ERROR Cannot connect to [TLS://<a href="http://128.171.77.23:5061" target="_blank">128.171.77.23:5061</a>]<br></font></span></p></div></div></div></div></blockquote><div><br></div><div>I don't use linphone or have any experience so can only provide general comments. Either the certificate chain is incomplete and the client can't verify, or the client doesn't have the certificate authority root certificate as trusted. As well if you aren't doing so you have to connect to the hostname - you can't specify the IP address.</div></div><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-family:tahoma,sans-serif"><div><font color="#073763">Joshua C. Colp</font></div><div><font color="#073763">Asterisk Technical Lead</font></div><div><font color="#073763">Sangoma Technologies</font></div><div><font color="#073763">Check us out at <a href="http://www.sangoma.com/" target="_blank">www.sangoma.com</a> and <a href="http://www.asterisk.org/" target="_blank">www.asterisk.org</a></font></div></div></div></div></div></div></div></div></div></div></div></div>