Mikey DH key agreement
Martin Petraschek
petraschek at ftw.at
Mon Jan 22 15:30:27 CET 2007
Hello everyone,
I am currently trying to get Mikey to work, using Diffie Hellman key
agreement. In the security dialog, I checked "Use secure outgoing calls
if possible", selected Diffie Hellman as key exchange type, and checked
"Enable DH key exchange". Then I selected appropriate files for user
certificate and user private key and added the self signed certificate
of the signing CA. I checked if the user certificate is OK by using the
following openssl command:
openssl verify -CAfile ca_cert.pem user_cert.pem
However, when I try to make a call, I get the following error messages
at the caller's machine:
Authentication successful, controling the certificate
certificate signature failure
Certificate check failed in the incoming MIKEY message
No MIME match
The error originates in the source file:
minisip\trunk\libminisip\source\mediahandler\KeyAgreement.cxx
...
if( securityConfig.check_cert ){
if( ((KeyAgreementDH *)*ka)->controlPeerCertificate() == 0){
...
It seems that minisip can for some reason not successfully check the
validity of the client certificate. I then tried to disable the
certificate check by modifying .minisip.conf:
<check_cert>
no
</check_cert>
The above configuration disables the certificate check. With this
setting, call establishment succeeded without any problems.
Does anybody have an idea what is going wrong here? Obviously, the
certificate is valid, since the check with openssl succeeded. Does
anyone have the same problem?
BTW, I am using revision 2724 of minisip, which is not 100% up to date...
Best regards,
Martin
--
Martin Petraschek
Telecommunications Research Center Vienna (ftw.)
Donau-City-Str. 1
1220 Vienna
Austria
Web: http://www.ftw.at/
More information about the Minisip-users
mailing list