Closed leukimi closed 11 months ago
I confirm. I cannot log in. "Use a linphone account" shows "Unable to send the request" after I enter the username and password and press "Use".
I tried version 4.5.0. The same result.
Hi I don't reproduce it so without a log to view, it is hardly to guess.
2022-10-09 13:51:03:571 [linphone/belle-sip] ERROR Could not load root ca from /usr/local/linphone-desktop/4.4.10/share/linphone/rootca.pem: Нет такого файла или каталога
2022-10-09 13:51:03:733 [linphone/belle-sip] MESSAGE Channel [0x5563a27a4cf0]: Connected at TCP level, now doing TLS handshake with cname=sip.linphone.org
2022-10-09 13:51:03:733 [linphone/belle-sip] MESSAGE Channel [0x5563a27a4cf0]: SSL handshake in progress...
2022-10-09 13:51:03:899 [linphone/belle-sip] MESSAGE Found certificate depth=[2], flags=[not-trusted ]:
cert. version : 3
serial number : 40:01:77:21:37:D4:E9:42:B8:EE:76:AA:3C:64:0A:B7
issuer name : O=Digital Signature Trust Co., CN=DST Root CA X3
subject name : C=US, O=Internet Security Research Group, CN=ISRG Root X1
issued on : 2021-01-20 19:14:03
expires on : 2024-09-30 18:14:03
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
certificate policies : ???, ???
2022-10-09 13:51:03:899 [linphone/belle-sip] MESSAGE Found certificate depth=[1], flags=[]:
cert. version : 3
serial number : 91:2B:08:4A:CF:0C:18:A7:53:F6:D6:2E:25:A7:5F:5A
issuer name : C=US, O=Internet Security Research Group, CN=ISRG Root X1
subject name : C=US, O=Let's Encrypt, CN=R3
issued on : 2020-09-04 00:00:00
expires on : 2025-09-15 16:00:00
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true, max_pathlen=0
key usage : Digital Signature, Key Cert Sign, CRL Sign
ext key usage : TLS Web Client Authentication, TLS Web Server Authentication
certificate policies : ???, ???
2022-10-09 13:51:03:899 [linphone/belle-sip] MESSAGE Found certificate depth=[0], flags=[]:
cert. version : 3
serial number : 03:26:46:8C:2A:A7:04:32:01:45:80:EC:3E:60:76:45:F3:0F
issuer name : C=US, O=Let's Encrypt, CN=R3
subject name : CN=sip8.linphone.org
issued on : 2022-09-30 07:02:23
expires on : 2022-12-29 07:02:22
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name :
dNSName : sip.linhome.org
dNSName : sip.linphone.org
dNSName : sip8.linhome.org
dNSName : sip8.linphone.org
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
certificate policies : ???, ???
2022-10-09 13:51:03:899 [linphone/belle-sip] ERROR Channel [0x5563a27a4cf0]: SSL handshake failed : SSL - No CA Chain is set, but required to operate
2022-10-09 13:51:03:899 [linphone/belle-sip] ERROR Cannot connect to [TLS://sip.linphone.org:5223]
2022-10-09 13:51:03:899 [linphone/belle-sip] MESSAGE channel[0x5563a27a4cf0]: entering state ERROR
I guess that you didn't deploy the rootca file like in this message : ERROR Could not load root ca from /usr/local/linphone-desktop/4.4.10/share/linphone/rootca.pem: No such file or directory
When calling 'cmake . --target install' , it should be installed:
I didn't deploy anything, I used an AUR package. The OP, obviously, used an AppImage. Tell me, what I should do?
The OP is building it so it is responsable of the install(we still don't have any logs about that).
I don't know how AUR works, but it tries to find the file /usr/local/linphone-desktop/4.4.10/share/ where it isn't. So my best hint for you is to check with the packager.
I guess the packager used the same method as the OP, and it didn't work in both cases. To be honest, I don't care much who is going to fix what, just tell me where I can get this file. I'll just copy it manually and let you guys establish the bickering order.
yes, it was what I saw there : https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=kimi-linphone-desktop#n1414 (it was uncomment ^^). Reverting back resolves the issue but as you point out, it may not be the good behavior.
Thank you very much for your feedback.
Linphone doesn't create a rootca but it lookup to "/etc/ssl/certs" on Linux. The application overwrite it to his own because of OS that doesn't use this kind of folder (Windows doesn't have one for example). Maybe on older version, there was a fallback to this folder if not found but I'm not sure.
I think it will do will do something like that: 1) Use what's in the configuration file under [sip] root_ca=the_rootca_path
2) if not found, use what Qt got from QSslConfiguration (I have to check how to do, it's just a lead)
3) if not found, use the application file
4) if not found (aka not packaged), use defaults
But this update will be only available for the current beta 5.0 (next version after 4.4) in order to be tested.
The rootca.pem is a concatenation of all root certificates published by mozilla, generated by the mk-ca-bundle.pl program from curl tool: https://curl.se/docs/caextract.html
If you need a diff and keep removing the file, I suggest to test from https://gitlab.linphone.org/BC/public/linphone-desktop/-/commit/9ff0502b3c87349bea61c0859e9dd064b881dc66
-------------------- linphone-app/src/app/paths/Paths.cpp ---------------------
index 2f8b382b..31d61ebb 100644
@@ -162,7 +162,11 @@ static inline QString getAppFactoryConfigFilePath () {
}
static inline QString getAppRootCaFilePath () {
- return getAppPackageDataDirPath() + Constants::PathRootCa;
+ QString rootca = getAppPackageDataDirPath() + Constants::PathRootCa;
+ if(Paths::filePathExists(rootca.toStdString())){// Packaged
+ return rootca;
+ }
+ return "";
}
static inline QString getAppFriendsFilePath () {
The more packaging is easy, the best it is for being everywhere and by above all, for being updated. So if we can reduce efforts to packages it, this is a great thing. A coworker did a build on Nix. So I guess it is in the good way :)
Old versions needed ffmpeg pixel conversions. Crashes could come here ... new versions have replaced the pixel conversion to libyuv. But only logs can be answer to these crashes.
Also, the assistant uses an old implementation of subscription (called AccountCreator). It will be replaced by the Flexisip API so it may resolve some items. But it's strange that being only able to subscribe in UDP and then, making TLS work by going to the settings...
Do not count on Qt6 yet. This is a sidework (so only on best efforts basis that I don't really have now) and it is far for being finished (all graphics effects need to be rework due to the deprecated API). 5.0 is in beta and will coming soon (aswell as 5.2 of SDK). I guess I could put Qt in the App 5.1 but I cannot guarrantee that.
DELETED