rohc team mailing list archive

Thread
Date

Re: IPROHC certificate cannot be verified

To: ROHC Library <rohc@xxxxxxxxxxxxxxxxxxx>
From: syskan syskan <kandisyskimo@xxxxxxxxx>
Date: Mon, 2 Nov 2015 23:32:27 -0600
In-reply-to: <20151029191155.6500c958@satis.barvaux.org>

Hi Didier,
Thank you for your time and suggestions. I created certificates as you
mentioned and they are being accepted now.

It seems, I am facing  one more issue like iprohc_client is not connecting
to iprohc_server. I am testing between two public IP addresses.

I have attached the server and client logs. Client is writing too many
messages(around 288 MB) and not connecting to server. I have tested with
both versions  iprohc-main and iprohc-0.7.1 and observing the same issues.

I used commands to start server and client respectively.

iprohc_server -b eth0 &
iprohc_client -r <PUBLIC IP> --port 3126 -i tun_ipip -b eth0 -P
/etc/pki/CA/certs/IpRohcClient1/client1.p12

Please suggest me further.

Thanks,
Kimo



On Thu, Oct 29, 2015 at 1:11 PM, Didier Barvaux <didier@xxxxxxxxxxx> wrote:

> Hello,
>
> > > Thank you for the details. Please find the below information,
> > > attached CA certificates(client and server) and suggest me further.
> > > CA password is test.
> >
> > OK, I reproduced the problem with:
> >  * IP/ROHC 0.7.1
> >  * ROHC 1.7.1
> >  * GnuTLS 3.3.17
> >
> > I'm analyzing the problem.
>
> I also reproduced the problem with the dev branch. The problem is
> located in the certificates. They look to be signed by the same CA,
> but they are definitely not.
>
> The two CAs got the same subject:
> /C=US/ST=Texas/O=My Company/CN=MyCompany/emailAddress=
> mycompany@xxxxxxxxxxx
>
> But they got different characteristics, eg. serial numbers, validity
> start/end dates, public keys... So, CAs are different. That's why the
> server does not recognize the client. Same thing for client with server.
>
> I have just updated the instructions on the wiki (to try) to be clearer
> (let me know if they are clearer or not):
> https://rohc-lib.org/wiki/doku.php?id=iprohc-run&#create_certificates
>
> Please regenerate your CA, your server's certificate and your client's
> certificate. Be sure to perform all 3 on the same machine and in the
> same directory. The CA part _must_ be performed _only once_.
>
> Regards,
> Didier
>
> _______________________________________________
> Mailing list: https://launchpad.net/~rohc
> Post to     : rohc@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~rohc
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

Re: IPROHC certificate cannot be verified
From: Didier Barvaux, 2015-11-03

References

IPROHC certificate cannot be verified
From: syskan syskan, 2015-10-15
Re: IPROHC certificate cannot be verified
From: Didier Barvaux, 2015-10-18
Re: IPROHC certificate cannot be verified
From: syskan syskan, 2015-10-20
Re: IPROHC certificate cannot be verified
From: syskan syskan, 2015-10-26
Re: IPROHC certificate cannot be verified
From: Didier Barvaux, 2015-10-27
Re: IPROHC certificate cannot be verified
From: syskan syskan, 2015-10-28
Re: IPROHC certificate cannot be verified
From: Didier Barvaux, 2015-10-29
Re: IPROHC certificate cannot be verified
From: Didier Barvaux, 2015-10-29