Summary: | ASTERISK-25340: Manager.conf TLS doesn't activates | ||
Reporter: | Eugene Yavaev (vlt) | Labels: | |
Date Opened: | 2015-08-24 02:46:01 | Date Closed: | 2020-01-14 11:13:39.000-0600 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | |
Versions: | 13.5.0 | Frequency of Occurrence | Constant |
Related Issues: | |||
Environment: | Amazon Linux AMI release 2015.03 openssl-devel-1.0.1k-10.87.amzn1.x86_64 Asterisk 13.5.0 | Attachments: | ( 0) issue_25340_full_log.txt |
Description: | manager.conf:
[general] enabled = yes ;webenabled = yes port = 5038 bindaddr = 0.0.0.0 tlsenable=yes tlsbindaddr=0.0.0.0:5039 tlscertfile=/tmp/asterisk.pem tlsprivatekey=/tmp/private.pem ;tlscipher=<cipher string> ;allowmultiplelogin = yes ;displayconnects = yes Asterisk CLI: CLI> reload manager Module 'manager' reloaded successfully. CLI> manager show settings Manager (AMI): Yes Web Manager (AMI/HTTP): No TCP Bindaddress: 0.0.0.0:5038 HTTP Timeout (minutes): 60 TLS Enable: No TLS Bindaddress: Disabled TLS Certfile: /tmp/asterisk.pem TLS Privatekey: /tmp/private.pem TLS Cipher: Allow multiple login: Yes Display connects: Yes Timestamp events: No Channel vars: | ||
Comments: | By: Asterisk Team (asteriskteam) 2015-08-24 02:46:02.823-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Rusty Newton (rnewton) 2015-08-24 09:07:22.612-0500 We require additional debug to continue with triage of your issue. Please follow the instructions on the wiki [1] for how to collect debugging information from Asterisk. For expediency, where possible, attach the debug with a '.txt' file extension so that the debug will be usable for further analysis. Thanks! [1] https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information Please collect a debug log that includes the initialization of Asterisk. Be sure that the log includes VERBOSE and DEBUG before you attach to the issue. By: Eugene Yavaev (vlt) 2015-08-26 01:53:27.283-0500 Log By: Eugene Yavaev (vlt) 2015-08-26 01:54:32.729-0500 Ok. I configured logger.conf as described here https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information Then I restored manager.conf from default (used sample file). Then I went to asterisk console: {noformat} CLI> core set verbose 5 Console verbose is still 5. CLI> core set debug 5 Core debug was OFF and is now 5. CLI> module reload logger Module 'logger' reloaded successfully. == Parsing '/etc/asterisk/logger.conf': Found Asterisk Queue Logger restarted CLI> manager set debug on CLI> manager set debug manager debug is on CLI> reload manager Module 'manager' reloaded successfully. CLI> manager show settings Global Settings: ---------------- Manager (AMI): No Web Manager (AMI/HTTP): No TCP Bindaddress: Disabled HTTP Timeout (minutes): 60 TLS Enable: No TLS Bindaddress: Disabled TLS Certfile: asterisk.pem TLS Privatekey: TLS Cipher: Allow multiple login: Yes Display connects: Yes Timestamp events: No Channel vars: Debug: Yes {noformat} Then I configured manager.conf: {noformat} [general] enabled = yes ;webenabled = yes port = 5038 bindaddr = 0.0.0.0 ; Parameters that control AMI over TLS. ("enabled" must be set too). ; You can open a connection to this socket with e.g. ; ; openssl s_client -connect my_host:5039 ; tlsenable=yes ; set to YES to enable it tlsbindaddr=0.0.0.0:5039 ; address and port to bind to, default to bindaddr and port 5039 tlscertfile=/tmp/asterisk.pem ; path to the certificate. tlsprivatekey=/tmp/private.pem ; path to the private key, if no private given, ; if no tlsprivatekey is given, default is to search ; tlscertfile for private key. ;tlscipher=<cipher string> ; string specifying which SSL ciphers to use or not use ; ;allowmultiplelogin = yes ; IF set to no, rejects manager logins that are already in use. ; ; The default is yes. ; displayconnects = yes ; ; Add a Unix epoch timestamp to events (not action responses) ; ;timestampevents = yes ;brokeneventsaction = yes ; Restore previous behavior that caused the events ; action to not return a response in certain ; circumstances. Defaults to 'no'. {noformat} Then I went to asterisk console: {noformat} CLI> core set verbose 5 Console verbose was 4 and is now 5. CLI> core set debug 5 Core debug is still 5. CLI> manager set debug manager debug is on CLI> reload manager Module 'manager' reloaded successfully. == Parsing '/etc/asterisk/manager.conf': Found == Manager registered action BridgeList == Manager registered action BridgeInfo == Manager registered action BridgeDestroy == Manager registered action BridgeKick CLI> manager show settings Global Settings: ---------------- Manager (AMI): Yes Web Manager (AMI/HTTP): No TCP Bindaddress: 0.0.0.0:5038 HTTP Timeout (minutes): 60 TLS Enable: No TLS Bindaddress: Disabled TLS Certfile: /tmp/asterisk.pem TLS Privatekey: /tmp/private.pem TLS Cipher: Allow multiple login: Yes Display connects: Yes Timestamp events: No Channel vars: Debug: No Log file in attach. {noformat} By: Rusty Newton (rnewton) 2015-09-16 18:29:53.046-0500 I've tried exactly what you describe and used your configuration. I get: {noformat} newtonr-laptop*CLI> manager show settings Global Settings: ---------------- Manager (AMI): Yes Web Manager (AMI/HTTP): No TCP Bindaddress: 0.0.0.0:5038 HTTP Timeout (minutes): 60 TLS Enable: Yes TLS Bindaddress: 0.0.0.0:5039 TLS Certfile: /etc/asterisk/keys/asterisk.pem TLS Privatekey: /etc/asterisk/keys/asterisk.key TLS Cipher: Allow multiple login: Yes Display connects: Yes Timestamp events: No Channel vars: Debug: No {noformat} I can't reproduce the issue. Manager TLS appears to enable appropriately. Does your certfile and privatekey files exist? Are permissions set appropriately? Maybe it is failing to enable silently... By: Asterisk Team (asteriskteam) 2015-10-01 12:00:20.925-0500 Suspended due to lack of activity. This issue will be automatically re-opened if the reporter posts a comment. If you are not the reporter and would like this re-opened please create a new issue instead. If the new issue is related to this one a link will be created during the triage process. Further information on issue tracker usage can be found in the Asterisk Issue Guidlines [1]. [1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines |