| Summary: | ASTERISK-27436: rtp openssl errors | ||
| Reporter: | Jørgen H (jorgen) | Labels: | |
| Date Opened: | 2017-11-20 12:08:43.000-0600 | Date Closed: | 2020-01-14 11:13:30.000-0600 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | Resources/res_rtp_asterisk |
| Versions: | GIT 15.1.2 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | linux 4.9 x64, pjsip 2.7.1, libsrtp 2.1.0, openssl 1.0.2m | Attachments: | |
| Description: | The openssl SSL_read(dtls->ssl) function in __rtp_recvfrom() in file res/res_rtp_asterisk.c fail with errors like
error:140FC0F4:SSL routines:dtls1_get_message:unexpected message and error:140C5042:SSL routines:ssl_undefined_function:called a function you should not call The error seem to be caused by multiple calls to SSL_set_connect_state which is placed around in several functions. If I comment out the ones in function dtls_set_setup() I dont get the openssl error anymore, but I randomly get calls with silent audio and no new errors. Probably a race condition? Also, the data from the SSL_read()-call isn't processed anywhere because the len-variable isn't used afterwards. Is this supposed to be like that ? I also sometimes get SRTP unprotect failed on SSRC 2044349143 because of authentication failure 160 regardless if audio work or not. There is a check in function dtls_perform_setup() on SSL_is_init_finished() and a SSL_clear() later. A SSL session doesnt have to be init_finished in order to have a state that needs to be cleared if you want to reuse it, but Im not sure if the code is trying to do that. Also if ssl_shutdown was called, there might be data in the BIO that must be either sent to remote or cleared with BIO_reset(). | ||
| Comments: | By: Asterisk Team (asteriskteam) 2017-11-20 12:08:44.392-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Benjamin Keith Ford (bford) 2017-12-04 15:37:53.967-0600 Thank you for taking the time to report this bug and helping to make Asterisk better. Unfortunately, we cannot work on this bug because your description did not include enough information. Please read over the Asterisk Issue Guidelines [1] which discusses the information necessary for your issue to be resolved and the format that information needs to be in. We would be grateful if you would then provide a more complete description of the problem. At a minimum, we need: 1. The specific steps or actions you took that caused you to encounter the problem. 2. The behavior you expected and the location of documentation that led you to that expectation. 3. The behavior you actually encountered. To demonstrate the issue in detail, please include Asterisk log files generated per the instructions on the wiki [2]. If applicable, please ensure that protocol-level trace debugging is enabled, e.g., 'sip set debug on' if the issue involves chan_sip, and configuration information such as dialplan and channel configuration. Thanks! [1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines [2] https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information By: Jørgen H (jorgen) 2017-12-13 09:03:31.642-0600 Sorry, Just make a normal outgoing call with webrtc/firefox and the error (no audio) will happen 3 of 4 times. It doesn't happen with asterisk 14.5.0 and same openssl version. By: Joshua C. Colp (jcolp) 2017-12-22 08:15:48.146-0600 We need to see a wireshark capture to see the actual negotiation that is happening and when things are occurring. As for your question about len that's because we don't actually use it for sending or receiving data. It's strictly used for a DTLS negotiation. The DTLS negotiation itself provides keying information which is fed to SRTP which does the encryption and decryption. By: Asterisk Team (asteriskteam) 2018-01-05 12:00:01.963-0600 Suspended due to lack of activity. This issue will be automatically re-opened if the reporter posts a comment. If you are not the reporter and would like this re-opened please create a new issue instead. If the new issue is related to this one a link will be created during the triage process. Further information on issue tracker usage can be found in the Asterisk Issue Guidlines [1]. [1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines | ||