ASTERISK-28762: Problem setting up ssl connection. Internal SSL error

[Home]

Summary: ASTERISK-28762: Problem setting up ssl connection. Internal SSL error

Reporter: INVADE International Ltd. (invade) Labels: webrtc

Date Opened: 2020-02-28 09:59:31.000-0600 Date Closed: 2020-02-28 09:59:32.000-0600

Priority: Minor Regression?

Status: Closed/Complete Components: Core/HTTP

Versions: 17.2.0 Frequency of
Occurrence

Related
Issues:

Environment: CentOS 6 with openssl 1.0.1e Asterisk 17.2.0 and WebRTC Client browser is Chrome 80.0.3987.87 Attachments:

Description: From the forum entry:
https://community.asterisk.org/t/problem-setting-up-ssl-connection-internal-ssl-error/82633

Hi. We have a number systems using Asterisk 17 and WebRTC.

On the systems that use self signed certificates, the following is logged by Asterisk every time a client registers:

{quote}ERROR[10399] iostream.c: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
ERROR[10399] tcptls.c: Unable to set up ssl connection with peer '192.168.122.1:53700'{quote}

The errors do not appear to prevent the system from working.

I’ve enabled debugging and, while there are some debug messages logged after the errors, there is nothing before.

The errors are not logged on systems that use a certificate from a trusted CA.

I’ve tested this using both a JsSIP and a sipML5 client, and the results are the same.

I’m not sure if it helps but, below are the messages from the browser console:

{quote}s_websocket_server_url= wss://192.168.122.143:8089/ws
tsk_utils.js?svn=252:116 s_sip_outboundproxy_url=(null)
tsk_utils.js?svn=252:116 b_rtcweb_breaker_enabled=yes
tsk_utils.js?svn=252:116 b_click2call_enabled=no
tsk_utils.js?svn=252:116 b_early_ims=yes
tsk_utils.js?svn=252:116 b_enable_media_stream_cache=yes
tsk_utils.js?svn=252:116 o_bandwidth={}
tsk_utils.js?svn=252:116 o_video_size={}
tsk_utils.js?svn=252:116 SIP stack start: proxy='ns313841.ovh.net:12062', realm='<sip:192.168.122.143>', impi='100', impu='"Simon"<sip:100@192.168.122.143>'
tsk_utils.js?svn=252:116 Connecting to ' wss://192.168.122.143:8089/ws'
tsk_utils.js?svn=252:116 ==stack event = starting
tsk_utils.js?svn=252:116 __tsip_transport_ws_onopen
tsk_utils.js?svn=252:116 ==stack event = started
tsk_utils.js?svn=252:116 State machine: tsip_dialog_register_Started_2_InProgress_X_oRegister
tsk_utils.js?svn=252:116 SEND: REGISTER sip:192.168.122.143 SIP/2.0
Via: SIP/2.0/WSS df7jal23ls0d.invalid;branch=z9hG4bKyFqsoLUUFpedAcVEyZN4cBtFTu9Gt9G9;rport
From: "Simon"<sip:100@192.168.122.143>;tag=kMuhaZy6Q0Wvw40VKeLZ
To: "Simon"<sip:100@192.168.122.143>
Contact: "Simon"<sips:100@df7jal23ls0d.invalid;rtcweb-breaker=yes;transport=wss>;expires=200;click2call=no;+g.oma.sip-im;+audio;language="en,fr"
Call-ID: ffac53bd-a6b2-9176-63b1-ff8ed7c5fa26
CSeq: 28995 REGISTER
Content-Length: 0
Max-Forwards: 70
User-Agent: IM-client/OMA1.0 sipML5-v1.2016.03.04
Organization: Doubango Telecom
Supported: path

tsk_utils.js?svn=252:116 __tsip_transport_ws_onmessage
tsk_utils.js?svn=252:116 recv=SIP/2.0 401 Unauthorized
Via: SIP/2.0/WSS df7jal23ls0d.invalid;rport=53702;received=192.168.122.1;branch=z9hG4bKyFqsoLUUFpedAcVEyZN4cBtFTu9Gt9G9
From: "Simon"<sip:100@192.168.122.143>;tag=kMuhaZy6Q0Wvw40VKeLZ
To: "Simon"<sip:100@192.168.122.143>;tag=z9hG4bKyFqsoLUUFpedAcVEyZN4cBtFTu9Gt9G9
Call-ID: ffac53bd-a6b2-9176-63b1-ff8ed7c5fa26
CSeq: 28995 REGISTER
Content-Length: 0
WWW-Authenticate: Digest realm="asterisk",qop="auth",nonce="1581088246/deff5cad6eaa2e080cc3a29e7e48d1eb",opaque="1e37dbb763d85954",stale=FALSE,algorithm=md5
Server: Asterisk PBX 17.2.0

tsk_utils.js?svn=252:116 State machine: tsip_dialog_register_InProgress_2_InProgress_X_401_407_421_494
tsk_utils.js?svn=252:116 SEND: REGISTER sip:192.168.122.143 SIP/2.0
Via: SIP/2.0/WSS df7jal23ls0d.invalid;branch=z9hG4bKaQerbmtNuKAHJsnBlJlOUbWnwsgSb0b0;rport
From: "Simon"<sip:100@192.168.122.143>;tag=kMuhaZy6Q0Wvw40VKeLZ
To: "Simon"<sip:100@192.168.122.143>
Contact: "Simon"<sips:100@df7jal23ls0d.invalid;rtcweb-breaker=yes;transport=wss>;expires=200;click2call=no;+g.oma.sip-im;+audio;language="en,fr"
Call-ID: ffac53bd-a6b2-9176-63b1-ff8ed7c5fa26
CSeq: 28996 REGISTER
Content-Length: 0
Max-Forwards: 70
Authorization: Digest username="100",realm="asterisk",nonce="1581088246/deff5cad6eaa2e080cc3a29e7e48d1eb",uri="sip:192.168.122.143",response="33ab4ea03ce85d9b4ac09058e36992e9",algorithm=md5,cnonce="eb2396623ba609a63f39f28a3413ab43",opaque="1e37dbb763d85954",qop=auth,nc=00000001
User-Agent: IM-client/OMA1.0 sipML5-v1.2016.03.04
Organization: Doubango Telecom
Supported: path

tsk_utils.js?svn=252:116 ==session event = connecting
2tsk_utils.js?svn=252:116 ==session event = sent_request
tsk_utils.js?svn=252:116 __tsip_transport_ws_onmessage
tsk_utils.js?svn=252:116 recv=SIP/2.0 200 OK
Via: SIP/2.0/WSS df7jal23ls0d.invalid;rport=53702;received=192.168.122.1;branch=z9hG4bKaQerbmtNuKAHJsnBlJlOUbWnwsgSb0b0
From: "Simon"<sip:100@192.168.122.143>;tag=kMuhaZy6Q0Wvw40VKeLZ
To: "Simon"<sip:100@192.168.122.143>;tag=z9hG4bKaQerbmtNuKAHJsnBlJlOUbWnwsgSb0b0
Contact: <sips:100@192.168.122.1:53702;transport=ws;rtcweb-breaker=yes>;expires=199
Call-ID: ffac53bd-a6b2-9176-63b1-ff8ed7c5fa26
CSeq: 28996 REGISTER
Content-Length: 0
Date: 07 Feb 2020 15:10:46 GMT;07
Server: Asterisk PBX 17.2.0

tsk_utils.js?svn=252:116 State machine: tsip_dialog_register_InProgress_2_Connected_X_2xx
tsk_utils.js?svn=252:116 ==session event = connected
tsk_utils.js?svn=252:116 __tsip_transport_ws_onmessage{quote}

The server is running CentOS 6 with openssl 1.0.1e, and the client browser is Chrome 80.0.3987.87.

I’m trying to determine:

What is the cause of the errors.
Are they actually causing any problems.
If anyone is able to answer either of these messages it is much appreciated.

I can provide additional info if required.

Thanks in advance.

Comments: By: Asterisk Team (asteriskteam) 2020-02-28 09:59:31.935-0600

We appreciate the difficulties you are facing, however information request type issues would be better served in a different forum.

The Asterisk community provides support over IRC, mailing lists, and forums as described at http://asterisk.org/community. The Asterisk issue tracker is used specifically to track issues concerning bugs and documentation errors.

If this issue is actually a bug please use the Bug issue type instead.

Please see the Asterisk Issue Guidelines [1] for instruction on the intended use of the Asterisk issue tracker.

Thanks!

[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines
By: Asterisk Team (asteriskteam) 2020-02-28 09:59:33.589-0600

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.