[asterisk-bugs] [JIRA] (ASTERISK-25659) res_rtp_asterisk: ECDH not negotiated causing DTLS failure occurred on RTP instance

Edwin Vandamme (JIRA) noreply at issues.asterisk.org
Wed Jun 29 15:40:56 CDT 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231245#comment-231245 ] 

Edwin Vandamme edited comment on ASTERISK-25659 at 6/29/16 3:40 PM:
--------------------------------------------------------------------

I managed to install a test environment and installed OpenSSL from source as follows :
- yum remove openssl (remove the CentOS OpenSSL version)
- curl -O https://www.openssl.org/source/openssl-1.0.2h.tar.gz (download latest version)
- Compile and install the extracted tar with the following script :
{code}#!/bin/bash
# Variables.
SN="${0##*/}"                                               # Script name.
SD="${0:0:${#0}-${#SN}}"                                    # Script location.

# Compile new version. ----------------------------------------------------------
cd ${SD}
OD=$(ls -d openssl*/)

cd ${SD}${OD}
make clean
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make
make test
make install
{code}
- reboot
- openssl version ==> OpenSSL 1.0.2h  3 May 2016 (check OpenSSL version)
- Recompile and install Asterisk 13.9.1
- Perform the test and again the DTLS error.

All I can think off is that some CentOS code is left behind after the removal and/or the OpenSSL installation does not write all the files to the "CentOS locations".




was (Author: pay123):
I managed to install a test environment and installed OpenSSL from source as follows :
- yum remove openssl (remove the CentOS OpenSSL version)
- curl -O https://www.openssl.org/source/openssl-1.0.2h.tar.gz (download latest version)
- Compile and install the extracted tar with the following script :
{quote}#!/bin/bash
# Variables.
SN="${0##*/}"                                               # Script name.
SD="${0:0:${#0}-${#SN}}"                                    # Script location.

# Compile new version. ----------------------------------------------------------
cd ${SD}
OD=$(ls -d openssl*/)

cd ${SD}${OD}
make clean
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make
make test
make install
{quote}
- reboot
- openssl version ==> OpenSSL 1.0.2h  3 May 2016 (check OpenSSL version)
- Recompile and install Asterisk 13.9.1
- Perform the test and again the DTLS error.

All I can think off is that some CentOS code is left behind after the removal and/or the OpenSSL installation does not write all the files to the "CentOS locations".



> res_rtp_asterisk: ECDH not negotiated causing DTLS failure occurred on RTP instance
> -----------------------------------------------------------------------------------
>
>                 Key: ASTERISK-25659
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25659
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: 11.22.0, 13.9.1
>         Environment: Using the following on the server :
> CentOS	  	  	7.2	  	2015-11
> Asterisk	  	  	13.6	  	2015-10
> jansson  	  	  	2.7	  	2014-10-02
> PJSIP (pjproject)	2.4.5	2015-08-12
> sipML5  	  		2.0.2	2015-12
> Using the following on the client :
> CentOS  	  	  	7.2 KDE desktop
> Chrome Version  	47.0.2526.106 (64-bit) 
>            Reporter: Edwin Vandamme
>            Assignee: Alexander Traud
>            Severity: Minor
>         Attachments: asterisk.log, dtls_centos_step_1.patch, dtls_centos_step_2.patch, ecdh.patch
>
>
> This issue has been on the forum for over a week, but I did not get any feedback, http://forums.asterisk.org/viewtopic.php?f=1&t=96461&sid=528c724d236a38e60e868817462c6f26, so I have now escalated this as a bug report.
> Using the described environment, I get the following error in my Asterisk log :
> res_rtp_asterisk.c: DTLS failure occurred on RTP instance '0x7fe8c8024178' due to reason 'missing tmp ecdh key', terminating
> res_rtp_asterisk.c: RTP Read error: Unspecified. Hanging up.
> An earlier bug report listed this as a problem on FireFox : ASTERISK-25265
> It is said to be fixed in 13.6
> WebRTC is not yet in production on my system, due to the constant changes, but in earlier tests everything worked fine. As far as I can tell, it all started when Chrome forced the usage of https over http.
> Dialing from a WebRTC peer to Asterisks works just fine.
> For various reasons I use sip.conf, not pjsip.conf.
> Certificates used are propper certificates, not self signed versions.
> I attached (asterisk.log) part of the Asterisk log file with "sip debug on", start of call till failure.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list