[asterisk-bugs] [JIRA] (ASTERISK-28762) Problem setting up ssl connection. Internal SSL error

INVADE International Ltd. (JIRA) noreply at issues.asterisk.org
Fri Feb 28 10:00:25 CST 2020 

INVADE International Ltd. created ASTERISK-28762:
----------------------------------------------------

             Summary: Problem setting up ssl connection. Internal SSL error
                 Key: ASTERISK-28762
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28762
             Project: Asterisk
          Issue Type: Information Request
      Security Level: None
          Components: Core/HTTP
    Affects Versions: 17.2.0
         Environment: CentOS 6 with openssl 1.0.1e
Asterisk 17.2.0 and WebRTC
Client browser is Chrome 80.0.3987.87
            Reporter: INVADE International Ltd.
            Severity: Minor


>From the forum entry:
https://community.asterisk.org/t/problem-setting-up-ssl-connection-internal-ssl-error/82633

Hi. We have a number systems using Asterisk 17 and WebRTC.

On the systems that use self signed certificates, the following is logged by Asterisk every time a client registers:

{quote}ERROR[10399] iostream.c: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
ERROR[10399] tcptls.c: Unable to set up ssl connection with peer '192.168.122.1:53700'{quote}

The errors do not appear to prevent the system from working.

I’ve enabled debugging and, while there are some debug messages logged after the errors, there is nothing before.

The errors are not logged on systems that use a certificate from a trusted CA.

I’ve tested this using both a JsSIP and a sipML5 client, and the results are the same.

I’m not sure if it helps but, below are the messages from the browser console:

{quote}s_websocket_server_url= wss://192.168.122.143:8089/ws
tsk_utils.js?svn=252:116 s_sip_outboundproxy_url=(null)
tsk_utils.js?svn=252:116 b_rtcweb_breaker_enabled=yes
tsk_utils.js?svn=252:116 b_click2call_enabled=no
tsk_utils.js?svn=252:116 b_early_ims=yes
tsk_utils.js?svn=252:116 b_enable_media_stream_cache=yes
tsk_utils.js?svn=252:116 o_bandwidth={}
tsk_utils.js?svn=252:116 o_video_size={}
tsk_utils.js?svn=252:116 SIP stack start: proxy='ns313841.ovh.net:12062', realm='<sip:192.168.122.143>', impi='100', impu='"Simon"<sip:100 at 192.168.122.143>'
tsk_utils.js?svn=252:116 Connecting to ' wss://192.168.122.143:8089/ws'
tsk_utils.js?svn=252:116 ==stack event = starting
tsk_utils.js?svn=252:116 __tsip_transport_ws_onopen
tsk_utils.js?svn=252:116 ==stack event = started
tsk_utils.js?svn=252:116 State machine: tsip_dialog_register_Started_2_InProgress_X_oRegister
tsk_utils.js?svn=252:116 SEND: REGISTER sip:192.168.122.143 SIP/2.0
Via: SIP/2.0/WSS df7jal23ls0d.invalid;branch=z9hG4bKyFqsoLUUFpedAcVEyZN4cBtFTu9Gt9G9;rport
From: "Simon"<sip:100 at 192.168.122.143>;tag=kMuhaZy6Q0Wvw40VKeLZ
To: "Simon"<sip:100 at 192.168.122.143>
Contact: "Simon"<sips:100 at df7jal23ls0d.invalid;rtcweb-breaker=yes;transport=wss>;expires=200;click2call=no;+g.oma.sip-im;+audio;language="en,fr"
Call-ID: ffac53bd-a6b2-9176-63b1-ff8ed7c5fa26
CSeq: 28995 REGISTER
Content-Length: 0
Max-Forwards: 70
User-Agent: IM-client/OMA1.0 sipML5-v1.2016.03.04
Organization: Doubango Telecom
Supported: path


tsk_utils.js?svn=252:116 __tsip_transport_ws_onmessage
tsk_utils.js?svn=252:116 recv=SIP/2.0 401 Unauthorized
Via: SIP/2.0/WSS df7jal23ls0d.invalid;rport=53702;received=192.168.122.1;branch=z9hG4bKyFqsoLUUFpedAcVEyZN4cBtFTu9Gt9G9
From: "Simon"<sip:100 at 192.168.122.143>;tag=kMuhaZy6Q0Wvw40VKeLZ
To: "Simon"<sip:100 at 192.168.122.143>;tag=z9hG4bKyFqsoLUUFpedAcVEyZN4cBtFTu9Gt9G9
Call-ID: ffac53bd-a6b2-9176-63b1-ff8ed7c5fa26
CSeq: 28995 REGISTER
Content-Length: 0
WWW-Authenticate: Digest realm="asterisk",qop="auth",nonce="1581088246/deff5cad6eaa2e080cc3a29e7e48d1eb",opaque="1e37dbb763d85954",stale=FALSE,algorithm=md5
Server: Asterisk PBX 17.2.0


tsk_utils.js?svn=252:116 State machine: tsip_dialog_register_InProgress_2_InProgress_X_401_407_421_494
tsk_utils.js?svn=252:116 SEND: REGISTER sip:192.168.122.143 SIP/2.0
Via: SIP/2.0/WSS df7jal23ls0d.invalid;branch=z9hG4bKaQerbmtNuKAHJsnBlJlOUbWnwsgSb0b0;rport
From: "Simon"<sip:100 at 192.168.122.143>;tag=kMuhaZy6Q0Wvw40VKeLZ
To: "Simon"<sip:100 at 192.168.122.143>
Contact: "Simon"<sips:100 at df7jal23ls0d.invalid;rtcweb-breaker=yes;transport=wss>;expires=200;click2call=no;+g.oma.sip-im;+audio;language="en,fr"
Call-ID: ffac53bd-a6b2-9176-63b1-ff8ed7c5fa26
CSeq: 28996 REGISTER
Content-Length: 0
Max-Forwards: 70
Authorization: Digest username="100",realm="asterisk",nonce="1581088246/deff5cad6eaa2e080cc3a29e7e48d1eb",uri="sip:192.168.122.143",response="33ab4ea03ce85d9b4ac09058e36992e9",algorithm=md5,cnonce="eb2396623ba609a63f39f28a3413ab43",opaque="1e37dbb763d85954",qop=auth,nc=00000001
User-Agent: IM-client/OMA1.0 sipML5-v1.2016.03.04
Organization: Doubango Telecom
Supported: path


tsk_utils.js?svn=252:116 ==session event = connecting
2tsk_utils.js?svn=252:116 ==session event = sent_request
tsk_utils.js?svn=252:116 __tsip_transport_ws_onmessage
tsk_utils.js?svn=252:116 recv=SIP/2.0 200 OK
Via: SIP/2.0/WSS df7jal23ls0d.invalid;rport=53702;received=192.168.122.1;branch=z9hG4bKaQerbmtNuKAHJsnBlJlOUbWnwsgSb0b0
From: "Simon"<sip:100 at 192.168.122.143>;tag=kMuhaZy6Q0Wvw40VKeLZ
To: "Simon"<sip:100 at 192.168.122.143>;tag=z9hG4bKaQerbmtNuKAHJsnBlJlOUbWnwsgSb0b0
Contact: <sips:100 at 192.168.122.1:53702;transport=ws;rtcweb-breaker=yes>;expires=199
Call-ID: ffac53bd-a6b2-9176-63b1-ff8ed7c5fa26
CSeq: 28996 REGISTER
Content-Length: 0
Date: 07 Feb 2020 15:10:46 GMT;07
Server: Asterisk PBX 17.2.0


tsk_utils.js?svn=252:116 State machine: tsip_dialog_register_InProgress_2_Connected_X_2xx
tsk_utils.js?svn=252:116 ==session event = connected
tsk_utils.js?svn=252:116 __tsip_transport_ws_onmessage{quote}

The server is running CentOS 6 with openssl 1.0.1e, and the client browser is Chrome 80.0.3987.87.

I’m trying to determine:

What is the cause of the errors.
Are they actually causing any problems.
If anyone is able to answer either of these messages it is much appreciated.

I can provide additional info if required.

Thanks in advance.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list