[asterisk-users] Hangup() not working for handsets using pls transport?

Ruisheng Peng rpeng at ifa.hawaii.edu
Thu Feb 11 18:59:58 CST 2021 

Sorry, my bad.  I failed to change the transport to tls on the provision
for the hardphone, nor did change the transport on the linphone setup.
However, after I do that, the hardphone (Yealink T32G) failed to register,
citing:

[Feb 11 14:16:03] WARNING[24936]: pjproject: <?>:                    SSL
SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900> <SSL
routines-SSL23_GET_CLIENT_HELLO-unknown protocol> len: 0 peer:
128.171.77.34:30401

on the linphone side, it also fails to register:

2021-02-11 13:26:32:637 [linphone/belle-sip] MESSAGE Trying to connect to
[TLS://::ffff:128.171.77.23:5061]

2021-02-11 13:26:32:652 [linphone/belle-sip] MESSAGE Channel
[0x7fc8b8000000]: Connected at TCP level, now doing TLS handshake with
cname=128.171.77.23

2021-02-11 13:26:32:654 [linphone/belle-sip] MESSAGE Channel
[0x7fc8b8000000]: SSL handshake in progress...

2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate
depth=[2], flags=[]:

cert. version     : 3

serial number     : 44:AF:B0:80:D6:A3:27:BA:89:30:39:86:2E:F8:40:6B

issuer name       : O=Digital Signature Trust Co., CN=DST Root CA X3

subject name      : O=Digital Signature Trust Co., CN=DST Root CA X3

issued  on        : 2000-09-30 21:12:19

expires on        : 2021-09-30 14:01:15

signed using      : RSA with SHA1

RSA key size      : 2048 bits

basic constraints : CA=true

key usage         : Key Cert Sign, CRL Sign


2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate
depth=[1], flags=[]:

cert. version     : 3

serial number     : 40:01:75:04:83:14:A4:C8:21:8C:84:A9:0C:16:CD:DF

issuer name       : O=Digital Signature Trust Co., CN=DST Root CA X3

subject name      : C=US, O=Let's Encrypt, CN=R3

issued  on        : 2020-10-07 19:21:40

expires on        : 2021-09-29 19:21:40

signed using      : RSA with SHA-256

RSA key size      : 2048 bits

basic constraints : CA=true, max_pathlen=0

key usage         : Digital Signature, Key Cert Sign, CRL Sign

ext key usage     : TLS Web Server Authentication, TLS Web Client
Authentication


2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate
depth=[0], flags=[CN-mismatch ]:

cert. version     : 3

serial number     : 03:F0:83:3C:5D:41:76:BC:4E:B2:E6:AB:60:8C:F9:5E:27:86

issuer name       : C=US, O=Let's Encrypt, CN=R3

subject name      : CN=voip1.ifa.hawaii.edu

issued  on        : 2020-12-30 02:56:29

expires on        : 2021-03-30 02:56:29

signed using      : RSA with SHA-256

RSA key size      : 2048 bits

basic constraints : CA=false

subject alt name  : voip1.ifa.hawaii.edu

key usage         : Digital Signature, Key Encipherment

ext key usage     : TLS Web Server Authentication, TLS Web Client
Authentication


2021-02-11 13:26:32:674 [linphone/belle-sip] ERROR Channel
[0x7fc8b8000000]: SSL handshake failed : X509 - Certificate verification
failed, e.g. CRL, CA or signature check failed

2021-02-11 13:26:32:674 [linphone/belle-sip] ERROR Cannot connect to [TLS://
128.171.77.23:5061]


On Mon, Feb 8, 2021 at 12:27 PM Joshua C. Colp <jcolp at digium.com> wrote:

> On Mon, Feb 8, 2021 at 6:14 PM Ruisheng Peng <rpeng at ifa.hawaii.edu> wrote:
>
>> Thanks Jashua for the suggestion.  To find out if the issue was only
>> limited to the softphone that was using tls transport (SOFTPHONE_B on ext
>> 103, a linphone running off my MBP), I also turned one of the hard phone
>> (0000f30A0A01 on ext 100, a Yealink T32G) into using tls transport.  It
>> behaves similarly to the linphone in that the Hangup() call in dialplan is
>> silently ignored, and the handsets would alway appear as busy/unavilable.
>>
>
> Have you configured the devices, on them or using their provisioning, to
> use TLS? It does not appear so as they are using UDP, while you're forcing
> a TLS transport in Asterisk. This would not work.
>
> --
> Joshua C. Colp
> Asterisk Technical Lead
> Sangoma Technologies
> Check us out at www.sangoma.com and www.asterisk.org
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>       https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20210211/d2950c89/attachment.html>

More information about the asterisk-users mailing list