tls open problem

Any and all non-support discussions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

tls open problem

Postby liigi » Sun May 23, 2021 4:09 pm

Hello everyone, how are you?
I come to you to help me diagnose my system
Version: 2.14b0.5
SVN Version: 3309
DB Schema Version: 1609
DB Schema Update Date: 2020-11-03 21:32:28

I have 5 dialers that have worked without problems, I have used the webphone. Today I saw the need to change my domain and therefore all the urls and certificates, I followed the documented process which I have always used without inconvenience.
however after changing everything I have an annoying error in the asterisk cli that I cannot solve

[May 23 16:12:04] ERROR[8122]: tcptls.c:727 handle_tcptls_connection: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
[May 23 16:12:04] WARNING[8122]: tcptls.c:814 handle_tcptls_connection: FILE * open failed!

I can call without problems, but every so often a call fails. Any ideas?
liigi
 
Posts: 70
Joined: Wed Jul 13, 2016 4:39 pm

Re: tls open problem

Postby liigi » Sun May 23, 2021 6:07 pm

I did the following
-replace the certificate on all the dialer for a new certificate wildcar of the new domain
-replace de server Web Socket UR and External Web Socket URL
-Replace the url in astguiclient scripts

after that , the asterisk cli show de error above
i think that maybe the certificate is broken so i brought a new on , but is the same result tls open error

i change the file permisions to 777 or 444 and reboot and the same result

my conclusion is that for some reason the asterisk is affected by the domain change in the certificate, but why?
liigi
 
Posts: 70
Joined: Wed Jul 13, 2016 4:39 pm

Re: tls open problem

Postby alo » Mon May 24, 2021 12:06 am

maybe its the phone template?
alo
 
Posts: 187
Joined: Wed Jun 20, 2012 10:21 am

Re: tls open problem

Postby carpenox » Mon May 24, 2021 7:23 am

two things, one, have you updated your openssl in the past few months? second, did you change the directories permissions for the certificate itself, within the "live" folder? anyone on here is always welcome to message me directly thru any of the methods in my signature, webrtc is one of my specialties and ive helped a couple hundred people on here get it working on their systems, so please feel free to hit me up, preferrably on skype
Alma Linux 9.3 | Version: 2.14-911a | SVN Version: 3815 | DB Schema Version: 1710 | Asterisk 18.18.1
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WhatsApp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 2230
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: tls open problem

Postby liigi » Mon May 24, 2021 8:31 am

the phone template is ok , i have ben use it for 1 years ago .

"have you updated your openssl in the past few months? "

yes, I used a free certificate so I should change it every 3 months and it works without problems.but now as I try to change domain I get this error.in fact to solve the problem create a new certificate (with the same method and configuration) with the "old domain" and it works without problems.

the only difference between the certificate that causes me problems and the one that works is that they were created for different domains
liigi
 
Posts: 70
Joined: Wed Jul 13, 2016 4:39 pm

Re: tls open problem

Postby liigi » Mon May 24, 2021 8:48 am

I moved the certificates to a root folder call it "ssl" change the folder and the certificate permissions.but they have always been there, and the permissions are the same that I use with the certificate that works
liigi
 
Posts: 70
Joined: Wed Jul 13, 2016 4:39 pm

Re: tls open problem

Postby carpenox » Mon May 24, 2021 11:34 am

no i mean the actual package for openssl, zypper up openssl if you are using leap and check if it tries to update, what OS are you running on?
Alma Linux 9.3 | Version: 2.14-911a | SVN Version: 3815 | DB Schema Version: 1710 | Asterisk 18.18.1
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WhatsApp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 2230
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: tls open problem

Postby liigi » Mon May 24, 2021 12:00 pm

no no updated ,openSUSE-Leap-15.1 and OpenSSL 1.1.0i-fips 14 Aug 2018
liigi
 
Posts: 70
Joined: Wed Jul 13, 2016 4:39 pm

Re: tls open problem

Postby carpenox » Mon May 24, 2021 12:06 pm

ok well 15.1 is end of life and doesnt really get the updates you need anymore, you should update to 15.2 and update your openssl, there is a few packages you will need for webrtc to work right now, check out my blog post about upgrading here: https://cyburityllc.com/?p=1706

i hope this helps, feel free to hit me up on skype if you have questions
Alma Linux 9.3 | Version: 2.14-911a | SVN Version: 3815 | DB Schema Version: 1710 | Asterisk 18.18.1
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WhatsApp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 2230
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: tls open problem

Postby liigi » Mon May 24, 2021 12:53 pm

but I can't understand, my webrtc works perfectly, I'm using it right now. the warnings appear only when changing the domain of the certificate, it's something that doesn't make sense to me
liigi
 
Posts: 70
Joined: Wed Jul 13, 2016 4:39 pm

Re: tls open problem

Postby liigi » Tue Jun 01, 2021 4:59 pm

Any other idea,



I doubt that performing update will solve the problem since now it works without problem, it only throws warnings when I replace the certificate
liigi
 
Posts: 70
Joined: Wed Jul 13, 2016 4:39 pm

Re: tls open problem

Postby carpenox » Tue Jun 01, 2021 7:10 pm

chmod your cert directory with 744
Alma Linux 9.3 | Version: 2.14-911a | SVN Version: 3815 | DB Schema Version: 1710 | Asterisk 18.18.1
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WhatsApp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 2230
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: tls open problem

Postby liigi » Mon Jul 05, 2021 8:26 am

I tried everything and I still have the errors in 4 pbx of 7 .


[Jul 5 09:17:46] ERROR[11319]: tcptls.c:727 handle_tcptls_connection: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
[Jul 5 09:17:46] WARNING[11319]: tcptls.c:814 handle_tcptls_connection: FILE * open failed!


sigo verificando .hasta ahora no hay problemas de audio o en el funcionamiento del webrtc
liigi
 
Posts: 70
Joined: Wed Jul 13, 2016 4:39 pm

Re: tls open problem

Postby carpenox » Mon Jul 05, 2021 2:54 pm

Ulimit -n 65536
Alma Linux 9.3 | Version: 2.14-911a | SVN Version: 3815 | DB Schema Version: 1710 | Asterisk 18.18.1
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WhatsApp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 2230
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 67 guests