Page 1 of 1

tls open problem

PostPosted: Sun May 23, 2021 4:09 pm
by liigi
Hello everyone, how are you?
I come to you to help me diagnose my system
Version: 2.14b0.5
SVN Version: 3309
DB Schema Version: 1609
DB Schema Update Date: 2020-11-03 21:32:28

I have 5 dialers that have worked without problems, I have used the webphone. Today I saw the need to change my domain and therefore all the urls and certificates, I followed the documented process which I have always used without inconvenience.
however after changing everything I have an annoying error in the asterisk cli that I cannot solve

[May 23 16:12:04] ERROR[8122]: tcptls.c:727 handle_tcptls_connection: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
[May 23 16:12:04] WARNING[8122]: tcptls.c:814 handle_tcptls_connection: FILE * open failed!

I can call without problems, but every so often a call fails. Any ideas?

Re: tls open problem

PostPosted: Sun May 23, 2021 6:07 pm
by liigi
I did the following
-replace the certificate on all the dialer for a new certificate wildcar of the new domain
-replace de server Web Socket UR and External Web Socket URL
-Replace the url in astguiclient scripts

after that , the asterisk cli show de error above
i think that maybe the certificate is broken so i brought a new on , but is the same result tls open error

i change the file permisions to 777 or 444 and reboot and the same result

my conclusion is that for some reason the asterisk is affected by the domain change in the certificate, but why?

Re: tls open problem

PostPosted: Mon May 24, 2021 12:06 am
by alo
maybe its the phone template?

Re: tls open problem

PostPosted: Mon May 24, 2021 7:23 am
by carpenox
two things, one, have you updated your openssl in the past few months? second, did you change the directories permissions for the certificate itself, within the "live" folder? anyone on here is always welcome to message me directly thru any of the methods in my signature, webrtc is one of my specialties and ive helped a couple hundred people on here get it working on their systems, so please feel free to hit me up, preferrably on skype

Re: tls open problem

PostPosted: Mon May 24, 2021 8:31 am
by liigi
the phone template is ok , i have ben use it for 1 years ago .

"have you updated your openssl in the past few months? "

yes, I used a free certificate so I should change it every 3 months and it works without problems.but now as I try to change domain I get this error.in fact to solve the problem create a new certificate (with the same method and configuration) with the "old domain" and it works without problems.

the only difference between the certificate that causes me problems and the one that works is that they were created for different domains

Re: tls open problem

PostPosted: Mon May 24, 2021 8:48 am
by liigi
I moved the certificates to a root folder call it "ssl" change the folder and the certificate permissions.but they have always been there, and the permissions are the same that I use with the certificate that works

Re: tls open problem

PostPosted: Mon May 24, 2021 11:34 am
by carpenox
no i mean the actual package for openssl, zypper up openssl if you are using leap and check if it tries to update, what OS are you running on?

Re: tls open problem

PostPosted: Mon May 24, 2021 12:00 pm
by liigi
no no updated ,openSUSE-Leap-15.1 and OpenSSL 1.1.0i-fips 14 Aug 2018

Re: tls open problem

PostPosted: Mon May 24, 2021 12:06 pm
by carpenox
ok well 15.1 is end of life and doesnt really get the updates you need anymore, you should update to 15.2 and update your openssl, there is a few packages you will need for webrtc to work right now, check out my blog post about upgrading here: https://cyburityllc.com/?p=1706

i hope this helps, feel free to hit me up on skype if you have questions

Re: tls open problem

PostPosted: Mon May 24, 2021 12:53 pm
by liigi
but I can't understand, my webrtc works perfectly, I'm using it right now. the warnings appear only when changing the domain of the certificate, it's something that doesn't make sense to me

Re: tls open problem

PostPosted: Tue Jun 01, 2021 4:59 pm
by liigi
Any other idea,



I doubt that performing update will solve the problem since now it works without problem, it only throws warnings when I replace the certificate

Re: tls open problem

PostPosted: Tue Jun 01, 2021 7:10 pm
by carpenox
chmod your cert directory with 744

Re: tls open problem

PostPosted: Mon Jul 05, 2021 8:26 am
by liigi
I tried everything and I still have the errors in 4 pbx of 7 .


[Jul 5 09:17:46] ERROR[11319]: tcptls.c:727 handle_tcptls_connection: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
[Jul 5 09:17:46] WARNING[11319]: tcptls.c:814 handle_tcptls_connection: FILE * open failed!


sigo verificando .hasta ahora no hay problemas de audio o en el funcionamiento del webrtc

Re: tls open problem

PostPosted: Mon Jul 05, 2021 2:54 pm
by carpenox
Ulimit -n 65536