I am currently testing asterisk on tls mode. Over the last few day I have been blocked by the same error message over and over again. The same error appears on three different setup systems.
Basicity every time i try to register over tls transport following error occurs:
##sip reload message on CLI terminal
…
Reloading SIP
== Parsing ‘/etc/asterisk/sip.conf’: Found
== Parsing ‘/etc/asterisk/users.conf’: Found
== Using SIP CoS mark 4
== TLS/SSL ECDH initialized (secp256r1), faster PFS cipher-suites enabled
== TLS/SSL certificate ok
== Parsing ‘/etc/asterisk/sip_notify.conf’: Found
ERROR[6550]: tcptls.c:693 handle_tcptls_connection: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
ERROR[6550]: tcptls.c:693 handle_tcptls_connection: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
WARNING[6550]: tcptls.c:780 handle_tcptls_connection: FILE * open failed!
WARNING[6550]: tcptls.c:780 handle_tcptls_connection: FILE * open failed!
…
##CLI end the the error goes on
##sip.conf
[general]
udpenable=yes
tlsenable=yes
tcpenable=yes
bindaddr=192.168.X.X ;run on the local IP
tlsbindaddr=192.168.X.X ;as above
tlsbindport=5061
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlsprivatekey=/etc/asterisk/keys/asterisk.key
tlscafile=/etc/asterisk/keys/ca.crt
tlscapath=/etc/asterisk/keys
tlscipher=ADH-AES256-SHA,ADH-AES128-SHA
tlsclientmethod=TLSv1
tlsdontverifyserver=yes,no ; doesn’t ma any difference
self-signed certificates generated by ast_tls_cert script found in asterisk contrib/scripts folder.
According to the documentation form: https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial
The error repeated on debian9 with asterisk 14.7.4 (virtualbox), also on debian9 workstation and centos7 (run on virtualbox) all over the same error.
Any register without tls, base on tcp, or udp works fine. Testing form softphone (blink)
I am guessing is is some extra tiny configuration missing somewhere.
Is any expert around this issue I happy to have a look in it.
Highly appreciate any help and suggestions.
Today gets even more interesting. On virtualbox (runs debian 9) after reinstalling asterisk shows (log including debugging 10):
iostream.c:602 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
iostream.c:507 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0):func(0):reason(1), Internal SSL error
iostream.c:602 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
iostream.c:507 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0):func(0):reason(1), Internal SSL error
Shark analysis showed error on handshake failure (server => client) . Sip stats reports tons of (404 not found) responds.
I am pretty sure this problem is trivial.
So far I am writing to myself but maybe one day…
OK
Here we go.
There is definitely something on the table. Any clean fresh installation ends up with iosteram error. Currently I have one physical debian 9 and two virtualbox (debian 9, and centos 7) all of the shows the same SSL_shutdown() failed.
###CLI terminal
…
ERROR[16552]: iostream.c:602 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
ERROR[16552]: iostream.c:507 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0):func(0):reason(1), Internal SSL error
ERROR[16553]: iostream.c:602 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
ERROR[16553]: iostream.c:507 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0):func(0):reason(1), Internal SSL error
…
###CLI end
The only thing that I could find is the error that I have reported early (404 respond) that where related to SIP without maibox, we can ignored.