SSL problems (Handshake)

Hello i’m trying to give acces via wss to Odoo and i think i’ve everythin up & running except the cert problems.
Steps i follow :

1. Tutorial from asterisk to setup tls/wss
2. Create certificates with the ast_tls_cert and having the .pem .crt .key files

[pjsip.conf]

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
cipher=ADH-AES128-SHA256
method=tlsv1

[http.conf]

servername=Asterisk
enabled=Yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes          ; enable tls - default no.
tlsbindaddr=192.168.1.227:8089    ; address and port to bind to - default is bindaddr and port 8089.
;tlsdontverifyserver=yes
tlscertfile=/etc/asterisk/keys/asterisk.pem  ; path to the certificate file (*.pem) only.
;tlscafile=/etc/asterisk/keys/asterisk.crt
;tlsprivatekey=/etc/asterisk/keys/asterisk_key.pem    ; path to private key file (*.pem) only.
;tlsprivatekey=/etc/asterisk/keys/ca.pem

Here the tutorial seems to be not very clear as it requires in the key private a .pem file but the script does not create one.
Am i missing something there?

And when trying to connect through https://www.websocket.org/echo.html using
wss://<ip_address>:5061/ws
i’m getting in the console this errors
WARNING[21949]: pjproject: <?>: | SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337625269> len: 0 peer: 192.168.1.1:47932|
|—|---|
WARNING[21949]: pjproject: <?>: | SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337625269> len: 0 peer: 192.168.1.1:47934|

Also my local chrome have connection to it…

websocket-asterisk.png860×86 8.11 KB

The error shown when i try an external connection:

asterisk-handshake-error.png1805×54 20.1 KB

Can someone helps me with this?

Regards

In your echo attempt you were using port 5061 instead of 8089. You can’t connect to port 5061 as that is for SIP TLS, not HTTPS Websocket.

But if i change to port 8089, i’ve no answer to my asterisk.

Can you point me out what i’m doing wrong?
Thanks

You’ll need to be more specific about what exactly you are wanting to do, what you’ve tried, and what you are expecting.

I’m trying to connect Odoo which uses a wss://<ip_adrr>:<_port>/ws to connect to asterisk, but with no luck.
Internally everything works fine with calling extensions and also external connections with 3cx softphones to asterisk.
I think that my mistake is about the ssl certificates as i pointed above with the 2 .pem files required

Is the certificate self signed? Does Odoo allow self signed certificates? What does it say when you try? Did you use the 8089 port and address? I should also add that I don’t believe Odoo has ever been tested against Asterisk over websockets.

i create them following https://wiki.asterisk.org/wiki/display/AST/Configuring+Asterisk+for+WebRTC+Clients

To test the connection to wss://…/ws i use https://www.websocket.org/echo.html with the port 8089 but no reply from asterisk. If i change to 5061 the console replies with the handshake error.

On connection Asterisk wouldn’t send anything. If it connected, then the websocket was successfully established.

Thanks for your reply jcolp.
Answering your questions :

Is the certificate self signed?
The certificate is self signed, yes

Does Odoo allow self signed certificates?
It does

Did you use the 8089 port and address?
Yes i did, and this is the reply when i try it.

ERROR[21323]: tcptls.c:157 handle_tcptls_connection: Unable to set up ssl connection with peer '<ip_addr>:18994
iostream.c:538 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0):func(0):reason(1), Internal SSL error
ERROR[21324]: iostream.c:633 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL

What TLS version does Odoo support? What ciphers? Does it give you any indication of a problem? What version of OpenSSL is in use?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.