WebRTC with SIPML5 showing SSL error

amitjain · April 24, 2023, 7:36am

following error

[Apr 24 12:22:41] ERROR[1710112]: iostream.c:647 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
[Apr 24 12:22:41] ERROR[1710112]: tcptls.c:179 handle_tcptls_connection: Unable to set up ssl connection with peer ‘192.168.1.1:51846’
[Apr 24 12:22:41] ERROR[1710112]: iostream.c:552 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0):func(0):reason(1), Internal SSL error

following code / conf I diid

certificate created by following cmd
openssl req -new -newkey rsa:4096 -nodes -keyout server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

sip.conf
[general]
transport=udp,ws,wss
srvlookup=yes
udpbindaddr=0.0.0.0
tcpenable=no
tcpbindaddr=0.0.0.0
transport=udp,ws,wss
context=default
allowoverlap=no
auth_rejection_permanent=yes
useragent=Asterisk PBX 18.13.0

[1000]
type=friend
secret=secret123
host=dynamic
context=default
dtmfmode=rfc2833
directmedia=no
transport=udp,ws,wss
icesupport=yes
encryption=yes
avpf=yes
force_avp=yes
nat=force_rport,comedia
qualify=yes
insecure=port,invite

http.conf
[general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/asterisk/keys/server.crt
tlsprivatekey=/etc/asterisk/keys/server.key

extension.conf
[default]
exten => 1000,1,Dial(SIP/1000)
same => n,Hangup()

found all SSL certificate with HTTPS found ok while use with SIPML5 web get “Internal SSL error” error

Please help on this.

david551 · April 24, 2023, 12:24pm

Why are you worrying about SSL when you are wide open to attack?

(The correct fix for this is to re-implement from first principles, using chan_pjsip, as chan_sip is pretty much dead. First principles because misuse of insecure, like this, is generally the result of blindly copying code without understanding it, and which was probably also copied through several generations, without understanding.)

amitjain · April 24, 2023, 12:59pm

Hello

after disable ;insecure=port,invite

same error

[Apr 24 18:26:52] ERROR[1861445]: iostream.c:647 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
[Apr 24 18:26:52] ERROR[1861445]: tcptls.c:179 handle_tcptls_connection: Unable to set up ssl connection with peer ‘192.168.1.1:49463’
[Apr 24 18:26:52] ERROR[1861445]: iostream.c:552 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0):func(0):reason(1), Internal SSL error

Please help on solve.

david551 · April 24, 2023, 1:45pm

You obviously didn’t read what insecure actually does.

It doesn’t affect your failure. What it does is mean that anyone can make calls with the privileges of device 1000 (which I assume looks like an internal extension and can make billable calls) without needing to know the password.

In general, I don’t think WebRTC systems are set to authenticate the browser user using SSL, so that mean that anyone can make calls.

amitjain · April 27, 2023, 7:01am

Thanks, please help on resolve below error

[Apr 24 18:26:52] ERROR[1861445]: iostream.c:647 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
[Apr 24 18:26:52] ERROR[1861445]: tcptls.c:179 handle_tcptls_connection: Unable to set up ssl connection with peer ‘192.168.1.1:49463’
[Apr 24 18:26:52] ERROR[1861445]: iostream.c:552 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0):func(0):reason(1), Internal SSL error

system · May 27, 2023, 7:02am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.