Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[asterisk-users] TLS problem


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users
View previous topic :: View next topic  
Author Message
hw at gc-24.de
Guest





PostPosted: Wed Aug 24, 2016 11:47 am    Post subject: [asterisk-users] TLS problem Reply with quote

Hi,

I´m trying to get TLS to work with asterisk and client phones,
and all I´m getting from asterisk is


[Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection: FILE * open failed!
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Aug 23 11:46:44] WARNING[1171]: tcptls.c:673 handle_tcptls_connection: FILE * open failed!


when clients try to connect. No client is able to register using TLS.

How can I use encrypted connections?

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
hw at gc-24.de
Guest





PostPosted: Fri Aug 26, 2016 4:47 am    Post subject: [asterisk-users] TLS problem Reply with quote

hw schrieb:
Quote:

Hi,

I´m trying to get TLS to work with asterisk and client phones,
and all I´m getting from asterisk is


[Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection: FILE * open failed!
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Aug 23 11:46:44] WARNING[1171]: tcptls.c:673 handle_tcptls_connection: FILE * open failed!


when clients try to connect. No client is able to register using TLS.

How can I use encrypted connections?


Nobody having an idea? Nobody using encryption?


--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
lardconcepts at gmail.com
Guest





PostPosted: Fri Aug 26, 2016 4:59 am    Post subject: [asterisk-users] TLS problem Reply with quote

Well, what immediately stands out is:
"FILE * open failed!"

Have you triple checked that the full filepath is correct and that the
user that Asterisk is running as has full permissions to access your
valid certificate file?

I have it working with microsip and a free TLS cert from LetsEncrypt.
When I get to the PC with that on, I can write up what settings I've
got if that helps?


On 26 August 2016 at 10:47, hw <hw@gc-24.de> wrote:
Quote:
hw schrieb:
Quote:


Hi,

I´m trying to get TLS to work with asterisk and client phones,
and all I´m getting from asterisk is


[Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!
== Problem setting up ssl connection:
error:00000000:lib(0):func(0):reason(0)
[Aug 23 11:46:44] WARNING[1171]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!


when clients try to connect. No client is able to register using TLS.

How can I use encrypted connections?


Nobody having an idea? Nobody using encryption?



--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
hw at gc-24.de
Guest





PostPosted: Fri Aug 26, 2016 5:36 am    Post subject: [asterisk-users] TLS problem Reply with quote

Jonathan H schrieb:
Quote:
Well, what immediately stands out is:
"FILE * open failed!"

Yes, and it doesn´t say which file cannot be opened. I even looked at
the source and found that at that point, you can´t simply add some
debugging output to find out.

Quote:
Have you triple checked that the full filepath is correct and that the
user that Asterisk is running as has full permissions to access your
valid certificate file?

It says 'SSL certificate ok' when I 'reload sip'. When it can´t read one
of the files involved with the certificate, it says which one.

Quote:
I have it working with microsip and a free TLS cert from LetsEncrypt.
When I get to the PC with that on, I can write up what settings I've
got if that helps?

I´m using a self signed certificate, but that shouldn´t behave any
differently than an externally sigend one as long as it checks out,
which it apparently does.

So yes, it would be nice if you could send me the settings you´re using,
thanks :)


Quote:


On 26 August 2016 at 10:47, hw <hw@gc-24.de> wrote:
Quote:
hw schrieb:
Quote:


Hi,

I´m trying to get TLS to work with asterisk and client phones,
and all I´m getting from asterisk is


[Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!
== Problem setting up ssl connection:
error:00000000:lib(0):func(0):reason(0)
[Aug 23 11:46:44] WARNING[1171]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!


when clients try to connect. No client is able to register using TLS.

How can I use encrypted connections?


Nobody having an idea? Nobody using encryption?



--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users



--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
lardconcepts at gmail.com
Guest





PostPosted: Sun Aug 28, 2016 1:24 pm    Post subject: [asterisk-users] TLS problem Reply with quote

Sorry, things got a bit behind. I was about to settle down and type
something up, when I notice you mention SIP.

Sorry, I've not used that - I'm only familiar with the current pjsip
implementation on 13.10.

Which looks like this:

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/letsencrypt/live/mysite.co.uk/fullchain.pem
priv_key_file=/etc/letsencrypt/live/mysite.co.uk/privkey.pem
method=tlsv1

But this won't be any good to you on sip. What version of Asterisk are
you using?

On 26 August 2016 at 11:36, hw <hw@gc-24.de> wrote:
Quote:
Jonathan H schrieb:
Quote:

Well, what immediately stands out is:
"FILE * open failed!"


Yes, and it doesn´t say which file cannot be opened. I even looked at
the source and found that at that point, you can´t simply add some
debugging output to find out.

Quote:
Have you triple checked that the full filepath is correct and that the
user that Asterisk is running as has full permissions to access your
valid certificate file?


It says 'SSL certificate ok' when I 'reload sip'. When it can´t read one
of the files involved with the certificate, it says which one.

Quote:
I have it working with microsip and a free TLS cert from LetsEncrypt.
When I get to the PC with that on, I can write up what settings I've
got if that helps?


I´m using a self signed certificate, but that shouldn´t behave any
differently than an externally sigend one as long as it checks out,
which it apparently does.

So yes, it would be nice if you could send me the settings you´re using,
thanks :)



Quote:


On 26 August 2016 at 10:47, hw <hw@gc-24.de> wrote:
Quote:

hw schrieb:
Quote:



Hi,

I´m trying to get TLS to work with asterisk and client phones,
and all I´m getting from asterisk is


[Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!
== Problem setting up ssl connection:
error:00000000:lib(0):func(0):reason(0)
[Aug 23 11:46:44] WARNING[1171]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!


when clients try to connect. No client is able to register using TLS.

How can I use encrypted connections?


Nobody having an idea? Nobody using encryption?



--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users




--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
asterisk3 at pi4tel.de
Guest





PostPosted: Sun Aug 28, 2016 4:51 pm    Post subject: [asterisk-users] TLS problem Reply with quote

On Fri, Aug 26, 2016 at 12:36:05PM +0200, hw wrote:
Quote:
Jonathan H schrieb:
Quote:
Well, what immediately stands out is:
"FILE * open failed!"

Yes, and it doesn´t say which file cannot be opened. I even looked at
the source and found that at that point, you can´t simply add some
debugging output to find out.

It is not a file on your computers disk. It is a connection attempt
from one of your phones. If a phone is configured to use tcp without
tls and connect to the port used for tls (default 5061) you will see
a message like this. (just an example - different situation here)

"WARNING[1170]: tcptls.c:673 handle_tcptls_connection ..."

Handle ... connection ...



"Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)"

ERR_get_error returns 0 if there is no error in the queue. According
to the description [1] this may happen and it would be possible to
find out more about the error.


Try to connect using "openssl s_client".


1) https://www.openssl.org/docs/manmaster/ssl/SSL_get_error.html


--
Stefan Tichy ( asterisk3 at pi4tel dot de )

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services