VoIP Mailing List Archives :: View topic - [asterisk-users] TLS problem

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-users] TLS problem

VoIP Mailing List Archives Forum Index -> Asterisk Users

View previous topic :: View next topic

Author

Message

hw at gc-24.de
Guest

Posted: Wed Aug 24, 2016 11:47 am Post subject: [asterisk-users] TLS problem

Hi, IÂ´m trying to get TLS to work with asterisk and client phones, and all IÂ´m getting from asterisk is [Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection: FILE * open failed! == Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0) [Aug 23 11:46:44] WARNING[1171]: tcptls.c:673 handle_tcptls_connection: FILE * open failed! when clients try to connect. No client is able to register using TLS. How can I use encrypted connections? -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016 http://www.asterisk.org/community/astricon-user-conference New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

hw at gc-24.de
Guest

Posted: Fri Aug 26, 2016 4:47 am Post subject: [asterisk-users] TLS problem

hw schrieb:

Quote:

Hi,

IÂ´m trying to get TLS to work with asterisk and client phones,
and all IÂ´m getting from asterisk is

[Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection: FILE * open failed!
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Aug 23 11:46:44] WARNING[1171]: tcptls.c:673 handle_tcptls_connection: FILE * open failed!

when clients try to connect. No client is able to register using TLS.

How can I use encrypted connections?

Nobody having an idea? Nobody using encryption?

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

lardconcepts at gmail.com
Guest

Posted: Fri Aug 26, 2016 4:59 am Post subject: [asterisk-users] TLS problem

Well, what immediately stands out is:
"FILE * open failed!"

Have you triple checked that the full filepath is correct and that the
user that Asterisk is running as has full permissions to access your
valid certificate file?

I have it working with microsip and a free TLS cert from LetsEncrypt.
When I get to the PC with that on, I can write up what settings I've
got if that helps?

On 26 August 2016 at 10:47, hw <hw@gc-24.de> wrote:

Quote:

hw schrieb:

Quote:

Hi,

IÂ´m trying to get TLS to work with asterisk and client phones,
and all IÂ´m getting from asterisk is

[Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!
== Problem setting up ssl connection:
error:00000000:lib(0):func(0):reason(0)
[Aug 23 11:46:44] WARNING[1171]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!

when clients try to connect. No client is able to register using TLS.

How can I use encrypted connections?

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

hw at gc-24.de
Guest

Posted: Fri Aug 26, 2016 5:36 am Post subject: [asterisk-users] TLS problem

Jonathan H schrieb:

Quote:

Well, what immediately stands out is:
"FILE * open failed!"

Yes, and it doesnÂ´t say which file cannot be opened. I even looked at
the source and found that at that point, you canÂ´t simply add some
debugging output to find out.

Quote:

Have you triple checked that the full filepath is correct and that the
user that Asterisk is running as has full permissions to access your
valid certificate file?

It says 'SSL certificate ok' when I 'reload sip'. When it canÂ´t read one
of the files involved with the certificate, it says which one.

Quote:

I have it working with microsip and a free TLS cert from LetsEncrypt.
When I get to the PC with that on, I can write up what settings I've
got if that helps?

IÂ´m using a self signed certificate, but that shouldnÂ´t behave any
differently than an externally sigend one as long as it checks out,
which it apparently does.

So yes, it would be nice if you could send me the settings youÂ´re using,
thanks :)

Quote:

On 26 August 2016 at 10:47, hw <hw@gc-24.de> wrote:

Quote:

hw schrieb:

Quote:

Hi,

IÂ´m trying to get TLS to work with asterisk and client phones,
and all IÂ´m getting from asterisk is

[Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!
== Problem setting up ssl connection:
error:00000000:lib(0):func(0):reason(0)
[Aug 23 11:46:44] WARNING[1171]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!

when clients try to connect. No client is able to register using TLS.

How can I use encrypted connections?

lardconcepts at gmail.com
Guest

Posted: Sun Aug 28, 2016 1:24 pm Post subject: [asterisk-users] TLS problem

Sorry, things got a bit behind. I was about to settle down and type
something up, when I notice you mention SIP.

Sorry, I've not used that - I'm only familiar with the current pjsip
implementation on 13.10.

Which looks like this:

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/letsencrypt/live/mysite.co.uk/fullchain.pem
priv_key_file=/etc/letsencrypt/live/mysite.co.uk/privkey.pem
method=tlsv1

But this won't be any good to you on sip. What version of Asterisk are
you using?

On 26 August 2016 at 11:36, hw <hw@gc-24.de> wrote:

Quote:

Jonathan H schrieb:

Quote:

Well, what immediately stands out is:
"FILE * open failed!"

Yes, and it doesnÂ´t say which file cannot be opened. I even looked at
the source and found that at that point, you canÂ´t simply add some
debugging output to find out.

Quote:

Have you triple checked that the full filepath is correct and that the
user that Asterisk is running as has full permissions to access your
valid certificate file?

It says 'SSL certificate ok' when I 'reload sip'. When it canÂ´t read one
of the files involved with the certificate, it says which one.

Quote:

I have it working with microsip and a free TLS cert from LetsEncrypt.
When I get to the PC with that on, I can write up what settings I've
got if that helps?

Quote:

On 26 August 2016 at 10:47, hw <hw@gc-24.de> wrote:

Quote:

hw schrieb:

Quote:

Hi,

IÂ´m trying to get TLS to work with asterisk and client phones,
and all IÂ´m getting from asterisk is

[Aug 23 11:46:42] WARNING[1170]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!
== Problem setting up ssl connection:
error:00000000:lib(0):func(0):reason(0)
[Aug 23 11:46:44] WARNING[1171]: tcptls.c:673 handle_tcptls_connection:
FILE * open failed!

when clients try to connect. No client is able to register using TLS.

How can I use encrypted connections?

asterisk3 at pi4tel.de
Guest

Posted: Sun Aug 28, 2016 4:51 pm Post subject: [asterisk-users] TLS problem

On Fri, Aug 26, 2016 at 12:36:05PM +0200, hw wrote:

Quote:

Jonathan H schrieb:

Quote:

Well, what immediately stands out is:
"FILE * open failed!"

Yes, and it doesn´t say which file cannot be opened. I even looked at
the source and found that at that point, you can´t simply add some
debugging output to find out.

It is not a file on your computers disk. It is a connection attempt
from one of your phones. If a phone is configured to use tcp without
tls and connect to the port used for tls (default 5061) you will see
a message like this. (just an example - different situation here)

"WARNING[1170]: tcptls.c:673 handle_tcptls_connection ..."

Handle ... connection ...

"Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)"

ERR_get_error returns 0 if there is no error in the queue. According
to the description [1] this may happen and it would be possible to
find out more about the error.

Try to connect using "openssl s_client".

1) https://www.openssl.org/docs/manmaster/ssl/SSL_get_error.html

--
Stefan Tichy ( asterisk3 at pi4tel dot de )

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Users	All times are GMT - 5 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum