VoIP Mailing List Archives

davidswalkabout at gma... · Guest

FYI, we just noticed that Chrome 98 beta rejects these certs as "lost sleep", and the FS 1.10.7 log shows "BAD READ -1". But Chrome 97 and Firefox do not show these problems.

We haven't found a resolution nor bug report, but I'll followup if we do.

davidswalkabout at gma... · Guest

FYI, we support only TLSv1.2

On Wed, Jan 12, 2022 at 12:38 PM David P <davidswalkabout@gmail.com (davidswalkabout@gmail.com)> wrote:

davidswalkabout at gma... · Guest

In our FS1.10.7 log, this sequence occurs repeatedly with Chrome98 Beta but not Chrome97 Stable...

-----------------------------------------------------------------------------------
2022-01-12 02:33:29.525407 98.60% [DEBUG] mod_verto.c:607 WRITE 151.210.x.y:4790 [{
"jsonrpc": "2.0",
"id": 3,
"result": {
"message": "logged in",
"sessid": "97524066-1470-4aca-b143-a04c4eaceed9"
}
}]
2022-01-12 02:33:29.565399 98.60% [DEBUG] mod_verto.c:607 WRITE 151.210.x.y:4790 [{
"jsonrpc": "2.0",
"id": 501,
"method": "verto.clientReady",
"params": {
"reattached_sessions": []
}
}]
2022-01-12 02:33:40.565395 98.83% [WARNING] mod_verto.c:1904 151.210.x.y:4790 BAD READ -1
2022-01-12 02:33:40.565395 98.83% [DEBUG] mod_verto.c:2045 151.210.x.y:4790 Ending client thread.
2022-01-12 02:33:40.565395 98.83% [DEBUG] mod_verto.c:2053 151.210.x.y:4790 Thread ended
2022-01-12 02:33:41.785412 98.87% [DEBUG] mod_verto.c:4273 151.210.x.y:33838 Client Connect from 151.210.x.y:33838 accepted
2022-01-12 02:33:41.785412 98.87% [DEBUG] mod_verto.c:2018 151.210.x.y:33838 Starting client thread.
2022-01-12 02:33:44.045410 98.90% [DEBUG] mod_verto.c:1414 READ 151.210.x.y:33838 [{
"jsonrpc": "2.0",
"method": "login",
"params": {
"sessid": "97524066-1470-4aca-b143-a04c4eaceed9"
},
"id": 4
}]

-----------------------------------------------------------------------------------

We're running on Debian 10 (which I believe is recommended for FS1.10.7) with OpenSSL 1.1.1d (the most recent available for Debian 10).

https://www.ssllabs.com/ssltest/analyze.html gives our site an 'A' rating and all its tests for TLSv1.2 pass.

I've collected .har files from Chrome DevTools' Network pane for WS, and I've collected .pcap's, for both browser versions. I don't see any error traffic, only reprompts from FS to login again.

Why would "BAD READ" occur *in FS* with a newer version of Chrome but not with an older one nor with Firefox ?

On Wed, Jan 12, 2022 at 12:52 PM David P <davidswalkabout@gmail.com (davidswalkabout@gmail.com)> wrote:

davidswalkabout at gma... · Guest

Our FS 1.10.7 logging level is set to max verbosity, but we don't see the logging done in https://github.com/signalwire/libks/blob/8af0d72d07a120140dc8b3d695089beec5950e81/src/kws.c even though we're using mod_verto.
How can we make those log stmts appear?

davidswalkabout at gma... · Guest

Although "BAD READ -1" usually indicates a cert problem, in this case it's due to using verto's speed test while using Chrome 98. Disabling the speed test disabled the #SPE messages that verto sends to FS, and FS stopped telling verto to relogin.

I have been looking for where FS supports the speed test but haven't found it in its new WebSocket library https://github.com/signalwire/libks/tree/master/src nor in https://github.com/signalwire/freeswitch/tree/master/src/mod/endpoints/mod_verto Anyone know where it is?

FWIW, my investigation is at https://github.com/signalwire/libks/issues/121

On Thu, Jan 13, 2022 at 11:05 AM David P <davidswalkabout@gmail.com (davidswalkabout@gmail.com)> wrote: