Asterisk sslv3警报握手失败

时间:2016-08-24 06:40:21

标签: google-chrome openssl ubuntu-14.04 asterisk sipml

我正在使用Ubuntu v14.04.3 LTS和Asterisk 13.3.2。当我尝试从sipml5客户端调用我的扩展程序来播放demo-congrats音频时,我的呼叫立即断开连接。当我检查星号日志时,我收到以下错误:

[2016-08-24 06:07:49] ERROR[31730][C-0000000c]: res_rtp_asterisk.c:2042 __rtp_recvfrom: DTLS failure occurred on RTP instance '0x7f547c013c68' due to reason 'sslv3 alert handshake failure', terminating
[2016-08-24 06:07:49] WARNING[31730][C-0000000c]: res_rtp_asterisk.c:3911 ast_rtcp_read: RTCP Read error: Unspecified.  Hanging up.
[2016-08-24 06:07:49] WARNING[31730][C-0000000c]: app_playback.c:493 playback_exec: Playback failed on SIP/104600-00000007 for /var/www/html/fetch_prompt
[2016-08-24 06:07:49] ERROR[31730][C-0000000c]: utils.c:1402 ast_carefulwrite: write() returned error: Broken pipe

我也在使用Chrome v54。

我认为这个错误与openssl有关,但是还没有得到正确和完整的答案来解决这个问题。有没有人知道如何解决这个问题?

1 个答案:

答案 0 :(得分:2)

通过升级openssl解决了这个问题。 使用以下命令在Ubuntu 14中升级openssl

# echo 'deb http://us.archive.ubuntu.com/ubuntu/ xenial main restricted universe multiverse' > /etc/apt/sources.list.d/xenial.list
# aptitude update
# aptitude install -y openssl libssl-dev
# rm /etc/apt/sources.list.d/xenial.list
# aptitude update

使用以下命令检查openssl版本

# ldd /usr/sbin/asterisk  | grep libssl
libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f33ce117000)

# strings /lib/x86_64-linux-gnu/libssl.so.1.0.0 | grep 1.0.2
OPENSSL_1.0.2
OPENSSL_1.0.2g
SSLv3 part of OpenSSL 1.0.2g-fips  1 Mar 2016
TLSv1 part of OpenSSL 1.0.2g-fips  1 Mar 2016
DTLSv1 part of OpenSSL 1.0.2g-fips  1 Mar 2016
OpenSSL 1.0.2g-fips  1 Mar 2016

# openssl version
OpenSSL 1.0.2g-fips  1 Mar 2016

此后删除所有现有的星号键并再次重新创建密钥

# rm /etc/asterisk/keys/*
# cd /usr/src/astersik*/contrb/scripts
# sudo ./ast_tls_cert -C pbx.mycompany.com -O "My Super Company" -d /etc/asterisk/keys
# asterisk -rx "reload"

Source