search

Azure-Samples / cognitive-services-speech-sdk

Sample code for the Microsoft Cognitive Services Speech SDK
MIT License
2.94k stars 1.86k forks source link

Connection failed #485

Closed 123Jun321 closed 4 years ago

123Jun321 commented 4 years ago

hi all,

we have a program using C++ deployed the on CentOs 7.2 and we met the error: CANCELED: ErrorCode=5 CANCELED: ErrorDetails=Connection failed (no connection to the remote host). Internal error: 1. Error details: 2460. Please check network connection, firewall setting, and the region name used to create speech factory. SessionId: c0230e7c41884cc0a043d753e86aeb40

OS:centos 7.2 Linux version 3.10.0-327.28.3.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) )

123Jun321 commented 4 years ago

there was the detail log:logfile.log

and it seems that an error about certificate verification. We noticed that the c++ SDK didn't support CentOs and we wonder whether the error related this. We also installed libssl.

123Jun321 commented 4 years ago

is there anyone looking at this?

jhakulin commented 4 years ago

Thanks for the feedback.

What is the Speech SDK version you are using ?

Your problem seems to be related to OpenSSL certificates.

Could you try with the latest 1.9.0 version and ensure your OpenSSL certificates are located as described in the following documentation: https://docs.microsoft.com/en-us/azure/cognitive-services/speech-service/how-to-configure-openssl-linux

123Jun321 commented 4 years ago

hi jhakulin,

thanks for your reply, we tried this and it didn't work. we didn't find there was any certificate in the directory. Should we upload the CA certificate first?

jhakulin commented 4 years ago

Lets clarify more: Do you have openssl installed in the system ? Let me know what is your openssl install dir by doing command "openssl version -d" ? Do you find "certs" directory under that directory ? Does that have certificates in it?

123Jun321 commented 4 years ago

hi jhakulin,

we tried this but it didn't work. the below is steps what we try:

  1. [root@localhost text-to-speech]# openssl version -a
OpenSSL 1.1.1b  26 Feb 2019
built on: Wed Jan 22 02:12:58 2020 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG
OPENSSLDIR: "/etc/ssl"
ENGINESDIR: "/usr/sslnew/lib/engines-1.1"
Seeding source: os-specific

2.we installed OpenSSL by manual, and the certs directory was empty after installing openssl. We uploaded the cert.pem file in there. And the openssl seemed fine:

[root@localhost text-to-speech]# openssl s_client -connect chinaeast2.stt.speech.azure.cn:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = CN, ST = Shanghai, L = Shanghai, O = Shanghai Blue Cloud Technology Co. Ltd, CN = stt.speech.azure.cn
verify return:1
---
Certificate chain
 0 s:C = CN, ST = Shanghai, L = Shanghai, O = Shanghai Blue Cloud Technology Co. Ltd, CN = stt.speech.azure.cn
   i:C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
 1 s:C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGgjCCBWqgAwIBAgIQD4ZqAEEJobG5UoNmQPLYtTANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTkxMjA0MDAwMDAwWhcN
MjAxMjA0MTIwMDAwWjCBgjELMAkGA1UEBhMCQ04xETAPBgNVBAgTCFNoYW5naGFp
MREwDwYDVQQHEwhTaGFuZ2hhaTEvMC0GA1UEChMmU2hhbmdoYWkgQmx1ZSBDbG91
ZCBUZWNobm9sb2d5IENvLiBMdGQxHDAaBgNVBAMTE3N0dC5zcGVlY2guYXp1cmUu
Y24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsYbH9qRkIk7TVC5dL
U+B23bdBZSexlbKhrDTcVsy7KbRHaSVL74X69Jk3ua5UgLaU8krVXymtmTmzNnAy
2VN9157WyeBB6OqRd6IDoT2cAk5mKuPL/NZ4yV1agKhYF5SGEYRUhnFfA+LoamhO
qIj6VyqVNs8qCg3GbElTZePS6U+eFem02Wd76EOFp7/aHZqmYB/RQER31mLLmdR2
6ypUTlH9/dJsRLFc1X+DB82sVaD+GNn+kUzUpKrEUUNlDXdrRh1OgF9aBdZshiNL
sWW0Elrc6W/kKDDldifXjqBJHPWQNzJzkBKofZQoxtE2lGUjuPGjz8kNvYIS5cN2
D4EhAgMBAAGjggMmMIIDIjAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ
4jAdBgNVHQ4EFgQUrJW0snhac99Xy4dqbaghYXb4TdIwYQYDVR0RBFowWIIVKi5z
MnMuc3BlZWNoLmF6dXJlLmNughUqLnN0dC5zcGVlY2guYXp1cmUuY26CE3Mycy5z
cGVlY2guYXp1cmUuY26CE3N0dC5zcGVlY2guYXp1cmUuY24wDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+g
LaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAv
oC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmww
TAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93
d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKG
Omh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVT
ZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAQUGCisGAQQB1nkCBAIEgfYEgfMA
8QB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABbtLMwOwAAAQD
AEcwRQIgbIh1+KQs3j/kmhaLi5YscBtXtIBs0Z9CEN5DtUcQE/8CIQD3+aU0IC6v
hD9GY4zEG4WInYjJsQ6RTIQYGwGB8OtD7wB3AF6nc/nfVsDntTZIfdBJ4DJ6kZoM
hKESEoQYdZaBcUVYAAABbtLMwIQAAAQDAEgwRgIhALfxW8LguB436gpTbQJ/vYQD
OpzkKbMRIlXp3JC7dtPyAiEA6ubBoR+rI4hI5GZWpjXfRYzLLkKUJ7Y3AKZdkd8y
qgEwDQYJKoZIhvcNAQELBQADggEBAF4ayTwMhRHYdiITN7HbPL+9xYB60nfOgX26
wWsMdgs75dAQQSNHD5ykos1TUGR+Bq7v1eHakTkOHzuRud07fvo5G/r8hDfl+8gS
GopUqhlFdKorNkuWimsB43i69y22tYFv7aM154FutKXGVtxsmmWTBsGbx8GJDtst
BOkd68zdmvMCWdPPo0ulA9EkxoqlnhbCmHhidHp6lsw7J6mPWeU0Aile9LHRNXUm
l9u4hSSGMciBrcObYZWFic4EWbuL6lT9W3YkLshXbuqAT4azHnB10wnJcKl+oRC9
P8W+DUNU/WRPtqolVw3BHiScuA+L8WGedRJ6vNs6ioX4YL6wvaU=
-----END CERTIFICATE-----
subject=C = CN, ST = Shanghai, L = Shanghai, O = Shanghai Blue Cloud Technology Co. Ltd, CN = stt.speech.azure.cn

issuer=C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3474 bytes and written 425 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: CBB95364A3FCADAB4AA0E46C4C839D784AA9D52743CC90D1879212BD7EBE6302
    Session-ID-ctx: 
    Master-Key: 4961E708A014E0F34E156DAD66CC4207E50CA8B34392D031B4900CC6FA904F3D33FC8C209ABBBD022B6662BA8CCE9B42
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - d8 05 8c d9 c7 62 55 94-17 d8 ee 5e 02 1c b5 30   .....bU....^...0
    0010 - 50 1f 0e b1 e2 15 c0 ff-2a 01 f2 51 3f cc 59 3d   P.......*..Q?.Y=
    0020 - 77 f5 d7 2f 04 45 f7 b6-1a f5 2b 5e d6 e4 08 df   w../.E....+^....
    0030 - cc 1a 5c 3b 3a 15 7e d1-f5 62 04 9c fc 4e 9b 33   ..\;:.~..b...N.3
    0040 - 02 bd 26 25 68 e2 80 52-0f 13 65 07 21 21 9f 65   ..&%h..R..e.!!.e
    0050 - 24 f4 01 f1 d8 6c b3 62-67 fd 2d 65 52 02 a0 f5   $....l.bg.-eR...
    0060 - e4 cb d9 5f a5 c5 5b 96-d7 8c c8 10 85 db bd d4   ..._..[.........
    0070 - d5 e5 ad 03 69 ea 49 64-c8 cf 8f f9 f3 cd 21 ed   ....i.Id......!.
    0080 - db 1b f7 0e d9 8a 0b 95-9c 6d bd 5e 3d d7 45 f0   .........m.^=.E.
    0090 - 0b 36 8b 8a ba 94 7e 87-24 92 02 64 6c 2c 04 f7   .6....~.$..dl,..

    Start Time: 1579679967
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
read:errno=0
  1. we copied the certs directory to the /usr/lib/ssl/ 
    
[guanjun@localhost certs]$ ls
baidu-com.pem  ca-bundle.trust.crt  make-dummy-cert  renew-dummy-cert
ca-bundle.crt  cert.pem             Makefile


but when we ran ./helloworld, it ran failed again.
this was our new log:[logfile.log](https://github.com/Azure-Samples/cognitive-services-speech-sdk/files/4095914/logfile.log)
jhakulin commented 4 years ago

Apologies for the issues, based on your log certificate verification still fails. We need to do more checking what goes wrong.

Could you install openssl in your system using "sudo apt-get install libssl-dev" ? And then locate certs directory from that installation and copy the content of it to /usr/lib/ssl/certs ?

In 1.9.0 openssl is statically integrated and requires valid certs are included into /usr/lib/ssl/certs directory.

jhakulin commented 4 years ago

@123jun321 Looking the certificates required by the endpoint you are using: chinaeast2.stt.speech.azure.cn/speech/recognition/conversation/cognitiveservices/v1?language=en-US You need to have DigiCert_Global_Root_CA.pem in your certificate store at least. In Ubuntu you should get that using apt get install libssl-dev, not sure if CentOS works the same.

CentOS is not currently in the officially supported Linux versions list https://docs.microsoft.com/en-us/azure/cognitive-services/speech-service/speech-sdk

We are working on to make support for that OS version in the future.

123Jun321 commented 4 years ago

Hi jhakulim,

thanks for your reply, we have installed libssl-dev, and our OS is CentOs. we can run OpenSSL s_client to connect chinaeast2.stt.speech.azure.cn:443, and we moved the cert.pem certificate to /usr/lib/ssl/certs and the cert file contains the DigiCert_Global_Root_CA.pem. Shoud there be the DigiCert_Global_Root_CA.pem in the usr/lib/ssl/certs?

jhakulin commented 4 years ago

Based on the log there is an error:1416F086 and based on https://stackoverflow.com/questions/49308744/telegram-bot-ssl-error-ssl-error-error1416f086ssl-routinestls-process-serve You may have issue that your certificate chain is not complete. Could you copy/link all certs to /usr/lib/ssl/certs from the libssl-dev installation?

jhakulin commented 4 years ago

@123Jun321 Did you find out the issue ?

123Jun321 commented 4 years ago

hi jhakulin,

we tried this, but it didn't work either.

123Jun321 commented 4 years ago

Hi jhakulin,

we tried to run the sample on Unbuntu 18.04, and it seems that we met the error again.

there is more error detail in the log, could you have a look?

logfile-unbuntu.log

jhakulin commented 4 years ago

Thanks, we are seeing the issue also and are investigating.

jhakulin commented 4 years ago

@123Jun321 We are going to fix this issue in 1.10.0 release by the end of Feb. Thanks for reporting the issue, we are closing the ticket.

Cppowboy commented 4 years ago

Thanks for the feedback.

What is the Speech SDK version you are using ?

Your problem seems to be related to OpenSSL certificates.

Could you try with the latest 1.9.0 version and ensure your OpenSSL certificates are located as described in the following documentation: https://docs.microsoft.com/en-us/azure/cognitive-services/speech-service/how-to-configure-openssl-linux

This worked for me.

LucasRotsen commented 4 years ago

Hello everyone! I'm still experiencing the same problem in SDK version 1.13.0 (same error code and error details). I've already tried to configure openssl as described in https://docs.microsoft.com/en-us/azure/cognitive-services/speech-service/how-to-configure-openssl-linux but no success. How should I proceed?

Application details: CancellationDetails(reason=CancellationReason.Error, error_details="Connection failed (no connection to the remote host). Internal error: 1. Error details: 2460. Please check network connection, firewall setting, and the region name used to create speech factory. SessionId: 8eb7a11595634835986e4d50a330f5a4")

Environment details: x86_64 GNU/Linux - Fedora 29 (Workstation Edition) - Python 3.7.5