search

medooze / media-server-node

WebRTC Media Server for Node.js
MIT License
802 stars 119 forks source link

OpenSSL handshake never completes on remote domain #150

Closed benbatya closed 1 year ago

benbatya commented 4 years ago

This is related to #46

I believe that the problem is that that SSL_CTX_set_info_callback() is never called with where==SSL_CB_HANDSHAKE_DONE so DTLSConnection::SetupSRTP() is never called. This shows up in the log (line 33) where the "DTLS handshake starts" but "DTLS handshake done" is never displayed.

I'll add more info as I find it

media-server-openssl-error.log

benbatya commented 4 years ago

Oh, this happens with the media-server-demo-node in the /svc demo. Thanks!

benbatya commented 4 years ago

I pulled out the handy wireshark and it seems like the handshake never completes because the server doesn't receives the ClientKeyExchange message or the server never sends the ChangeCipherSpec message as per this article

Any ideas? More investigation is needed...

wireshark

murillo128 commented 4 years ago

that seems the ws connection not the DTLS one (note the port 8000). First check that your ws is conencting correctly (accept the self signed SSL certificates) and then check the ip address you are using on the server is the publich ip address

benbatya commented 4 years ago

I filtered out the ports to just 8000. It seems like there is eventually a New Session Ticket at packet 79 but the SSL_CB_HANDSHAKE_DONE is never received. I wonder if the multiple "Client Hello"s is playing havok with the openssl state machine??

Screenshot_20200508_145507_blurred

benbatya commented 4 years ago

The server IP has the correct ipv4 address. interestingly the ssh uses the ipv6 address...

murillo128 commented 4 years ago

DTLS is udp, you are checking the TLS connection for the websocket connection.

benbatya commented 4 years ago

So what should I be filtering for? there's no udp communication over port 8000

murillo128 commented 4 years ago

check on the browser javascript console that the websocket connection is successfully connected, if not, nothing will work.

benbatya commented 4 years ago

console looks good... :-)

ww-client-output.txt (I switched my domain name with ...)

I checked that I could connect to the wss and after switched server certs, I finally figured out that the bundled one was required for a simple wss server+client. So the websocket layer works okay, I suspect that the openssl in media-server is having problems...