zhqiyi / webrtc2sip

Automatically exported from code.google.com/p/webrtc2sip
0 stars 0 forks source link

webrtc2sip certificate issues #173

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

1.Asterisk 11.6-cert9 installed through below reference:
http://www.voip-info.org/wiki/view/Asterisk+11+Installation+on+CentOS+6

2. Webrtc2sip and related items installed through below guide:
http://webrtc2sip.org/technical-guide-1.0.pdf
installed only audio codec and mandatory software (Doubango, libsrtp, openssl, 
libspeex, libspeexdsp, opencore-amr, libopus, libgsm, iLBC and webrtc2sip)

3.Certificates created using through below references:
http://codeghar.wordpress.com/2013/04/16/create-private-certificate-authority-on
-linux/
http://codeghar.wordpress.com/2013/04/16/generate-certificate-signing-request-on
-linux/
http://codeghar.wordpress.com/2013/04/16/use-private-certificate-authority-to-si
gn-certificate-signing-request-on-linux/

What is the expected output? What do you see instead?
Expected successful execution of webrtc2sip process and audio calls between 
webphone and linphone. However below error is printed in webrtc2sip logs:

***ERROR: function: "tnet_transport_tls_set_certs()"
file: "src/tnet_transport.c"
line: "250"
MSG: SSL_CTX_use_certificate_file failed [0,error:20074002:BIO 
routines:FILE_CTRL:system lib]

What version of the product are you using? On what operating system?
Asterisk 11.6-cert9 (same issue on latest 11.15 version also)
CentOS 6.4 or 6.6
Remaining all are software are latest releases

config.xml is given below:

<config>

  <debug-level>INFO</debug-level>

  <transport>udp;*;10060</transport>
  <transport>ws;*;10060</transport>
  <transport>wss;*;10062</transport>
  <!--transport>tcp;*;10063</transport-->
  <!--transport>tls;*;10064</transport-->

  <enable-rtp-symetric>yes</enable-rtp-symetric>
  <enable-100rel>no</enable-100rel>
  <enable-media-coder>no</enable-media-coder>
  <enable-videojb>yes</enable-videojb>
  <video-size-pref>vga</video-size-pref>
  <rtp-buffsize>65535</rtp-buffsize>
  <avpf-tail-length>100;400</avpf-tail-length>
  <srtp-mode>optional</srtp-mode>
  <srtp-type>sdes;dtls</srtp-type>
  <dtmf-type>rfc4733</dtmf-type>

  <codecs>opus;pcma;pcmu;gsm;vp8;h264-bp;h264-mp;h263;h263+</codecs>
  <codec-opus-maxrates>48000;48000</codec-opus-maxrates>

  <stun-server>stun.l.google.com;19302;stun-user@doubango.org;stun-password</stun-server>
  <enable-icestun>yes</enable-icestun>

  <max-fds>-1</max-fds>

  <!--nameserver>66.66.66.6</nameserver-->

  <ssl-certificates>
    /home/user/mycert/private/key.csr.server1.pem;;
    /home/user/myca/certs/crt.server1.pem;
    *;
    no
  </ssl-certificates>

  <!-- ***CLICK-TO-CALL SERVICE*** -->

  <transport>c2c;*;10070</transport>
  <transport>c2cs;*;10072</transport>
  <database>sqlite;*</database>
  <!--account-mail>smtps;*;*;auth.smtp.1and1.fr;465;noreply@example.com;noreply@example.com;mysecret</account-mail-->
  <!--account-sip-caller>*;sip:a@example.com;a;example.com;mysecret</account-sip-caller-->

</config>

And webrtc2sip logs are below:

[root@cdhnode002 sbin]# ./webrtc2sip --config=config.xml
*******************************************************************
Copyright (C) 2012-2015 Doubango Telecom <http://www.doubango.org>
PRODUCT: webrtc2sip
HOME PAGE: http://webrtc2sip.org
LICENCE: GPLv3 or proprietary
VERSION: 2.6.0
'quit' to quit the application.
*******************************************************************

SSL is enabled :)
DTLS supported: yes
DTLS-SRTP supported: yes
*INFO: transport = udp://*:10060
*INFO: transport = ws://*:10060
*INFO: transport = wss://*:10062
*INFO: enable-rtp-symetric = yes
*INFO: enable-100rel = no
*INFO: enable-media-coder = no
*INFO: enable-videojb = yes
*INFO: video-size-pref = vga
*INFO: rtp-buffsize = 65535
*INFO: avpf-tail-length = [100-400]
*INFO: srtp-mode = optional
*INFO: srtp-type = sdes;dtls
*INFO: dtmf-type = rfc4733
*INFO: codecs = opus;pcma;pcmu;gsm;vp8;h264-bp;h264-mp;h263;h263+
*INFO: UnRegister codec: PCMA, G.711a codec (native)
*INFO: UnRegister codec: PCMU, G.711u codec (native)
*INFO: UnRegister codec: GSM, GSM Full Rate (libgsm)
*INFO: 'vp8' codec enabled but not supported
*INFO: 'h264-bp' codec enabled but not supported
*INFO: 'h264-mp' codec enabled but not supported
*INFO: 'h263' codec enabled but not supported
*INFO: 'h263+' codec enabled but not supported
*INFO: codec-opus-maxrates = 48000;48000
*INFO: stun-server = stun.l.google.com;19302;-;-
*INFO: enable-icestun = yes
*INFO: max-fds = -1
*INFO: ssl-certificates =
/home/user/mycert/private/key.csr.server1.pem;
/home/user/myca/certs/crt.server1.pem;
*;
no
*INFO: transport = c2c://*:10070
*INFO: transport = c2cs://*:10072
*INFO: database = sqlite;*
*INFO: sqlite3_threadsafe = 1
*INFO: Database opened = TRUE
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=8, pipeW=9
*INFO: Socket added[TCP/IPv4 transport]: fd=8, tail.count=1
*INFO: master fd=3
*INFO: Socket added[TCP/IPv4 transport]: fd=3, tail.count=2
*INFO: Transport::run(TCP/IPv4 transport) - enter
*INFO: Starting [TCP/IPv4 transport] server with IP {0.0.0.0} on port {10070} 
using fd {3} with type {9}...
***ERROR: function: "tnet_transport_tls_set_certs()"
file: "src/tnet_transport.c"
line: "250"
MSG: SSL_CTX_use_certificate_file failed [0,error:02001002:system 
library:fopen:No such file or directory]
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=10, pipeW=11
*INFO: Socket added[TLS/IPv4 transport]: fd=10, tail.count=1
*INFO: master fd=4
*INFO: Socket added[TLS/IPv4 transport]: fd=4, tail.count=2
*INFO: Stack running in SERVER mode
*INFO: Transport::run(TLS/IPv4 transport) - enter
*INFO: tsk_timer_manager_start
*INFO: Starting [TLS/IPv4 transport] server with IP {0.0.0.0} on port {10072} 
using fd {4} with type {17}...
*INFO: Timer manager run()::enter
*INFO: TIMER MANAGER -- START
*INFO: SIP STACK::run -- START
***ERROR: function: "tnet_transport_tls_set_certs()"
file: "src/tnet_transport.c"
line: "250"
MSG: SSL_CTX_use_certificate_file failed [0,error:20074002:BIO 
routines:FILE_CTRL:system lib]
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=15, pipeW=16
*INFO: Socket added[SIP transport]: fd=15, tail.count=1
*INFO: master fd=12
*INFO: Socket added[SIP transport]: fd=12, tail.count=2
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=17, pipeW=18
*INFO: Socket added[SIP transport]: fd=17, tail.count=1
*INFO: master fd=13
*INFO: Socket added[SIP transport]: fd=13, tail.count=2
*INFO: Transport::run(SIP transport) - enter
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=19, pipeW=20
*INFO: Socket added[SIP transport]: fd=19, tail.count=1
*INFO: master fd=14
*INFO: Transport::run(SIP transport) - enter
*INFO: Socket added[SIP transport]: fd=14, tail.count=2
*INFO: Starting [SIP transport] server with IP {10.0.17.89} on port {10060} 
using fd {12} with type {2}...
*INFO: Transport::run(SIP transport) - enter
*INFO: Starting [SIP transport] server with IP {10.0.17.89} on port {10060} 
using fd {13} with type {64}...
*INFO: SIP STACK -- START
*INFO: Starting [SIP transport] server with IP {10.0.17.89} on port {10062} 
using fd {14} with type {128}...

Please let me know the resolution steps, I have checked so many scenarios that 
I am facing certificate related issues always in webrtc2sip. Is there any way, 
I can do this task without use of certificates.

Thanks and Regards
Vinod Pandey

Original issue reported on code.google.com by pandey.g...@gmail.com on 9 Jan 2015 at 7:05

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Sorry I made some mistake in certificate path and corrected now. After 
correction everything is working as expected.

Please closed this defect as invalid.

Thanks and Regards
Vinod Pandey

Original comment by pandey.g...@gmail.com on 9 Jan 2015 at 10:20