We have been running sipjs uac and with FreePBX
after a system update, calls hang up right after agents answer the calls.
(Same behaviour using sipML5 demo)
connection via Wss 8089 is OK.
When call hangs up , the browser console log shows :
Failed to execute ‘setRemoteDescription’ on ‘RTCPeerConnection’: Failed to parse SessionDescription. a=fingerprint:SHA-256 Failed to create fingerprint from the digest.
The certificate is generated via the freepbx module
Endpoints config :
Enable AVPF – Yes
Enable ICE Support – Yes
Media Encryption – DTLS-SRTP
Direct Media – No
Enable DTLS – Yes
Auto Generate Certificate – No
Use Certificate – MyCertificate
DTLS Verify – Fingerprint
DTLS Setup – Act/Pass
rtcp Mux is enabled
ALL endpoints are pjsip , pjsip is the only driver.
After a fresh reinstall i am having the same problem. (Centos 7 , FreePBX 16.0.21.9, on a DigitalOcean Droplet).
Freepbx does not export dtls parameters to the endpoint (pjsip.endpoint).
as previously described, Media Encryption is set to DTLS-SRTP, DTLS is also enabled.
still these variables are not exported.
40 => “dtls_verify=fingerprint”
41 => “dtls_setup=actpass”
42 => “dtls_rekey=0”
43 => “dtls_cert_file=/etc/asterisk/keys/XXXX.crt”
44 => “dtls_private_key=/etc/asterisk/keys/XXXX.key”
45 => “language=fr”
I debugged some of admin scripts , Certman.class.php is getting the data correctly , setting the PJSIP class _endpoint array attribute throught dialplanHooks, but later it gets cleared right before Languages class is editing the attribute(_endpoint).
The variable ends up containing only only language parameter , which explain why PJSIP Hook genConfig doesnt export the dtls variables.
I checked your issue , i do still run a working version of fpbx, and i noticed that tlscipher does not exist on both servers.(are you talking about /etc/asterisk/http_additional.conf ? )
I ended up developing a webservice to generate endpoints config directly on conf files.
This is actually a major bug.
My bad server is missing tlscipher from that file as well as the dtls fields in pjsip.extensions.conf. I can fix them manually but when applying changes or force updating a certificate, they’re removed again.
I don’t know where tlscipher gets written. I never wrote it myself on the original server. I’m thinking certman writes that, but I can’t find it in the source code. The only reference I found was in sip_to_pjsip.py but I don’t use ChanSIP at all.
I got this problem too. After research, I found the problem are come from PHP7.4 build Aug 1. They loss dtls config from endpoint certman class when core class generating. I have similar FreePBX with PHP7.4 early build. They are working fine. My solution is hardcode to the PJSIP module for dtls configurations for hot fix.
The issue is resolved. Looks like prinextension module is causing it.
You can temporarily disable the module until the printextensions v16.0.8 version is pushed