WebRTC stopped working after Chrome update


(Sam Shomi) #21

Just to avoid confusion. This is directly related to CentOS v6 and the version of OpenSSL it uses. I believe SNG6 is a rebranded version of CentOS 6.


(Lucas Ryan) #22

Agreed. I am moving my boxes to FPBX15 / Asterisk 16 as we speak. However, is there a short term (faster way) to patch in the mean time?


(Lorne Gaetz) #23

Sounds like the work around is to use Firefox.


(Sam Shomi) #24

I managed to get it working again on Chrome for a generic CE6 install so it is doable. You install 1.0.2 openssl from source then create symlinks to those folders/files from the exising openssl-devel folders/files that asterisk compiles against. “/usr/include/openssl”, “/usr/lib/libcrypto.so”, “/usr/lib/libssl.so”. for 32 bit or /usr/lib64 for 64bit. I’m writing up a procedure for it.

It’s probably easy enough to use asterisk compiled from source on the distro as well but I have never tried.


(Sam Shomi) #25

This is how I updated OpenSSL and got WebRTC working again on Chrome on CentOS 6. I am using 32bit CE6 but this should also work on 64bit.

# check that version is 1.0.1e which no longer works with WebRTC on Chrome
openssl version -a

yum group install 'Development Tools'
yum -y install perl-core zlib-devel

cd /usr/local/src/
# openssl v1.0.2k is the version that CentOS 7 uses
wget https://www.openssl.org/source/openssl-1.0.2k.tar.gz
tar -xf openssl-1.0.2k.tar.gz
cd openssl-1.0.2k
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
make && make test && make install

# add the shared library location to ld.so.conf.d so that ldconfig finds it
cd /etc/ld.so.conf.d/
nano openssl-1.0.2k.conf

# contents of openssl-1.0.2k.conf
/usr/local/ssl/lib

# create the necessary links to the shared library
ldconfig -v
# Verify the output shows a link to:
# /usr/local/ssl/lib/libssl.so.1.0.0 and
# /usr/local/ssl/lib/libcrypto.so.1.0.0

# create symlinks to the new version of openssl
# for 64 bit CentOS use /usr/lib64

mv /usr/lib/libcrypto.so /usr/lib/libcrypto.so.bak
ln -s /usr/local/ssl/lib/libcrypto.so /usr/lib/

mv /usr/lib/libssl.so /usr/lib/libssl.so.bak
ln -s /usr/local/ssl/lib/libssl.so /usr/lib/

mv /usr/bin/openssl /usr/bin/openssl.bak
ln -s /usr/local/ssl/bin/openssl /usr/bin/

mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/ssl/include/openssl /usr/include/

# check that the version is now 1.0.2k
openssl version -a

# Compile or re-compile asterisk as you normally would

I verified that SysAdmin > HTTPS Setup also still works


(Ngxperts ngxperts) #26

hi,
were you able to make it work with asterisk 11?
I’m also trying to get it to work with asterisk 11, but if I recompile it with openssl1.2, it somehow breaks the ICE and starts giving ice-ufrag errors.