Just to avoid confusion. This is directly related to CentOS v6 and the version of OpenSSL it uses. I believe SNG6 is a rebranded version of CentOS 6.
Agreed. I am moving my boxes to FPBX15 / Asterisk 16 as we speak. However, is there a short term (faster way) to patch in the mean time?
Sounds like the work around is to use Firefox.
I managed to get it working again on Chrome for a generic CE6 install so it is doable. You install 1.0.2 openssl from source then create symlinks to those folders/files from the existing openssl-devel folders/files that asterisk compiles against. “/usr/include/openssl”, “/usr/lib/libcrypto.so”, “/usr/lib/libssl.so”. for 32 bit or /usr/lib64 for 64bit. I’m writing up a procedure for it.
It’s probably easy enough to use asterisk compiled from source on the distro as well but I have never tried.
This is how I updated OpenSSL and got WebRTC working again on Chrome on CentOS 6 using Asterisk v13. I am using 32bit CE6 but this should also work on 64bit.
# check that version is 1.0.1e which no longer works with WebRTC on Chrome
openssl version -a
yum group install 'Development Tools'
yum -y install perl-core zlib-devel
cd /usr/local/src/
# openssl v1.0.2k is the version that CentOS 7 uses
wget https://www.openssl.org/source/openssl-1.0.2k.tar.gz
tar -xf openssl-1.0.2k.tar.gz
cd openssl-1.0.2k
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
make && make test && make install
# add the shared library location to ld.so.conf.d so that ldconfig finds it
cd /etc/ld.so.conf.d/
nano openssl-1.0.2k.conf
# contents of openssl-1.0.2k.conf
/usr/local/ssl/lib
# create the necessary links to the shared library
ldconfig -v
# Verify the output shows a link to:
# /usr/local/ssl/lib/libssl.so.1.0.0 and
# /usr/local/ssl/lib/libcrypto.so.1.0.0
# create symlinks to the new version of openssl
# for 64 bit CentOS use /usr/lib64
mv /usr/lib/libcrypto.so /usr/lib/libcrypto.so.bak
ln -s /usr/local/ssl/lib/libcrypto.so /usr/lib/
mv /usr/lib/libssl.so /usr/lib/libssl.so.bak
ln -s /usr/local/ssl/lib/libssl.so /usr/lib/
mv /usr/bin/openssl /usr/bin/openssl.bak
ln -s /usr/local/ssl/bin/openssl /usr/bin/
mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/ssl/include/openssl /usr/include/
# check that the version is now 1.0.2k
openssl version -a
# Compile or re-compile asterisk as you normally would
I verified that SysAdmin > HTTPS Setup also still works
hi,
were you able to make it work with asterisk 11?
I’m also trying to get it to work with asterisk 11, but if I recompile it with openssl1.2, it somehow breaks the ICE and starts giving ice-ufrag errors.
hi,
are you able to use webrtc with asterisk 11 and chrome 87+?
I took the advice and just upgraded to FreePBX 15, which has Asterisk 16. Asterisk 13 is EOL anyway, so it was the right call.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.