OpenSSL Issue When Running Azure Speech (TTS) in GKE Container
Alan Liu
0
Reputation points
Hey folks, I'm attempting to run an API call to Azure Speech (TTS), however, I seem to be having connection issues with OpenSSL as there seem to be cert issues when I attempt to make the connection. I've followed all of the instructions in the "Installing Speech SDK" page and the "Configuring Linux for Speech" page with more details below.
The relevant snippet of logs included here:
[508749]: 5933081ms SPX_TRACE_SCOPE_EXIT: uws_web_socket.cpp:149 Open
[508749]: 5933081ms SPX_TRACE_INFO: usp_connection.cpp:762 Create requestId for messageType 0
[508749]: 5933155ms SPX_TRACE_ERROR: AZ_LOG_ERROR: tlsio_openssl.c:691 error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
[508749]: 5933155ms SPX_TRACE_ERROR: AZ_LOG_ERROR: tlsio_openssl.c:2441 FORCE-Closing tlsio instance.
[508749]: 5933155ms SPX_TRACE_SCOPE_ENTER: uws_web_socket.cpp:247 OnWebSocketOpened
[508749]: 5933155ms SPX_TRACE_ERROR: web_socket.cpp:907 WS open operation failed with result=1(WS_OPEN_ERROR_UNDERLYING_IO_OPEN_FAILED), code=2550[0x000009f6], time=2024-02-27T02:48:42.3471745Z
Setup script:
# OpenSSL 1.1.1 since 3.0 isn't supported
wget -O - https://www.openssl.org/source/openssl-1.1.1u.tar.gz | tar zxf -
cd openssl-1.1.1u
./config --prefix=/usr/local
make -j $(nproc)
make install_sw install_ssldirs
ldconfig -v
openssl version -d # Confirmed that /etc/ssl/certs contains a whole list of certs (~600 pem files), there's a ca_certs.crt in that file as well
export SSL_CERT_DIR=/etc/ssl/certs
# Additional package upgrades
apt-get update
apt-get install build-essential libssl-dev ca-certificates libasound2 wget
Since this may be OS Specific:
# cat /etc/issue
Debian GNU/Linux 12
This is running in a container in GKE in an autopilot cluster (with their Debian based custom OS)
What I've tried:
- Setting SSL_CERT_FILE to ca_certs.crt in the respective directory
- Verifying that the cert dir actually contains the list of certificates
- Disabling CRL (which doesn't seem to affect this step)
- Confirming that I can access microsoft speech endpoints from the container
- Confirming the same commit works as expected outside the container on an Ubuntu VM
Would appreciate any help to debug, thanks!
Sign in to answer