OpenSSL Issue When Running Azure Speech (TTS) in GKE Container

Alan Liu 0 Reputation points
2024-02-27T03:20:53.11+00:00

Hey folks, I'm attempting to run an API call to Azure Speech (TTS), however, I seem to be having connection issues with OpenSSL as there seem to be cert issues when I attempt to make the connection. I've followed all of the instructions in the "Installing Speech SDK" page and the "Configuring Linux for Speech" page with more details below.

The relevant snippet of logs included here:

[508749]: 5933081ms SPX_TRACE_SCOPE_EXIT:  uws_web_socket.cpp:149 Open
[508749]: 5933081ms SPX_TRACE_INFO:  usp_connection.cpp:762 Create requestId  for messageType 0
[508749]: 5933155ms SPX_TRACE_ERROR: AZ_LOG_ERROR:  tlsio_openssl.c:691 error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
[508749]: 5933155ms SPX_TRACE_ERROR: AZ_LOG_ERROR:  tlsio_openssl.c:2441 FORCE-Closing tlsio instance.
[508749]: 5933155ms SPX_TRACE_SCOPE_ENTER:  uws_web_socket.cpp:247 OnWebSocketOpened
[508749]: 5933155ms SPX_TRACE_ERROR:  web_socket.cpp:907 WS open operation failed with result=1(WS_OPEN_ERROR_UNDERLYING_IO_OPEN_FAILED), code=2550[0x000009f6], time=2024-02-27T02:48:42.3471745Z

Setup script:

# OpenSSL 1.1.1 since 3.0 isn't supported
wget -O - https://www.openssl.org/source/openssl-1.1.1u.tar.gz | tar zxf -
cd openssl-1.1.1u
./config --prefix=/usr/local
make -j $(nproc)
make install_sw install_ssldirs
ldconfig -v 
openssl version -d # Confirmed that /etc/ssl/certs contains a whole list of certs (~600 pem files), there's a ca_certs.crt in that file as well
export SSL_CERT_DIR=/etc/ssl/certs

# Additional package upgrades
apt-get update
apt-get install build-essential libssl-dev ca-certificates libasound2 wget

Since this may be OS Specific:

# cat /etc/issue
Debian GNU/Linux 12 

This is running in a container in GKE in an autopilot cluster (with their Debian based custom OS)

What I've tried:

  • Setting SSL_CERT_FILE to ca_certs.crt in the respective directory
  • Verifying that the cert dir actually contains the list of certificates
  • Disabling CRL (which doesn't seem to affect this step)
  • Confirming that I can access microsoft speech endpoints from the container
  • Confirming the same commit works as expected outside the container on an Ubuntu VM

Would appreciate any help to debug, thanks!

Azure AI Speech
Azure AI Speech
An Azure service that integrates speech processing into apps and services.
1,684 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.