- add support for OpenSSL engine and loading private keys from HSM
- for when kamailio is a TLS edge proxy and needs to use HSM
- currently we initialize the engine in worker processes as PKCS#11
libraries are not guaranteed to be fork() safe
- new config params
- engine: name the OpenSSL engine
- engine_config: an OpenSSL config format file used to bootstrap engines
- engine_algorithms: list of algorithms to delegate to the engine
- tested with Gemalto SafeNet Luna (AWS …
[View More]CloudHSM) with RSA and EC private keys
TLSv1.2 and PFS cipher suites
<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x ...'
- code is contributed under BSD for core and main components (tm, sl, auth, tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list -->
- [ ] Commit message has the format required by CONTRIBUTING guide
- [ ] Commits are split per component (core, individual modules, libs, utils, ...)
- [ ] Each component has a single commit (if not, squash them into one commit)
- [ ] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [ ] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
<!-- Describe your changes in detail -->
- add support for OpenSSL engine and loading private keys from HSM
- for when kamailio is a TLS edge proxy and needs to use HSM
- currently we initialize the engine in worker processes as PKCS#11
libraries are not guaranteed to be fork() safe
- new config params
- engine: name the OpenSSL engine
- engine_config: an OpenSSL config format file used to bootstrap engines
- engine_algorithms: list of algorithms to delegate to the engine
- tested with Gemalto SafeNet Luna (AWS CloudHSM) with RSA and EC private keys
TLSv1.2 and PFS cipher suites
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/1484
-- Commit Summary --
* tls: add support for OpenSSL engine and private keys in HSM
-- File Changes --
M src/modules/tls/tls_domain.c (178)
M src/modules/tls/tls_mod.c (91)
M src/modules/tls/tls_mod.h (9)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/1484.patchhttps://github.com/kamailio/kamailio/pull/1484.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1484
[View Less]
Currently core/flags.h defines
typedef unsigned int flag_t;
It would better to use unsigned long in order to allow more that 32 flags on 64 bit architectures.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1288
### Description
is_in_subnet function requires subnet param to be network address and fails for host address in cidr notation despite it is contained in corresponding subnet.
For example, is_in_subnet("1.2.3.2", "1.2.3.0/30") returns true
but
is_in_subnet("1.2.3.2", "1.2.3.2/30") returns false, although 1.2.3.2 is present in 1.2.3.2/30 and 1.2.3.2 is allowed IP of 1.2.3.0/30
Of course, "1.2.3.2/30" this is not actually a subnet specification and rather is IP in CIDR notation, but sometimes …
[View More]it is required to check if some IP matches specified IP with CIDR.
### Possible Solutions
It would be cool if is_in_subnet take such cases as matches. I think this should not break anything, because host IP and CIDR always define network containing specified host.
Another solution would be separate function with more relaxed behavior...
This happens on Kamailio 5.1 devel.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1250
[View Less]
<!--
Kamailio Project uses GitHub Issues only for bugs in the code or feature requests.
If you have questions about using Kamailio or related to its configuration file,
ask on sr-users mailing list:
* http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
If you have questions about developing extensions to Kamailio or its existing
C code, ask on sr-dev mailing list
* http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
Please try to fill this template as much as …
[View More]possible for any issue. It helps the
developers to troubleshoot the issue.
If you submit a feature request (or enhancement), you can delete the text of
the template and only add the description of what you would like to be added.
If there is no content to be filled in a section, the entire section can be removed.
You can delete the comments from the template sections when filling.
You can delete next line and everything above before submitting (it is a comment).
-->
### Description
Hi all,
i’m using kamailio 4.4.6 , and when I call the rpc dialog “profile_list_dlgs” , sometimes I have a segmentation fault.
Can you help me to understand why it happened ?
Thanks for your support
<!--
Explain what you did, what you expected to happen, and what actually happened.
-->
### Troubleshooting
#### Reproduction
<!--
If the issue can be reproduced, describe how it can be done.
-->
#### Debugging Data
<!--
If you got a core dump, use gdb to extract troubleshooting data - full backtrace,
local variables and the list of the code at the issue location.
gdb /path/to/kamailio /path/to/corefile
bt full
info locals
list
If you are familiar with gdb, feel free to attach more of what you consider to
be relevant.
-->
```
This is the dump:
Program terminated with signal 11, Segmentation fault.
#0 0x00007f49ee062e07 in internal_rpc_print_dlg (rpc=0x7f49ed99e9c0, c=0x7f49ed99e960, dlg=0x7f49ef89ba38, with_context=0) at dialog.c:1548
1548 if (pl->profile->has_value) {
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 libselinux-2.0.94-7.el6.x86_64 libxml2-2.7.6-21.el6_8.1.x86_64 lua-5.1.4-4.1.el6.x86_64 mysql-libs-5.1.73-7.el6.x86_64 nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64 openssl-1.0.1e-48.el6_8.3.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt full
#0 0x00007f49ee062e07 in internal_rpc_print_dlg (rpc=0x7f49ed99e9c0, c=0x7f49ed99e960, dlg=0x7f49ef89ba38, with_context=0) at dialog.c:1548
rpc_cb = {rpc = 0x3031ea0, c = 0x400}
h = 0x2d21e60
sh = 0x2d1db70
ssh = 0x2d20050
pl = 0x7f49ef18c588
var = 0x0
__FUNCTION__ = "internal_rpc_print_dlg"
#1 0x00007f49ee0637b3 in internal_rpc_profile_print_dlgs (rpc=0x7f49ed99e9c0, c=0x7f49ed99e960, profile_name=0x7fff65fcb1a0, value=0x0)
at dialog.c:1681
profile = 0x7f49ee5aca88
ph = 0x7f49eeb5b670
i = 2
#2 0x00007f49ee063e64 in rpc_profile_print_dlgs (rpc=0x7f49ed99e9c0, c=0x7f49ed99e960) at dialog.c:1785
profile_name = {s = 0x3031e80 "outbound", len = 8}
value = {s = 0x0, len = 0}
#3 0x00007f49ed78960f in jsonrpc_dispatch (msg=0x7fff65fcc5a0, s1=0x0, s2=0x0) at jsonrpc-s_mod.c:1098
rpce = 0x7f4a13212d30
ctx = 0x7f49ed99e960
ret = 0
nj = 0x3031ab0
val = {s = 0x3032030 "dlg.profile_list", len = 16}
__FUNCTION__ = "jsonrpc_dispatch"
#4 0x000000000041f75d in do_action (h=0x7fff65fcc4c0, a=0x7f4a13189e28, msg=0x7fff65fcc5a0) at action.c:1054
```
#### Log Messages
<!--
Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->
```
the result to the commands p *pl and p *pl->profile
#0 0x00007f49ee062e07 in internal_rpc_print_dlg (rpc=0x7f49ed99e9c0, c=0x7f49ed99e960, dlg=0x7f49ef89ba38, with_context=0) at dialog.c:1548
1548 if (pl->profile->has_value) {
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.192.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-57.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 libselinux-2.0.94-7.el6.x86_64 libxml2-2.7.6-21.el6_8.1.x86_64 lua-5.1.4-4.1.el6.x86_64 mysql-libs-5.1.73-7.el6.x86_64 nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64 openssl-1.0.1e-48.el6_8.3.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) p *pl
$1 = {hash_linker = {value = {s = 0x113ef180024 <Address 0x113ef180024 out of bounds>, len = -277948848}, dlg = 0x7f49ef18c5b8,
puid = "\n\000\000\000-5a9\303\305\030\357I\177\000\000S\000\000\000\060\062\060\063in_routing\000CR=6@", puid_len = 1598313555,
expires = 3977578104333875508, flags = 876097589, linker = 0x422d30263936313d, next = 0x3d50542c36343d4f, prev = 0x52542c3634303730,
hash = 1028345429}, next = 0x50542c36343d4f42, profile = 0x542c36343037303d}
(gdb) p *pl->profile
Cannot access memory at address 0x542c36343037303d
```
#### SIP Traffic
<!--
If the issue is exposed by processing specific SIP messages, grab them with ngrep or save in a pcap file, then add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->
```
(paste your sip traffic here)
```
### Possible Solutions
<!--
If you found a solution or workaround for the issue, describe it. Ideally, provide a pull request with a fix.
-->
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
(paste your output here)
```
* **Operating System**:
<!--
Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...;
Kernel details (output of `uname -a`)
-->
```
(paste your output here)
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1482
[View Less]