sr-dev January 2024

sr-dev@lists.kamailio.org

19 participants
311 discussions

git:5.7:07afe1b5: tls_wolfssl: clang-format

by S-P Chan

Module: kamailio Branch: 5.7 Commit: 07afe1b520961de0e5271f0921742d1465fa55e9 URL: https://github.com/kamailio/kamailio/commit/07afe1b520961de0e5271f0921742d1… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-01-31T05:41:18+08:00 tls_wolfssl: clang-format (cherry-pick from 0f963a7a1e2aca28611c2238f4c29180a0acd320) --- Modified: src/modules/tls_wolfssl/tls_domain.c Modified: src/modules/tls_wolfssl/tls_rpc.c Modified: src/modules/tls_wolfssl/tls_select.c Modified: src/modules/tls_wolfssl/tls_server.c Modified: src/modules/tls_wolfssl/tls_util.h --- Diff: https://github.com/kamailio/kamailio/commit/07afe1b520961de0e5271f0921742d1… Patch: https://github.com/kamailio/kamailio/commit/07afe1b520961de0e5271f0921742d1…

9 months, 4 weeks

[kamailio/kamailio] db_mysql: built with mariadb-connector-c does not use TLS (Issue #3735)

by space88man

### Description Applies to `db_mysql` built with mariadb-connector-c; TLS is not working Option 1: configure mariadb server to use TLS (optional) Option 2: configure mariadb server to use TLS (mandatory) ### Troubleshooting 1. wireshark inspect the pcap dump of traffic to :3306 and look for ClientHello 2. gdb main kamailio process and set breakpoint at `SSL_new` #### Reproduction 1. Option 1: server advertises SSL, but db_mysql will always choose plain 3. Option 2: server advertises SSL(and requires SSL), connection will fail ### Additional Information #### Kamailio version * master -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3735 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3735(a)github.com>

9 months, 4 weeks

git:master:1e87f96a: tls_wolfssl: un-break jammy using libwolfssl32

by S-P Chan

Module: kamailio Branch: master Commit: 1e87f96ad3a85b35935f14db36626036469cb6b0 URL: https://github.com/kamailio/kamailio/commit/1e87f96ad3a85b35935f14db3662603… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-01-30T22:25:01+08:00 tls_wolfssl: un-break jammy using libwolfssl32 --- Modified: src/modules/tls_wolfssl/tls_domain.c --- Diff: https://github.com/kamailio/kamailio/commit/1e87f96ad3a85b35935f14db3662603… Patch: https://github.com/kamailio/kamailio/commit/1e87f96ad3a85b35935f14db3662603… --- diff --git a/src/modules/tls_wolfssl/tls_domain.c b/src/modules/tls_wolfssl/tls_domain.c index 5d573b46274..aae5c01c6cd 100644 --- a/src/modules/tls_wolfssl/tls_domain.c +++ b/src/modules/tls_wolfssl/tls_domain.c @@ -728,8 +728,8 @@ static int set_ssl_options(tls_domain_t *d) { long options; - options = WOLFSSL_OP_ALL; /* all the bug workarounds by default */ - options |= WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + options = SSL_OP_ALL; /* all the bug workarounds by default */ + options |= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | WOLFSSL_OP_CIPHER_SERVER_PREFERENCE; do {

9 months, 4 weeks

git:master:dad7c857: modules: readme files regenerated - db_mysql ... [skip ci]

by Kamailio Dev

Module: kamailio Branch: master Commit: dad7c857eaab613deed27ab687ddd0b1fdf8001b URL: https://github.com/kamailio/kamailio/commit/dad7c857eaab613deed27ab687ddd0b… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2024-01-30T14:32:10+01:00 modules: readme files regenerated - db_mysql ... [skip ci] --- Modified: src/modules/db_mysql/README --- Diff: https://github.com/kamailio/kamailio/commit/dad7c857eaab613deed27ab687ddd0b… Patch: https://github.com/kamailio/kamailio/commit/dad7c857eaab613deed27ab687ddd0b… --- diff --git a/src/modules/db_mysql/README b/src/modules/db_mysql/README index 8d9f526cbe1..8e135cdcbf2 100644 --- a/src/modules/db_mysql/README +++ b/src/modules/db_mysql/README @@ -94,7 +94,9 @@ Chapter 1. Admin Guide The following libraries or applications must be installed before running Kamailio with this module loaded: * mysql - the development libraries for the MySQL database. In some - Linux distributions named "libmysqlclient-dev". + Linux distributions named "libmysqlclient-dev". MariaDB - the + development libraries for the MariaDB database. In some Linux + distributions named "libmariadbclient-dev". 3. Parameters @@ -199,8 +201,9 @@ modparam("db_mysql", "update_affected_found", 1) SSL_MODE_DISABLED, any other value is passed to the mysql_options(), not checking if it is defined. - Note: this option is supported only by libmysqlclient, not by - libmariadbclient. + MariaDB client configuration uses the following values: 0, 1 use plain, + 2/3/4 for MYSQL_OPT_SSL_ENFORCE, 5 for MYSQL_OPT_SSL_VERIFY_SERVER_CERT + (see MariaDB Connector/C documentation) Other values are ignored. Default value is 0 (0 - off).

9 months, 4 weeks

[kamailio/kamailio] db_mysql: enable TLS when building with mariadb-connector-c (PR #3734)

by space88man

#### Pre-Submission Checklist - [X] Commit message has the format required by CONTRIBUTING guide - [X] Commits are split per component (core, individual modules, libs, utils, ...) - [X] Each component has a single commit (if not, squash them into one commit) - [X] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [X] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist: - [X] PR should be backported to stable branches - [X] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description When db_mysql is built with mariadb-connector-c it does not use TLS and fails if the server requires TLS. It seems to be related to the fact that the MYSQL object needs to have a minimal non-NULL configuration (unlike MySQL Connector/C). This is a minimal setting to allow TLS. A more full-featured solution would be to enable db_mysql to read from an external configuration file. @linuxmaniac, kindly take a look You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3734 -- Commit Summary -- * db_mysql: enable TLS when building with mariadb-connector-c -- File Changes -- M src/modules/db_mysql/km_my_con.c (9) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3734.patch https://github.com/kamailio/kamailio/pull/3734.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3734 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3734(a)github.com>

9 months, 4 weeks

git:master:2bcc32a1: db_mysql: update docs for MariaDB Connector/C builds

by Victor Seva

Module: kamailio Branch: master Commit: 2bcc32a14e63d895077071715b0321fbdcdb8a33 URL: https://github.com/kamailio/kamailio/commit/2bcc32a14e63d895077071715b0321f… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2024-01-30T14:28:26+01:00 db_mysql: update docs for MariaDB Connector/C builds --- Modified: src/modules/db_mysql/doc/db_mysql_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/2bcc32a14e63d895077071715b0321f… Patch: https://github.com/kamailio/kamailio/commit/2bcc32a14e63d895077071715b0321f… --- diff --git a/src/modules/db_mysql/doc/db_mysql_admin.xml b/src/modules/db_mysql/doc/db_mysql_admin.xml index 51c9b5b728d..f1ff53df0ed 100644 --- a/src/modules/db_mysql/doc/db_mysql_admin.xml +++ b/src/modules/db_mysql/doc/db_mysql_admin.xml @@ -46,6 +46,7 @@ <listitem> <para> <emphasis>mysql</emphasis> - the development libraries for the MySQL database. In some Linux distributions named "libmysqlclient-dev". + <emphasis>MariaDB</emphasis> - the development libraries for the MariaDB database. In some Linux distributions named "libmariadbclient-dev". </para> </listitem> </itemizedlist> @@ -198,7 +199,10 @@ modparam("db_mysql", "update_affected_found", 1) defined. </para> <para> - Note: this option is supported only by libmysqlclient, not by libmariadbclient. + MariaDB client configuration uses the following values: 0, 1 use plain, 2/3/4 for MYSQL_OPT_SSL_ENFORCE, + 5 for MYSQL_OPT_SSL_VERIFY_SERVER_CERT (see MariaDB Connector/C documentation) + + Other values are ignored. </para> <para> <emphasis> @@ -298,4 +302,3 @@ default-character-set = utf8 </para> </section> </chapter> -

9 months, 4 weeks

git:master:d772b4c2: db_mysql: enable TLS when building with mariadb-connector-c

by Victor Seva

Module: kamailio Branch: master Commit: d772b4c24a3a4995b93287ccf8eac9b80d1a5bac URL: https://github.com/kamailio/kamailio/commit/d772b4c24a3a4995b93287ccf8eac9b… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2024-01-30T14:28:26+01:00 db_mysql: enable TLS when building with mariadb-connector-c - mariadb-connector-c requires at least one non-NULL configuration value to use TLS - emulate MySQL SSL_MODE_XXXX options --- Modified: src/modules/db_mysql/km_my_con.c --- Diff: https://github.com/kamailio/kamailio/commit/d772b4c24a3a4995b93287ccf8eac9b… Patch: https://github.com/kamailio/kamailio/commit/d772b4c24a3a4995b93287ccf8eac9b… --- diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c index d3f57108886..b415ff87655 100644 --- a/src/modules/db_mysql/km_my_con.c +++ b/src/modules/db_mysql/km_my_con.c @@ -116,7 +116,32 @@ struct my_con *db_mysql_new_connection(const struct db_id *id) (const void *)&db_mysql_timeout_interval); mysql_options(ptr->con, MYSQL_OPT_WRITE_TIMEOUT, (const void *)&db_mysql_timeout_interval); -#if MYSQL_VERSION_ID > 50710 && !defined(MARIADB_BASE_VERSION) + +#ifdef MARIADB_BASE_VERSION + /* + * emulate SSL_MODE_XXXX from MySQL + */ + + switch(db_mysql_opt_ssl_mode) { + case 0: /* opt_ssl_mode = 0(off) */ + case 1: /* SSL_MODE_DISABLED */ + break; + case 2: /* SSL_MODE_PREFERRED */ + case 3: /* SSL_MODE_REQUIRED */ + case 4: /* SSL_MODE_VERIFY_CA */ + mysql_optionsv(ptr->con, MYSQL_OPT_SSL_ENFORCE, (void *)&(int){1}); + break; + case 5: /* SSL_MODE_VERIFY_IDENTITY */ + mysql_optionsv(ptr->con, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, + (void *)&(int){1}); + break; + default: + LM_WARN("opt_ssl_mode = %d not supported by MariaDB Connector/C\n", + db_mysql_opt_ssl_mode); + break; + } +#else +#ifdef MYSQL_VERSION_ID> 50710 if(db_mysql_opt_ssl_mode != 0) { unsigned int optuint = 0; if(db_mysql_opt_ssl_mode == 1) { @@ -136,7 +161,8 @@ struct my_con *db_mysql_new_connection(const struct db_id *id) "ignoring\n", (unsigned int)db_mysql_opt_ssl_mode); } -#endif +#endif /* MYSQL_VERSION_ID */ +#endif /* MARIADB_BASE_VERSION */ #if MYSQL_VERSION_ID > 50012 /* set reconnect flag if enabled */

9 months, 4 weeks

Format of settings sets in config.

by Вадим С

Hello dear developers! I'm developing a module that can have several sets of similar connections. I see that some modules allow specifying a sequence of settings in one parameter through the symbol ";", as sample: modparam("htable", "htable", "customer=>size=8;dbtable=customer;cols='dids,description';coldelim=';'") or my example: modparam("module", "module", "connection=>alice;id=aliceid;password=alicepwd;timeout=60;param=123") modparam("module", "module", "connection=>bob;id=bobid;password=bobpwd;timeout=90;param=456") I don't find it user friendly. Can I offer users blocks with settings that should start with some parameter, for example "connection", as in the example: modparam("module", "connection", "alice") # first block of settings modparam("module", "id", "aliceid") modparam("module", "password", "alicepwd") modparam("module", "timeout", 60) modparam("module", "param", 123) modparam("module", "connection", "bob") # second block of settings modparam("module", "id", "bobid") modparam("module", "password", "bobpwd") modparam("module", "timeout", 90) modparam("module", "param", 456) modparam("module", "connection", "john") # third block of settings ... If you think that this is not compatible with the kamailio configuration ideology, I will give up my idea :)

9 months, 4 weeks

git:master:e470f67c: github: [skip ci] enable dependabot for devcontainers

by Victor Seva

Module: kamailio Branch: master Commit: e470f67c9aaaeb2dc39f49a1b5abb3352b45ad13 URL: https://github.com/kamailio/kamailio/commit/e470f67c9aaaeb2dc39f49a1b5abb33… Author: Victor Seva <linuxmaniac(a)torreviejawireless.org> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2024-01-30T10:44:19+01:00 github: [skip ci] enable dependabot for devcontainers --- Modified: .github/dependabot.yml --- Diff: https://github.com/kamailio/kamailio/commit/e470f67c9aaaeb2dc39f49a1b5abb33… Patch: https://github.com/kamailio/kamailio/commit/e470f67c9aaaeb2dc39f49a1b5abb33… --- diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 775cd546581..06afaf16847 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,3 +7,9 @@ updates: interval: "weekly" commit-message: prefix: "github: [skip ci]" + - package-ecosystem: "devcontainers" + directory: "/" + schedule: + interval: weekly + commit-message: + prefix: "github: [skip ci]"

9 months, 4 weeks

Re: [kamailio/kamailio] tls_wolfssl: clean-up; remove OpenSSL-isms (3d0e752)

by Victor Seva

This broke the build on jammy https://kamailio.sipwise.com/job/kamailiodev-nightly-binaries/architecture=… **libwolfssl32_5.2.0-2_amd64.deb** ``` gcc -fPIC -DPIC -funroll-loops -Wcast-align -m64 -minline-all-stringops -falign-loops -ftree-vectorize -fno-strict-overflow -mtune=generic -pthread -DKSR_PTHREAD_MUTEX_SHARED -Wall -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -ffile-prefix-map=/build/kamailio-5.8.0~dev2+ubuntu22.04.20240130005413.2609=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -DVERSION_NODATE -DNAME='"kamailio"' -DVERSION='"5.8.0-dev2"' -DARCH='"x86_64"' -DOS='linux_' -DOS_QUOTED='"linux"' -DCOMPILER='"gcc 11.4.0"' -D__CPU_x86_64 -D__OS_linux -DVERSIONVAL=5008000 -DCFG_DIR='"/etc/kamailio/"' -DSHARE_DIR='"/usr/share/kamailio/"' -DRUN_DIR='"/var/run/kamailio/"' -DPKG_MALLOC -DSHM_MMAP -DDNS_IP_HACK -DUSE_MCAST -DUSE_TCP -DDISABLE_NAGLE -DHAVE_RESOLV_RES -DUSE_DNS_CACHE -DUSE_DNS_FAILOVER -DUSE_DST_BLOCKLIST -DUSE_NAPTR -DMEM_JOIN_FREE -DF_MALLOC -DQ_MALLOC -DTLSF_MALLOC -DDBG_SR_MEMORY -DUSE_TLS -DTLS_HOOKS -DUSE_CORE_STATS -DSTATISTICS -DMALLOC_STATS -DUSE_SCTP -DFAST_LOCK -DADAPTIVE_WAIT -DADAPTIVE_WAIT_LOOPS=1024 -DCC_GCC_LIKE_ASM -DHAVE_GETHOSTBYNAME2 -DHAVE_UNION_SEMUN -DHAVE_SCHED_YIELD -DHAVE_MSG_NOSIGNAL -DHAVE_MSGHDR_MSG_CONTROL -DHAVE_ALLOCA_H -DHAVE_TIMEGM -DHAVE_SCHED_SETSCHEDULER -DHAVE_IP_MREQN -DUSE_RAW_SOCKS -DHAVE_EPOLL -DHAVE_SIGIO_RT -DSIGINFO64_WORKAROUND -DUSE_FUTEX -DHAVE_SELECT -DMOD_NAME='"tls_wolfssl"' -DMOD_NAMEID='tls_wolfssl' -c tls_domain.c -o tls_domain.o -MMD -MP tls_domain.c: In function 'set_ssl_options': tls_domain.c:731:19: error: 'WOLFSSL_OP_ALL' undeclared (first use in this function); did you mean 'SSL_OP_ALL'? 731 | options = WOLFSSL_OP_ALL; /* all the bug workarounds by default */ | ^~~~~~~~~~~~~~ | SSL_OP_ALL tls_domain.c:731:19: note: each undeclared identifier is reported only once for each function it appears in tls_domain.c:732:20: error: 'WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION' undeclared (first use in this function); did you mean 'SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION'? 732 | options |= WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION make[3]: *** [../../Makefile.rules:100: tls_domain.o] Error 1 make[2]: *** [Makefile:508: modules] Error 1 make[2]: Leaving directory '/build/kamailio-5.8.0~dev2+ubuntu22.04.20240130005413.2609/src' make[1]: *** [Makefile:34: every-module] Error 2 make[1]: Leaving directory '/build/kamailio-5.8.0~dev2+ubuntu22.04.20240130005413.2609' make: *** [debian/rules:133: build_tls_wolfssl] Error 2 ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/commit/3d0e7521c6de4023b6595685fc30612… You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/commit/3d0e7521c6de4023b6595685fc306129ef57b8ac/138041657(a)github.com>

10 months

← Newer
1
2
3
4
5
6
7
8
9
...
32
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev January 2024