sr-dev February 2024

sr-dev@lists.kamailio.org

19 participants
247 discussions

git:master:1e423644: db_mysql: libssl thread guard for db_mysql_query (and libmysqlclient)
by S-P Chan 14 Feb '24

14 Feb '24

Module: kamailio Branch: master Commit: 1e4236445167d837a89d54ce6bee5ef14aef568e URL: https://github.com/kamailio/kamailio/commit/1e4236445167d837a89d54ce6bee5ef… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-14T19:49:10+08:00 db_mysql: libssl thread guard for db_mysql_query (and libmysqlclient) This function is observed to call SSL_read() when compiled with libmysqlclient.so.21 (but not libmariadb.so.3). Apply a … [View More]

1 0

git:master:87ef83d2: modules: readme files regenerated - db_mysql ... [skip ci]
by Kamailio Dev 14 Feb '24

14 Feb '24

Module: kamailio Branch: master Commit: 87ef83d23f68a43fc5265a81330cbeed6205f922 URL: https://github.com/kamailio/kamailio/commit/87ef83d23f68a43fc5265a81330cbee… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2024-02-14T08:31:13+01:00 modules: readme files regenerated - db_mysql ... [skip ci] --- Modified: src/modules/db_mysql/README --- Diff: https://github.com/kamailio/kamailio/commit/… [View More]

1 0

git:master:c89fe41b: db_mysql: fix typos
by S-P Chan 14 Feb '24

14 Feb '24

Module: kamailio Branch: master Commit: c89fe41b1583af74cdf7e20d2357d7c90990839f URL: https://github.com/kamailio/kamailio/commit/c89fe41b1583af74cdf7e20d2357d7c… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-14T15:20:35+08:00 db_mysql: fix typos The option opt_ssl_ca is a string not integer. The comment for ea81e6cb should show the code fix as mysql_options(ptr->con, MYSQL_OPT_SSL_CA, (void *)db_mysql_opt_ssl_ca) -… [View More]

1 0

git:master:a61bfe9f: modules: readme files regenerated - db_mysql ... [skip ci]
by Kamailio Dev 14 Feb '24

14 Feb '24

Module: kamailio Branch: master Commit: a61bfe9fb8357cedf5cb22e2698ec5d817fcfe5a URL: https://github.com/kamailio/kamailio/commit/a61bfe9fb8357cedf5cb22e2698ec5d… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2024-02-14T08:16:19+01:00 modules: readme files regenerated - db_mysql ... [skip ci] --- Modified: src/modules/db_mysql/README --- Diff: https://github.com/kamailio/kamailio/commit/… [View More]a61bfe9fb8357cedf5cb22e2698ec5d… Patch: https://github.com/kamailio/kamailio/commit/a61bfe9fb8357cedf5cb22e2698ec5d… --- diff --git a/src/modules/db_mysql/README b/src/modules/db_mysql/README index 8e135cdcbf2..17f8795581a 100644 --- a/src/modules/db_mysql/README +++ b/src/modules/db_mysql/README @@ -32,6 +32,7 @@ Daniel-Constantin Mierla 3.5. insert_delayed (integer) 3.6. update_affected_found (integer) 3.7. opt_ssl_mode (integer) + 3.8. opt_ssl_ca (integer) 4. Functions 5. Installation @@ -46,9 +47,10 @@ Daniel-Constantin Mierla 1.5. Set insert_delayed parameter 1.6. Set update_affected_found parameter 1.7. Set opt_ssl_mode parameter - 1.8. Set a my.cnf group in db_url parameter - 1.9. Adding a kamailio group to my.cnf - 1.10. Using [client] and specific group + 1.8. Set opt_ssl_ca parameter + 1.9. Set a my.cnf group in db_url parameter + 1.10. Adding a kamailio group to my.cnf + 1.11. Using [client] and specific group Chapter 1. Admin Guide @@ -69,6 +71,7 @@ Chapter 1. Admin Guide 3.5. insert_delayed (integer) 3.6. update_affected_found (integer) 3.7. opt_ssl_mode (integer) + 3.8. opt_ssl_ca (integer) 4. Functions 5. Installation @@ -107,6 +110,7 @@ Chapter 1. Admin Guide 3.5. insert_delayed (integer) 3.6. update_affected_found (integer) 3.7. opt_ssl_mode (integer) + 3.8. opt_ssl_ca (integer) 3.1. ping_interval (integer) @@ -212,6 +216,21 @@ modparam("db_mysql", "update_affected_found", 1) modparam("db_mysql", "opt_ssl_mode", 1) ... +3.8. opt_ssl_ca (integer) + + Configures the CA certs used to verify the MySQL server cert when SSL + is enabled. + + Required when opt_ssl_mode = 4 or 5 and db_mysql is built with + libmysqlclient. + + Default value is NULL (NULL - not configured). + + Example 1.8. Set opt_ssl_ca parameter +... +modparam("db_mysql", "opt_ssl_ca", "/etc/ssl/certs/mysql-ca.pem") +... + 4. Functions No function exported to be used from configuration file. @@ -238,12 +257,12 @@ modparam("db_mysql", "opt_ssl_mode", 1) * mysql://user:pass@[group]/db * mysql://[group]/db - Example 1.8. Set a my.cnf group in db_url parameter + Example 1.9. Set a my.cnf group in db_url parameter ... modparam("usrloc", "db_url", "mysql://[kamailio]/kamailio) ... - Example 1.9. Adding a kamailio group to my.cnf + Example 1.10. Adding a kamailio group to my.cnf ... [kamailio] socket = /path/to/mysql.sock @@ -257,7 +276,7 @@ default-character-set = utf8 both your specific group and the client group, then the value is taken from the last one. - Example 1.10. Using [client] and specific group + Example 1.11. Using [client] and specific group ... [client] socket = /run/mysql/mysqld.sock [View Less]

1 0

git:master:eafd93f0: db_mysql: update docs for opt_ssl_ca
by S-P Chan 14 Feb '24

14 Feb '24

Module: kamailio Branch: master Commit: eafd93f0576504ea03fe6b5e3898506072218cef URL: https://github.com/kamailio/kamailio/commit/eafd93f0576504ea03fe6b5e3898506… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-14T15:09:24+08:00 db_mysql: update docs for opt_ssl_ca --- Modified: src/modules/db_mysql/doc/db_mysql_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/eafd93f0576504ea03fe6b5e3898506… Patch: … [View More]

1 0

git:master:ea81e6cb: db_mysql: new module param opt_ssl_ca to configure CA certs
by S-P Chan 14 Feb '24

14 Feb '24

Module: kamailio Branch: master Commit: ea81e6cb8b2b2d896de7a07ce191876f9f182673 URL: https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-14T15:08:56+08:00 db_mysql: new module param opt_ssl_ca to configure CA certs ERROR: db_mysql [km_my_con.c:200]: db_mysql_new_connection(): driver error: SSL connection error: CA certificate is required if ssl-mode … [View More]is VERIFY_CA or VERIFY_IDENTITY When opt_ssl_mode = 4 | 5 libmysqclient requires that the trusted CAs be configured. Fixed with: mysql_options(ptr->con, MYSQL_OPT_SSL_CA, (void *)db_mysql_opt_ssl_mode) Note: libmariadb3 doesn't require this setting and uses the system trust store. --- Modified: src/modules/db_mysql/db_mysql.c Modified: src/modules/db_mysql/km_my_con.c --- Diff: https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876… Patch: https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876… --- diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c index 1a698329bac..9a7aa8673b5 100644 --- a/src/modules/db_mysql/db_mysql.c +++ b/src/modules/db_mysql/db_mysql.c @@ -47,6 +47,7 @@ unsigned int my_server_timezone = unsigned long my_client_ver = 0; int db_mysql_unsigned_type = 0; int db_mysql_opt_ssl_mode = 0; +char *db_mysql_opt_ssl_ca = NULL; struct mysql_counters_h mysql_cnts_h; counter_def_t mysql_cnt_defs[] = { @@ -100,6 +101,7 @@ static param_export_t params[] = { {"insert_delayed", INT_PARAM, &db_mysql_insert_all_delayed}, {"update_affected_found", INT_PARAM, &db_mysql_update_affected_found}, {"unsigned_type", PARAM_INT, &db_mysql_unsigned_type}, + {"opt_ssl_ca", PARAM_STRING, &db_mysql_opt_ssl_ca}, {"opt_ssl_mode", PARAM_INT, &db_mysql_opt_ssl_mode}, {0, 0, 0}}; diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c index b4c4dca33b0..226d724f1ae 100644 --- a/src/modules/db_mysql/km_my_con.c +++ b/src/modules/db_mysql/km_my_con.c @@ -41,6 +41,7 @@ #include "db_mysql.h" extern int db_mysql_opt_ssl_mode; +extern char *db_mysql_opt_ssl_ca; /*! \brief * Create a new connection structure, @@ -167,6 +168,9 @@ struct my_con *db_mysql_new_connection(const struct db_id *id) } #endif /* MYSQL_VERSION_ID */ #endif /* MARIADB_BASE_VERSION */ + if(db_mysql_opt_ssl_ca) + mysql_options( + ptr->con, MYSQL_OPT_SSL_CA, (const void *)db_mysql_opt_ssl_ca); #if MYSQL_VERSION_ID > 50012 /* set reconnect flag if enabled */ [View Less]

1 0

git:5.7:a0dfb8cb: tls: raise logging level of early messages in mod_register
by S-P Chan 13 Feb '24

13 Feb '24

Module: kamailio Branch: 5.7 Commit: a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd URL: https://github.com/kamailio/kamailio/commit/a0dfb8cbdf4282040351e9dc014d9ef… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-13T19:11:20+08:00 tls: raise logging level of early messages in mod_register --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/a0dfb8cbdf4282040351e9dc014d9ef… Patch: … [View More]

1 0

Fwd: Reject TCP SYN
by David Villasmil 13 Feb '24

13 Feb '24

Hello all, Following up on this, I made a patch (attached), could you please review and apply if it looks ok? The patch creates a new core cfg variable which, if set, will reject any incoming NEW tcp connection attempt, so we can use this to gracefully drain kamailio. Thanks & Regards, David Villasmil email: david.villasmil.work(a)gmail.com phone: +34669448337 Forwarded Conversation Subject: Reject TCP SYN ------------------------ From: David Villasmil <david.villasmil.work(a)gmail.… [View More]

2 1

git:5.7:5d7d7ea5: tls: add logging
by S-P Chan 13 Feb '24

13 Feb '24

Module: kamailio Branch: 5.7 Commit: 5d7d7ea54c908cae333ed3cafd4a2cc93cacd4db URL: https://github.com/kamailio/kamailio/commit/5d7d7ea54c908cae333ed3cafd4a2cc… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-13T17:23:31+08:00 tls: add logging --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/5d7d7ea54c908cae333ed3cafd4a2cc… Patch: https://github.com/kamailio/kamailio/commit/… [View More]

1 0

git:5.7:eb7aa576: tls: restore some function calls in non-threaded mode
by S-P Chan 13 Feb '24

13 Feb '24

Module: kamailio Branch: 5.7 Commit: eb7aa57676f48f16cc66a16c511ed45ac9c8f62e URL: https://github.com/kamailio/kamailio/commit/eb7aa57676f48f16cc66a16c511ed45… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-13T11:08:29+08:00 tls: restore some function calls in non-threaded mode In the case that tls_threads_mode = 0 we restore the earlier behaviour of 5.7.3. - OpenSSL 1.1.1: restore early call to RAND_set_rand_method - … [View More]

1 0

← Newer
1
...
11
12
13
14
15
16
17
...
25
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev February 2024