THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
A new Flyspray task has been opened. Details are below.
User who did this - Shaobin.Feng (saxon_leo)
Attached to Project - sip-router Summary - kamailio tls debug error Task Type - Bug Report Category - tls Status - Unconfirmed Assigned To - Operating System - Linux Severity - Low Priority - Normal Reported Version - 3.2 Due in Version - Undecided Due Date - Undecided Details - kamailio keeps debuging follows: "ERROR: tls [tls_server.c:1174]: TLS accept:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac"
Well,I used command (openssl s_client -connect host:port -no_ssl2 -bugs) to connect to kamailio, it returns normal.
So, this really confuse me,is there something wrong or not?
Is there any other method can check the tls module works normal or not? Any suggestion will be nice.
More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=245
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
We have observed this error when using multiple tls connecitons with openssl version 1.0.0. This is because CRYPTO_set_id_callback() is not used in tls_init_locks(). The kamailio code has following comment /* thread id callback: not needed because ser doesn't use thread and * openssl already uses getpid() (by default) * CRYPTO_set_id_callback(id_f);
As per the documentation openssl is not using getpid anymore , it is valid only till 0.9. the openssl man page says If the application does not register such a callback using CRYPTO_THREADID_set_callback(), then a default implementation is used - on Windows and BeOS this uses the system's default thread identifying APIs, and on all other platforms it uses the address of errno. In multi process environment Errno can points to same virtual address. So we need to use getpid() in CRYPTO_set_id_callback(id_f)
unsigned long id_f() { return my_pid(); }
Please read the link below for refrence http://www.openssl.org/docs/crypto/threads.html
On Thu, Jul 12, 2012 at 9:46 PM, sip-router bugtracker@sip-router.orgwrote:
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
A new Flyspray task has been opened. Details are below. User who did this - Shaobin.Feng (saxon_leo) Attached to Project - sip-router Summary - kamailio tls debug error Task Type - Bug Report Category - tls Status - Unconfirmed Assigned To - Operating System - Linux Severity - Low Priority - Normal Reported Version - 3.2 Due in Version - Undecided Due Date - Undecided Details - kamailio keeps debuging follows: "ERROR: tls [tls_server.c:1174]: TLS accept:error:1408F119:SSL routines:SSL3_GET_RECORD:**decryption failed or bad record mac"
Well,I used command (openssl s_client -connect host:port -no_ssl2 -bugs) to connect to kamailio, it returns normal.
So, this really confuse me,is there something wrong or not?
Is there any other method can check the tls module works normal or not? Any suggestion will be nice.
More information can be found at the following URL: http://sip-router.org/tracker/**index.php?do=details&task_id=**245http://sip-router.org/tracker/index.php?do=details&task_id=245
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
______________________________**_________________ sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**devhttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
Hello,
thanks for noticing and reporting that. I just committed the fix, just using a different function name.
Cheers, Daniel
On 7/17/12 7:54 PM, Jijo wrote:
We have observed this error when using multiple tls connecitons with openssl version 1.0.0. This is because CRYPTO_set_id_callback() is not used in tls_init_locks(). The kamailio code has following comment /* thread id callback: not needed because ser doesn't use thread and * openssl already uses getpid() (by default) * CRYPTO_set_id_callback(id_f);
As per the documentation openssl is not using getpid anymore , it is valid only till 0.9. the openssl man page says If the application does not register such a callback using CRYPTO_THREADID_set_callback(), then a default implementation is used
- on Windows and BeOS this uses the system's default thread
identifying APIs, and on all other platforms it uses the address of errno. In multi process environment Errno can points to same virtual address. So we need to use getpid() in CRYPTO_set_id_callback(id_f)
unsigned long id_f() { return my_pid(); }
Please read the link below for refrence http://www.openssl.org/docs/crypto/threads.html
On Thu, Jul 12, 2012 at 9:46 PM, sip-router <bugtracker@sip-router.org mailto:bugtracker@sip-router.org> wrote:
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. A new Flyspray task has been opened. Details are below. User who did this - Shaobin.Feng (saxon_leo) Attached to Project - sip-router Summary - kamailio tls debug error Task Type - Bug Report Category - tls Status - Unconfirmed Assigned To - Operating System - Linux Severity - Low Priority - Normal Reported Version - 3.2 Due in Version - Undecided Due Date - Undecided Details - kamailio keeps debuging follows: "ERROR: tls [tls_server.c:1174]: TLS accept:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac" Well,I used command (openssl s_client -connect host:port -no_ssl2 -bugs) to connect to kamailio, it returns normal. So, this really confuse me,is there something wrong or not? Is there any other method can check the tls module works normal or not? Any suggestion will be nice. More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=245 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above. _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org <mailto:sr-dev@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-
Daniel-Constantin Mierla -
Jijo -
sip-router