hi, all.
After study the source code of kamailio, I found that: If a more higher openssl was adopted,
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
then, within function init_tls_compression(), it (kamailio) will read conf parameter :
cfg_get(tls, tls_cfg, disable_compression)
but, this method was called with mod_register --> tls_pre_init --> init_tls_compression, when , the mod_init() was not invoked, and , the invocation: cfg_get(tls, tls_cfg, disable_compression) always return 1 , what was the default value. thus, if a new brand openssl was adopted, the compression was always disabled. It sound like a bug?
btw: I know TLS with compression was not a good idea, but i had to try this solution for some business cause.
thanks all very much.
rixin liu
------------------ Original ------------------ From: "Olle E. Johansson"oej@edvina.net; Date: Tue, May 6, 2014 10:58 PM To: "Daniel Constantin Mierla"miconda@gmail.com; "Kamailio (SER) - Users Mailing List"sr-users@lists.sip-router.org;
Subject: Re: [SR-Users] How to enable TLS compression
The general recommendation from TLS security experts is to never ever use TLS compression.
/O
On 06 May 2014, at 16:38, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
what libssl version do you have? Some of them have bugs related to compression and the feature is disabled if such case is discovered.
You can set debug=3 and send over the log messages from startup.
Cheers, Daniel
On 06/05/14 11:36, 刘日新 wrote:
Hi, all.
I has configure kamailio.cfg as below:
#!ifdef WITH_TLS modparam("tls", "session_id", "vic22") modparam("tls", "session_cache",1) modparam("tls", "tls_disable_compression",0) modparam("tls", "config", "/usr/cfg/tls.cfg") #!endif
I was sure that this configure segment was included , in case that I set a wrong path to modparam("tls", "config", "/wrong paths/tls.cfg") the kamailio can`t boost and raised error.
But, when I debug this configure with gdb, I found that, within method : init_tls_compression(), Line 384 of tls_init.c
384 } else if (cfg_get(tls, tls_cfg, disable_compression)){ 385 LOG(L_INFO, "tls: init_tls: disabling compression...\n"); 386 sk_SSL_COMP_zero(comp_methods);
The param value from cfg was always 1, namely:
Ø print ((struct cfg_group_tls *)tls_cfg)->disable_compression 1
Why that? Are there something wrong?
B.R.
Rixin liu
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda__________________________________________... SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users