19 Mar
2012
19 Mar
'12
5 p.m.
On Mon, Mar 19, 2012 at 05:32, Juha Heinanen <jh(a)tutpro.com> wrote:
as i mentioned, with shared memory of 64MB, sip proxy
started fine.
however, it failed to send a request over tls:
Mar 19 11:21:41 test /usr/sbin/sip-proxy[30293]: INFO: Routing INVITE
<sip:044234567@192.98.102.10:8001;transport=tls>
Mar 19 11:21:41 test /usr/sbin/sip-proxy[30293]: WARNING: <core> [forward.c:268]:
WARNING: get_send_socket: protocol/port mismatch (forced udp:192.98.101.10:5060, to
tls:192.98.102.10:8001)
Mar 19 11:21:41 test /usr/sbin/sip-proxy[30293]: ERROR: tls [tls_server.c:150]: tls: ssl
bug #1491 workaround: not enough memory for safe operation: 8473952
Mar 19 11:21:41 test /usr/sbin/sip-proxy[30293]: ERROR: tm [../../forward.h:192]:
msg_send: ERROR: tcp_send failed
Mar 19 11:21:41 test /usr/sbin/sip-proxy[30293]: ERROR: tm [t_fwd.c:1385]: ERROR:
t_send_branch: sending request on branch 0 failed
this works ok when there is only a couple of certs in ca_list.
there is 10M of free shared memory available. is that not enough for
"safe operation" or is this now pkg memory issue (i have the default 4M
configured)?
I think you're seeing this because you don't have enough free shared
memory. When you load the whole Debian CA certificate list, it
probably does not leave enough memory left for openssl. The tls module
fails preemptively if there is not enough free memory left to prevent
openssl from crashing or causing memory leaks.
There are two configuration options that you can change:
low_mem_threshold1 (default 512 * 1024 * get_max_procs) and
low_mem_threshold2 (256 * 1024 * get_max_procs).
So you can either try to change one of the options or give the sip
proxy more shared memory.
Note that openssl is really memory hungry. By default it consumes over
65kB of memory per connection for various buffers.
-Jan