Hello,
libssl 1.1.x should be better and there is nothing wrong using it. I expected that not so many 1.0.x versions were affected by the issue.
The packages for suse were built because of opensuse build
system, but not sure if anyone were using them in the past to be
sure that they work properly.
Hi,
Do you see something wrong by using that 1.1.0g version ?or just astonished it did not work with those 1.0.x versions...
I’m not so familiar with Suse and its perks in here -> would prefer debian/Ubuntu myself but this was handed to me so I have to live with it for now… unless.
If needed I could test downgrading opnessl but did not yet find how it could be done :) sorry
ps. I'm very pleased and happy for your involvement in this. So warm welcome to Kamailio world, thank you..
Tomi
On 13 Dec 2017, at 19.50, Daniel-Constantin Mierla <miconda@gmail.com> wrote:
Hello,
there should be also good openssl 1.0.x versions, maybe the problem was the order of modules. Can you list all loadmodule line from your kamailio.cfg?
Cheers,
Daniel
On 13.12.17 00:20, Tomi Hakkarainen wrote:
Hello,
I finally got Kamailio to start with TLS.I tried with multiple openssl versions last withopenssl versionOpenSSL 1.1.0g 2 Nov 2017
also updated Kamailio to 5.0.4 from Suse repo'sand had no luck with those two.
I decided to compile Kamailio 5.1 and with little fling with database I think I overcame the TLS starting trouble…Now it cranshes as it cannot connect to Asterisk DB -> will jack with that tomorrow.
Thank you for your guidance as with it I focused on the openssl and finally have I hope working setup...
Regards,Tomi
On 12 Dec 2017, at 10.26, Daniel-Constantin Mierla <miconda@gmail.com> wrote:
Hello,
there were some broken versions of openssl that didn't allow anymore to set custom memory manager. The only option is to upgrade libssl to a version that doesn't expose the issue. If you search on kamailio issues tracker on github.com, there should be one closed about this topic.
Cheers,
Daniel
On 11.12.17 22:20, Tomi Hakkarainen wrote:
Hi,I have problem to enable TLS on just installed Kamailio serveropenSUSE 42.3 (x86_64)VERSION = 42.3CODENAME = Malachite
version: kamailio 5.0.4 (x86_64/linux)flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RESADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MBpoll method support: poll, epoll_lt, epoll_et, sigio_rt, select.id: unknowncompiled on 18:06:25 Dec 3 2017 with gcc 4.8.5
I get this on debug log:
0(11336) DEBUG: <core> [core/cfg.y:1642]: yyparse(): loading modules under /usr/lib64/kamailio/modules/loading modules under config path: /usr/lib64/kamailio/modules/0(11336) DEBUG: <core> [core/cfg.y:1623]: yyparse(): loading module tls.so0(11336) DEBUG: <core> [core/sr_module.c:575]: load_module(): trying to load </usr/lib64/kamailio/modules/tls.so>0(11336) DEBUG: <core> [core/mem/q_malloc.c:189]: qm_malloc_init(): qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=20480(11336) DEBUG: <core> [core/mem/q_malloc.c:191]: qm_malloc_init(): qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=2351520(11336) DEBUG: <core> [core/mem/q_malloc.c:193]: qm_malloc_init(): qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb0000(11336) DEBUG: <core> [core/mem/q_malloc.c:202]: qm_malloc_init(): qm_malloc_init: size= 67108864, init_overhead=2352560(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set the memory allocation functions0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl current mem functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f: 0x7f6e055b39a00(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls module is loaded before any other module using libssl (can be loaded first to be safe)0(11336) ERROR: <core> [core/sr_module.c:607]: load_module(): /usr/lib64/kamailio/modules/tls.so: mod_register failed0(11336) CRITICAL: <core> [core/cfg.y:3411]: yyerror_at(): parse error in config file /etc/kamailio/kamailio.cfg, line 150, column 12-19: failed to load module
for resolving have compiled openssl from 1.0.2j-fips to
openssl versionOpenSSL 1.0.2n 7 Dec 2017
Is this information enough to see what we are missingWill provide more info if needed.Any help and suggestions are appreciated.
Regards,T
_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - www.asipto.com Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
-- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - www.asipto.com Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
-- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - www.asipto.com Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com