The problem is, that the openssl library on Fedora 5 behaves different than usual. What version of openssl is used by Fedory 5?
regards klaus
On Sat, September 9, 2006 13:46, Ferianto siregar said:
Dear Klaus,
Thank you very much for you kind-hearted to reply my message. Thank you very much. Klaus, I still do not understand what you mean .Maybe because I have lack skill in this system. So, yesterday I tried to check file tls_init.c that there is in # openser-1.1.0-tls/tls directory. I found the script that you write below in tls_init.c file . Both of them are same (the script that you write below and the script in tls_ini.c file). So, I am confused, what should I do? What I have to change so TLS can run in my openser? Would you mind giving me explanation, Please..
Thank you very much
Regards,
Ferianto
Klaus Darilion klaus.mailinglists@pernau.at wrote: Ferianto siregar wrote:
Dear all,
I would like to say thanks to all of you for your kind-hearted read my message. Thank you very much. All, I need you help now.Please.. Now, I tried to build openser with TLS in Fedora Core 5. Before, I use Redhat 9 and the openser installation can be build successfully.( I can make a call with TLS support) But, Why when I tried to install it in Fedora Core 5, the openser can not run?(there is no pid for openser) But, When I erase the TLS configuration (TLS script for enable the TLS) in openser.cfg, the openser can run successfully.(There is a pid). So, in my opinion, the TLS Script in openser.cfg is error. But, I need this script to make secure openser server (openser with TLS support).
What should I do? I do hope anybody can give a suggestion. Please help me...Please..
Maybe the openssl library is different on fedora. The interesintg pieco of code is:
#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) /* disabling compression */ LOG(L_ERR, "WARNING:init_tls: disabling compression due ZLIB problems\n"); comp_methods = SSL_COMP_get_compression_methods(); if (comp_methods==0) { LOG(L_ERR, "ERRRO:init_tls: null openssl compression methods\n"); return -1; } sk_SSL_COMP_zero(comp_methods); #endif
I wonder why it is an error if the comp_methods are zero. Then we do not have to disable them.
regards klaus
Thank you very much
Regards,
Ferianto
Note:
- This is the error message that I got when execute, # openser,
command: 0(8715) DEBUG:socket2str: 0(8715) DEBUG:socket2str: 0(8715) DEBUG:socket2str: Listening on udp: 202.95.149.251 [202.95.149.251]:5060 tcp: 202.95.149.251 [202.95.149.251]:5060 tls: 202.95.149.251 [202.95.149.251]:5061 Aliases: tls: sip:5061 tls: sip.pcr.ac.id:5061 tcp: sip:5060 tcp: sip.pcr.ac.id:5060 udp: sip:5060 udp: sip.pcr.ac.id:5060
0(8715) fm_malloc_init: F_OPTIMIZE=16384, /ROUNDTO=2048 0(8715) fm_malloc_init: F_HASH_SIZE=2067, fm_block size=16560 0(8715) fm_malloc_init(0xb5fbb000, 33554432), start=0xb5fbb000 0(8715) shm_mem_init: success 0(8715) init_tcp: using epoll_lt as the io watch method (auto detected) 0(8715) init_tls: Entered 0(8715) WARNING:init_tls: disabling compression due ZLIB problems 0(8715) ERRRO:init_tls: null openssl compression methods 0(8715) could not initialize tls, exiting... 0(8715) DEBUG: tm_shutdown : start 0(8715) DEBUG: tm_shutdown : emptying hash table 0(8715) DEBUG: tm_shutdown : releasing timers 0(8715) DEBUG: tm_shutdown : removing semaphores 0(8715) DEBUG: tm_shutdown : destroying tmcb lists 0(8715) DEBUG: tm_shutdown : done 0(8715) destroy_tls: Entered 0(8715) shm_mem_destroy 0(8715) destroying the shared memory lock
- This is the contain part of openser.cfg
listen=202.95.149.250 port=5060 children=4 dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) fifo="/tmp/openser_fifo" fifo_db_url="mysql://openser:openserrw@localhost/openser" fifo_mode=0666 alias="pcr.ac.id"
# uncomment the following lines for TLS support disable_tls = 0 listen = tls:202.95.149.250:5061 tls_verify_client = on tls_require_client_certificate = on tls_verify_server=on tls_method = TLSv1 tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
# ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/uri.so" loadmodule "/usr/local/lib/openser/modules/uri_db.so" loadmodule "/usr/local/lib/openser/modules/mediaproxy.so" loadmodule "/usr/local/lib/openser/modules/nathelper.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/avpops.so" loadmodule "/usr/local/lib/openser/modules/domain.so" loadmodule "/usr/local/lib/openser/modules/permissions.so"
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1ยข/min.
Devel mailing list Devel@openser.org http://openser.org/cgi-bin/mailman/listinfo/devel
Stay in the know. Pulse on the new Yahoo.com. Check it out.