22 Jan
2015
22 Jan
'15
3:47 a.m.
On 21 Jan 2015, at 21:52, Juha Heinanen <jh(a)tutpro.com> wrote:
Juha Heinanen writes:
We've seen reports of issues with Postgresql with TLS too, I don't know
what happened, but I think we need to focus on both and fix this.
There is a known geneal problem with libraries using OpenSSL - I don't know if
this has been looked at in Kamailio, but we did a fix in Asterisk a while ago.
If you have modules using libraries that use OpenSSL - like we have in
Curl, Mysql, Postgres and possibly other modules - as well as our own use in
the TLS module - there's a risk that OpenSSL gets initialized too many
times and bad things happen. ("Bad things" need to be defined here).
I think Kevin did a library trick with the linker so that Asterisk
catch these initialization calls first and use just one. Asterisk is
multithreaded and Kamailio is multiprocess, so I don't know how this
affects Kamailio or if we can get some inspiration by this fix.
Rambling a bit, but trying to point in some sort of general direction. :-)
I will put on my list to set up a lab with Mysql TLS connections and try.
/O
when [group] thing didn't work, i added
ssl-ca=/etc/mysql/cacert.pem
to [client] section of my.cfg that kamailio according to db_mysql/README
is reading.
after that, kamailio started ok, but didn't use ssl for mysql queries.
what is it that i'm missing? has anyone succeeded in making kamailio to
query mysql server over ssl?
based on zero responses, i guess the answer is "no". if so, that pretty
much prevents using kamailio in an environment where mysql service is
provided by a cloud service, such as amazon ec2.
should i put a note in db_mysql module README telling that we don't
currently know, which [client] params of my.cfg the module supports?