[Devel] Please help for configuration TLS in Fedora Core5

Ferianto siregar ferianto_voip at yahoo.com
Mon Sep 11 04:32:51 CEST 2006


Dear Klaus,
   
  Thank you very much.
   
  This is the version of openssl in Fedora Core 5 that I have got:
  [root at sip ~]# rpm -qa|grep -i ssl
  openssl-0.9.8a-5.2
  openssl-devel-0.9.8a-5.2
  openssl097a-0.9.7a-4.2.1
  docbook-style-dsssl-1.79-4
  mod_ssl-2.2.0-5.1.2
  [root at sip ~]#
   
  Please Klaus..Help me...Please.
  Regards,
   
   
  Ferianto


Klaus Darilion <klaus.mailinglists at pernau.at> wrote:  The problem is, that the openssl library on Fedora 5 behaves different
than usual. What version of openssl is used by Fedory 5?

regards
klaus

On Sat, September 9, 2006 13:46, Ferianto siregar said:
> Dear Klaus,
>
> Thank you very much for you kind-hearted to reply my message. Thank you
> very much.
> Klaus, I still do not understand what you mean .Maybe because I have
> lack skill in this system.
> So, yesterday I tried to check file tls_init.c that there is in #
> openser-1.1.0-tls/tls directory.
> I found the script that you write below in tls_init.c file . Both of
> them are same (the script that you write below and the script in
> tls_ini.c file).
> So, I am confused, what should I do? What I have to change so TLS can
> run in my openser?
> Would you mind giving me explanation, Please..
>
> Thank you very much
>
> Regards,
>
>
> Ferianto
>
> Klaus Darilion wrote:
> Ferianto siregar wrote:
>> Dear all,
>>
>> I would like to say thanks to all of you for your kind-hearted read my
>> message. Thank you very much.
>> All, I need you help now.Please..
>> Now, I tried to build openser with TLS in Fedora Core 5. Before, I use
>> Redhat 9 and the openser installation can be build successfully.( I can
>> make a call with TLS support)
>> But, Why when I tried to install it in Fedora Core 5, the openser can
>> not run?(there is no pid for openser)
>> But, When I erase the TLS configuration (TLS script for enable the TLS)
>> in openser.cfg, the openser can run successfully.(There is a pid).
>> So, in my opinion, the TLS Script in openser.cfg is error.
>> But, I need this script to make secure openser server (openser with TLS
>> support).
>>
>> What should I do? I do hope anybody can give a suggestion. Please help
>> me...Please..
>
> Maybe the openssl library is different on fedora. The interesintg pieco
> of code is:
>
> #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
> /* disabling compression */
> LOG(L_ERR, "WARNING:init_tls: disabling compression due ZLIB problems\n");
> comp_methods = SSL_COMP_get_compression_methods();
> if (comp_methods==0) {
> LOG(L_ERR, "ERRRO:init_tls: null openssl compression
> methods\n");
> return -1;
> }
> sk_SSL_COMP_zero(comp_methods);
> #endif
>
> I wonder why it is an error if the comp_methods are zero. Then we do not
> have to disable them.
>
> regards
> klaus
>
>
>>
>> Thank you very much
>>
>> Regards,
>>
>>
>> Ferianto
>>
>> Note:
>> 1. This is the error message that I got when execute, # openser,
>> command:
>> 0(8715) DEBUG:socket2str:
>> 0(8715) DEBUG:socket2str:
>> 0(8715) DEBUG:socket2str:
>> Listening on
>> udp: 202.95.149.251 [202.95.149.251]:5060
>> tcp: 202.95.149.251 [202.95.149.251]:5060
>> tls: 202.95.149.251 [202.95.149.251]:5061
>> Aliases:
>> tls: sip:5061
>> tls: sip.pcr.ac.id:5061
>> tcp: sip:5060
>> tcp: sip.pcr.ac.id:5060
>> udp: sip:5060
>> udp: sip.pcr.ac.id:5060
>>
>> 0(8715) fm_malloc_init: F_OPTIMIZE=16384, /ROUNDTO=2048
>> 0(8715) fm_malloc_init: F_HASH_SIZE=2067, fm_block size=16560
>> 0(8715) fm_malloc_init(0xb5fbb000, 33554432), start=0xb5fbb000
>> 0(8715) shm_mem_init: success
>> 0(8715) init_tcp: using epoll_lt as the io watch method (auto detected)
>> 0(8715) init_tls: Entered
>> 0(8715) WARNING:init_tls: disabling compression due ZLIB problems
>> 0(8715) ERRRO:init_tls: null openssl compression methods
>> 0(8715) could not initialize tls, exiting...
>> 0(8715) DEBUG: tm_shutdown : start
>> 0(8715) DEBUG: tm_shutdown : emptying hash table
>> 0(8715) DEBUG: tm_shutdown : releasing timers
>> 0(8715) DEBUG: tm_shutdown : removing semaphores
>> 0(8715) DEBUG: tm_shutdown : destroying tmcb lists
>> 0(8715) DEBUG: tm_shutdown : done
>> 0(8715) destroy_tls: Entered
>> 0(8715) shm_mem_destroy
>> 0(8715) destroying the shared memory lock
>>
>> 2. This is the contain part of openser.cfg
>>
>> listen=202.95.149.250
>> port=5060
>> children=4
>> dns=no # (cmd. line: -r)
>> rev_dns=no # (cmd. line: -R)
>> fifo="/tmp/openser_fifo"
>> fifo_db_url="mysql://openser:openserrw@localhost/openser"
>> fifo_mode=0666
>> alias="pcr.ac.id"
>>
>> # uncomment the following lines for TLS support
>> disable_tls = 0
>> listen = tls:202.95.149.250:5061
>> tls_verify_client = on
>> tls_require_client_certificate = on
>> tls_verify_server=on
>> tls_method = TLSv1
>> tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
>> tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
>> tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
>>
>> # ------------------ module loading ----------------------------------
>> # Uncomment this if you want to use SQL database loadmodule
>> "/usr/local/lib/openser/modules/mysql.so" loadmodule
>> "/usr/local/lib/openser/modules/sl.so" loadmodule
>> "/usr/local/lib/openser/modules/tm.so" loadmodule
>> "/usr/local/lib/openser/modules/rr.so" loadmodule
>> "/usr/local/lib/openser/modules/maxfwd.so" loadmodule
>> "/usr/local/lib/openser/modules/usrloc.so" loadmodule
>> "/usr/local/lib/openser/modules/registrar.so" loadmodule
>> "/usr/local/lib/openser/modules/auth.so" loadmodule
>> "/usr/local/lib/openser/modules/auth_db.so" loadmodule
>> "/usr/local/lib/openser/modules/uri.so" loadmodule
>> "/usr/local/lib/openser/modules/uri_db.so" loadmodule
>> "/usr/local/lib/openser/modules/mediaproxy.so" loadmodule
>> "/usr/local/lib/openser/modules/nathelper.so" loadmodule
>> "/usr/local/lib/openser/modules/textops.so" loadmodule
>> "/usr/local/lib/openser/modules/avpops.so" loadmodule
>> "/usr/local/lib/openser/modules/domain.so" loadmodule
>> "/usr/local/lib/openser/modules/permissions.so"
>>
>> ------------------------------------------------------------------------
>> Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great
>> rates starting at 1¢/min.
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/devel
>>
>
>
>
>
> ---------------------------------
> Stay in the know. Pulse on the new Yahoo.com. Check it out.




 		
---------------------------------
Stay in the know. Pulse on the new Yahoo.com.  Check it out. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openser.org/pipermail/devel/attachments/20060910/e334bd71/attachment.html


More information about the Devel mailing list