[Devel] Please help for configuration TLS in Fedora Core5
Ferianto siregar
ferianto_voip at yahoo.com
Wed Sep 13 05:12:45 CEST 2006
Dear Klaus,
Thank you very much for your help.
I have tried to uninstall the openssl097a-0.9.7a-4.2.1, but the TLS still can not be loaded (I can not run openser by using TLS support).
So, You are wright, this problem caused by openssl. Because when I tried to install openser in FC4 that has openssl.0.9.7f, the openser and TLS can run successfully.
Thank you very much,
Regards,
Ferianto
Klaus Darilion <klaus.mailinglists at pernau.at> wrote: looks like there are 2 openssl libraries isntalled. Can you try to
remove openssl097a-0.9.7a-4.2.1?
regards
klaus
Ferianto siregar wrote:
> Dear Klaus,
>
> Thank you very much.
>
> This is the version of openssl in Fedora Core 5 that I have got:
> [root at sip ~]# rpm -qa|grep -i ssl
> openssl-0.9.8a-5.2
> openssl-devel-0.9.8a-5.2
> openssl097a-0.9.7a-4.2.1
> docbook-style-dsssl-1.79-4
> mod_ssl-2.2.0-5.1.2
> [root at sip ~]#
>
> Please Klaus...
> Regards,
>
>
> Ferianto
>
>
> */Klaus Darilion /* wrote:
>
> The problem is, that the openssl library on Fedora 5 behaves different
> than usual. What version of openssl is used by Fedory 5?
>
> regards
> klaus
>
> On Sat, September 9, 2006 13:46, Ferianto siregar said:
> > Dear Klaus,
> >
> > Thank you very much for you kind-hearted to reply my message.
> Thank you
> > very much.
> > Klaus, I still do not understand what you mean .Maybe because I have
> > lack skill in this system.
> > So, yesterday I tried to check file tls_init.c that there is in #
> > openser-1.1.0-tls/tls directory.
> > I found the script that you write below in tls_init.c file . Both of
> > them are same (the script that you write below and the script in
> > tls_ini.c file).
> > So, I am confused, what should I do? What I have to change so TLS can
> > run in my openser?
> > Would you mind giving me explanation, Please..
> >
> > Thank you very much
> >
> > Regards,
> >
> >
> > Ferianto
> >
> > Klaus Darilion wrote:
> > Ferianto siregar wrote:
> >> Dear all,
> >>
> >> I would like to say thanks to all of you for your kind-hearted
> read my
> >> message. Thank you very much.
> >> All, I need you help now.Please..
> >> Now, I tried to build openser with TLS in Fedora Core 5. Before,
> I use
> >> Redhat 9 and the openser installation can be build
> successfully.( I can
> >> make a call with TLS support)
> >> But, Why when I tried to install it in Fedora Core 5, the
> openser can
> >> not run?(there is no pid for openser)
> >> But, When I erase the TLS configuration (TLS script for enable
> the TLS)
> >> in openser.cfg, the openser can run successfully.(There is a pid).
> >> So, in my opinion, the TLS Script in openser.cfg is error.
> >> But, I need this script to make secure openser server (openser
> with TLS
> >> support).
> >>
> >> What should I do? I do hope anybody can give a suggestion.
> Please help
> >> me...Please..
> >
> > Maybe the openssl library is different on fedora. The interesintg
> pieco
> > of code is:
> >
> > #if (OPENSSL_VERSION_NUMBER >= 0x00908000L) &&
> !defined(OPENSSL_NO_COMP)
> > /* disabling compression */
> > LOG(L_ERR, "WARNING:init_tls: disabling compression due ZLIB
> problems\n");
> > comp_methods = SSL_COMP_get_compression_methods();
> > if (comp_methods==0) {
> > LOG(L_ERR, "ERRRO:init_tls: null openssl compression
> > methods\n");
> > return -1;
> > }
> > sk_SSL_COMP_zero(comp_methods);
> > #endif
> >
> > I wonder why it is an error if the comp_methods are zero. Then we
> do not
> > have to disable them.
> >
> > regards
> > klaus
> >
> >
> >>
> >> Thank you very much
> >>
> >> Regards,
> >>
> >>
> >> Ferianto
> >>
> >> Note:
> >> 1. This is the error message that I got when execute, # openser,
> >> command:
> >> 0(8715) DEBUG:socket2str:
> >> 0(8715) DEBUG:socket2str:
> >> 0(8715) DEBUG:socket2str:
> >> Listening on
> >> udp: 202.95.149.251 [202.95.149.251]:5060
> >> tcp: 202.95.149.251 [202.95.149.251]:5060
> >> tls: 202.95.149.251 [202.95.149.251]:5061
> >> Aliases:
> >> tls: sip:5061
> >> tls: sip.pcr.ac.id:5061
> >> tcp: sip:5060
> >> tcp: sip.pcr.ac.id:5060
> >> udp: sip:5060
> >> udp: sip.pcr.ac.id:5060
> >>
> >> 0(8715) fm_malloc_init: F_OPTIMIZE=16384, /ROUNDTO=2048
> >> 0(8715) fm_malloc_init: F_HASH_SIZE=2067, fm_block size=16560
> >> 0(8715) fm_malloc_init(0xb5fbb000, 33554432), start=0xb5fbb000
> >> 0(8715) shm_mem_init: success
> >> 0(8715) init_tcp: using epoll_lt as the io watch method (auto
> detected)
> >> 0(8715) init_tls: Entered
> >> 0(8715) WARNING:init_tls: disabling compression due ZLIB problems
> >> 0(8715) ERRRO:init_tls: null openssl compression methods
> >> 0(8715) could not initialize tls, exiting...
> >> 0(8715) DEBUG: tm_shutdown : start
> >> 0(8715) DEBUG: tm_shutdown : emptying hash table
> >> 0(8715) DEBUG: tm_shutdown : releasing timers
> >> 0(8715) DEBUG: tm_shutdown : removing semaphores
> >> 0(8715) DEBUG: tm_shutdown : destroying tmcb lists
> >> 0(8715) DEBUG: tm_shutdown : done
> >> 0(8715) destroy_tls: Entered
> >> 0(8715) shm_mem_destroy
> >> 0(8715) destroying the shared memory lock
> >>
> >> 2. This is the contain part of openser.cfg
> >>
> >> listen=202.95.149.250
> >> port=5060
> >> children=4
> >> dns=no # (cmd. line: -r)
> >> rev_dns=no # (cmd. line: -R)
> >> fifo="/tmp/openser_fifo"
> >> fifo_db_url="mysql://openser:openserrw@localhost/openser"
> >> fifo_mode=0666
> >> alias="pcr.ac.id"
> >>
> >> # uncomment the following lines for TLS support
> >> disable_tls = 0
> >> listen = tls:202.95.149.250:5061
> >> tls_verify_client = on
> >> tls_require_client_certificate = on
> >> tls_verify_server=on
> >> tls_method = TLSv1
> >> tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
> >> tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
> >> tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
> >>
> >> # ------------------ module loading
> ----------------------------------
> >> # Uncomment this if you want to use SQL database loadmodule
> >> "/usr/local/lib/openser/modules/mysql.so" loadmodule
> >> "/usr/local/lib/openser/modules/sl.so" loadmodule
> >> "/usr/local/lib/openser/modules/tm.so" loadmodule
> >> "/usr/local/lib/openser/modules/rr.so" loadmodule
> >> "/usr/local/lib/openser/modules/maxfwd.so" loadmodule
> >> "/usr/local/lib/openser/modules/usrloc.so" loadmodule
> >> "/usr/local/lib/openser/modules/registrar.so" loadmodule
> >> "/usr/local/lib/openser/modules/auth.so" loadmodule
> >> "/usr/local/lib/openser/modules/auth_db.so" loadmodule
> >> "/usr/local/lib/openser/modules/uri.so" loadmodule
> >> "/usr/local/lib/openser/modules/uri_db.so" loadmodule
> >> "/usr/local/lib/openser/modules/mediaproxy.so" loadmodule
> >> "/usr/local/lib/openser/modules/nathelper.so" loadmodule
> >> "/usr/local/lib/openser/modules/textops.so" loadmodule
> >> "/usr/local/lib/openser/modules/avpops.so" loadmodule
> >> "/usr/local/lib/openser/modules/domain.so" loadmodule
> >> "/usr/local/lib/openser/modules/permissions.so"
> >>
> >>
> ------------------------------------------------------------------------
> >> Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great
> >> rates starting at 1¢/min.
> >>
> >>
> >>
> >>
> >>
> ------------------------------------------------------------------------
> >>
> >> _______________________________________________
> >> Devel mailing list
> >> Devel at openser.org
> >> http://openser.org/cgi-bin/mailman/listinfo/devel
> >>
> >
> >
> >
> >
> > ---------------------------------
> > Stay in the know. Pulse on the new Yahoo.com. Check it out.
>
>
>
> ------------------------------------------------------------------------
> Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great
> rates starting at 1¢/min.
>
---------------------------------
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openser.org/pipermail/devel/attachments/20060912/a493d3af/attachment-0001.html
More information about the Devel
mailing list