[sr-dev] [tracker] Task opened: kamailio tls debug error
Jijo
realjijo at gmail.com
Tue Jul 17 19:54:14 CEST 2012
We have observed this error when using multiple tls connecitons with
openssl version 1.0.0. This is because CRYPTO_set_id_callback() is not
used in tls_init_locks(). The kamailio code has following comment
/* thread id callback: not needed because ser doesn't use thread and
* openssl already uses getpid() (by default)
* CRYPTO_set_id_callback(id_f);
As per the documentation openssl is not using getpid anymore , it is valid
only till 0.9.
the openssl man page says
If the application does not register such a callback using
CRYPTO_THREADID_set_callback(), then a default implementation is used - on
Windows and BeOS this uses the system's default thread identifying APIs,
and on all other platforms it uses the address of errno.
In multi process environment Errno can points to same virtual address. So
we need to use getpid() in CRYPTO_set_id_callback(id_f)
unsigned long id_f()
{
return my_pid();
}
Please read the link below for refrence
http://www.openssl.org/docs/crypto/threads.html
On Thu, Jul 12, 2012 at 9:46 PM, sip-router <bugtracker at sip-router.org>wrote:
> THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
>
> A new Flyspray task has been opened. Details are below.
> User who did this - Shaobin.Feng (saxon_leo)
> Attached to Project - sip-router
> Summary - kamailio tls debug error
> Task Type - Bug Report
> Category - tls
> Status - Unconfirmed
> Assigned To - Operating System - Linux
> Severity - Low
> Priority - Normal
> Reported Version - 3.2
> Due in Version - Undecided
> Due Date - Undecided
> Details - kamailio keeps debuging follows:
> "ERROR: tls [tls_server.c:1174]: TLS accept:error:1408F119:SSL
> routines:SSL3_GET_RECORD:**decryption failed or bad record mac"
>
> Well,I used command (openssl s_client -connect host:port -no_ssl2 -bugs)
> to connect to kamailio, it returns normal.
>
> So, this really confuse me,is there something wrong or not?
>
> Is there any other method can check the tls module works normal or not?
> Any suggestion will be nice.
>
> More information can be found at the following URL:
> http://sip-router.org/tracker/**index.php?do=details&task_id=**245<http://sip-router.org/tracker/index.php?do=details&task_id=245>
>
> You are receiving this message because you have requested it from the
> Flyspray bugtracking system. If you did not expect this message or don't
> want to receive mails in future, you can change your notification settings
> at the URL shown above.
>
> ______________________________**_________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**dev<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20120717/11f8238b/attachment.htm>
More information about the sr-dev
mailing list