[sr-dev] [tracker] Task opened: kamailio tls debug error

Daniel-Constantin Mierla miconda at gmail.com
Wed Jul 18 19:07:11 CEST 2012 

Hello,

thanks for noticing and reporting that. I just committed the fix, just 
using a different function name.

Cheers,
Daniel

On 7/17/12 7:54 PM, Jijo wrote:
> We have observed this error when using multiple tls connecitons with 
> openssl version 1.0.0.  This is because CRYPTO_set_id_callback() is 
> not used in tls_init_locks(). The kamailio code has following comment
>     /* thread id callback: not needed because ser doesn't use thread and
>      * openssl already uses getpid() (by default)
>      * CRYPTO_set_id_callback(id_f);
>
> As per the documentation openssl is not using getpid anymore , it is 
> valid only till 0.9.
> the openssl man page says
> If the application does not register such a callback using 
> CRYPTO_THREADID_set_callback(), then a default implementation is used 
> - on Windows and BeOS this uses the system's default thread 
> identifying APIs, and on all other platforms it uses the address of errno.
> In multi process environment Errno can points to same virtual address. 
> So we need to use getpid() in CRYPTO_set_id_callback(id_f)
>
> unsigned long id_f()
> {
> return my_pid();
> }
>
> Please read the link below for refrence
> http://www.openssl.org/docs/crypto/threads.html
>
>
> On Thu, Jul 12, 2012 at 9:46 PM, sip-router <bugtracker at sip-router.org 
> <mailto:bugtracker at sip-router.org>> wrote:
>
>     THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
>
>     A new Flyspray task has been opened.  Details are below.
>     User who did this - Shaobin.Feng (saxon_leo)
>     Attached to Project - sip-router
>     Summary - kamailio tls debug error
>     Task Type - Bug Report
>     Category - tls
>     Status - Unconfirmed
>     Assigned To - Operating System - Linux
>     Severity - Low
>     Priority - Normal
>     Reported Version - 3.2
>     Due in Version - Undecided
>     Due Date - Undecided
>     Details - kamailio keeps debuging follows:
>       "ERROR: tls [tls_server.c:1174]: TLS accept:error:1408F119:SSL
>     routines:SSL3_GET_RECORD:decryption failed or bad record mac"
>
>     Well,I used command (openssl s_client -connect host:port -no_ssl2
>     -bugs) to connect to kamailio, it returns normal.
>
>     So, this really confuse me,is there something wrong or not?
>
>     Is there any other method can check the tls module works normal or
>     not? Any suggestion will be nice.
>
>     More information can be found at the following URL:
>     http://sip-router.org/tracker/index.php?do=details&task_id=245
>
>     You are receiving this message because you have requested it from
>     the Flyspray bugtracking system.  If you did not expect this
>     message or don't want to receive mails in future, you can change
>     your notification settings at the URL shown above.
>
>     _______________________________________________
>     sr-dev mailing list
>     sr-dev at lists.sip-router.org <mailto:sr-dev at lists.sip-router.org>
>     http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
>
>
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 - http://asipto.com/u/katu
Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 - http://asipto.com/u/kpw

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20120718/8f782a3c/attachment-0001.htm>

More information about the sr-dev mailing list