[sr-dev] [tracker] Task opened: kamailio tls debug error
Daniel-Constantin Mierla
miconda at gmail.com
Wed Jul 18 19:07:11 CEST 2012
Hello,
thanks for noticing and reporting that. I just committed the fix, just
using a different function name.
Cheers,
Daniel
On 7/17/12 7:54 PM, Jijo wrote:
> We have observed this error when using multiple tls connecitons with
> openssl version 1.0.0. This is because CRYPTO_set_id_callback() is
> not used in tls_init_locks(). The kamailio code has following comment
> /* thread id callback: not needed because ser doesn't use thread and
> * openssl already uses getpid() (by default)
> * CRYPTO_set_id_callback(id_f);
>
> As per the documentation openssl is not using getpid anymore , it is
> valid only till 0.9.
> the openssl man page says
> If the application does not register such a callback using
> CRYPTO_THREADID_set_callback(), then a default implementation is used
> - on Windows and BeOS this uses the system's default thread
> identifying APIs, and on all other platforms it uses the address of errno.
> In multi process environment Errno can points to same virtual address.
> So we need to use getpid() in CRYPTO_set_id_callback(id_f)
>
> unsigned long id_f()
> {
> return my_pid();
> }
>
> Please read the link below for refrence
> http://www.openssl.org/docs/crypto/threads.html
>
>
> On Thu, Jul 12, 2012 at 9:46 PM, sip-router <bugtracker at sip-router.org
> <mailto:bugtracker at sip-router.org>> wrote:
>
> THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
>
> A new Flyspray task has been opened. Details are below.
> User who did this - Shaobin.Feng (saxon_leo)
> Attached to Project - sip-router
> Summary - kamailio tls debug error
> Task Type - Bug Report
> Category - tls
> Status - Unconfirmed
> Assigned To - Operating System - Linux
> Severity - Low
> Priority - Normal
> Reported Version - 3.2
> Due in Version - Undecided
> Due Date - Undecided
> Details - kamailio keeps debuging follows:
> "ERROR: tls [tls_server.c:1174]: TLS accept:error:1408F119:SSL
> routines:SSL3_GET_RECORD:decryption failed or bad record mac"
>
> Well,I used command (openssl s_client -connect host:port -no_ssl2
> -bugs) to connect to kamailio, it returns normal.
>
> So, this really confuse me,is there something wrong or not?
>
> Is there any other method can check the tls module works normal or
> not? Any suggestion will be nice.
>
> More information can be found at the following URL:
> http://sip-router.org/tracker/index.php?do=details&task_id=245
>
> You are receiving this message because you have requested it from
> the Flyspray bugtracking system. If you did not expect this
> message or don't want to receive mails in future, you can change
> your notification settings at the URL shown above.
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org <mailto:sr-dev at lists.sip-router.org>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
>
>
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 - http://asipto.com/u/katu
Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 - http://asipto.com/u/kpw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20120718/8f782a3c/attachment-0001.htm>
More information about the sr-dev
mailing list