[sr-dev] [kamailio/kamailio] tls: detection of kerberos support for openssl at runtime (#1050)

Victor Seva notifications at github.com
Fri Mar 31 12:17:47 CEST 2017 

It was reported https://github.com/kamailio/kamailio/issues/662#issuecomment-261920382 but I think is not related to that issue, so opening another one.

>From https://buildd.debian.org/status/fetch.php?pkg=openssl&arch=amd64&ver=1.1.0e-1&stamp=1487270769&raw=0
```
Configuring OpenSSL version 1.1.0e (0x1010005fL)
no-asan [default] OPENSSL_NO_ASAN
no-crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG
no-crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
no-dynamic-engine [forced]
no-egd [default] OPENSSL_NO_EGD
no-fuzz-afl [default] OPENSSL_NO_FUZZ_AFL
no-fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER
no-heartbeats [default] OPENSSL_NO_HEARTBEATS
no-idea [option] OPENSSL_NO_IDEA (skip dir)
no-md2 [default] OPENSSL_NO_MD2 (skip dir)
no-mdc2 [option] OPENSSL_NO_MDC2 (skip dir)
no-msan [default] OPENSSL_NO_MSAN
no-rc5 [option] OPENSSL_NO_RC5 (skip dir)
no-sctp [default] OPENSSL_NO_SCTP
no-shared [option]
no-ssl-trace [default] OPENSSL_NO_SSL_TRACE
no-ssl3 [option(ssl3-method)] OPENSSL_NO_SSL3
no-ssl3-method [option] OPENSSL_NO_SSL3_METHOD
no-ubsan [default] OPENSSL_NO_UBSAN
no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS
no-zlib [option]
no-zlib-dynamic [default]
Configuring for debian-amd64
```
so openssl 1.1.0e has kerberos support

but trying to start kamailio 4.4.4-2 (from Debian stretch) with TLS enabled
```
Mar 31 09:05:14 router /usr/sbin/kamailio[4375]: INFO: tls [tls_mod.c:368]: mod_init(): With Diffie Hellman
Mar 31 09:05:14 router /usr/sbin/kamailio[4375]: INFO: tls [tls_init.c:633]: init_tls_h(): tls: _init_tls_h:  compiled  with  openssl  version "OpenSSL 1.1.0d  26 Jan 2017" (0x10100
04f), kerberos support: on, compression: on
Mar 31 09:05:14 router /usr/sbin/kamailio[4375]: INFO: tls [tls_init.c:641]: init_tls_h(): tls: init_tls_h: installed openssl library version "OpenSSL 1.1.0e  16 Feb 2017" (0x101000
5f), kerberos support: off,  zlib compression: off
                                                  compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -D
OPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ25
6_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/x86_64-linux-gnu/engines-1.1\""
Mar 31 09:05:14 router /usr/sbin/kamailio[4375]: : tls [tls_init.c:651]: init_tls_h(): ERROR: tls: init_tls_h: openssl compile options mismatch: library has kerberos support
 disabled and Kamailio tls enabled (unstable configuration)
                                                  (tls_force_run in kamailio.cfg will override this check)
Mar 31 09:05:14 router /usr/sbin/kamailio[4375]: CRITICAL: <core> [main.c:2592]: main(): could not initialize tls, exiting...
```

A rebuild version with the same openssl version doesn't help

```
Mar 31 11:20:41 spce lb[17194]: INFO: tls [tls_init.c:633]: init_tls_h(): tls: _init_tls_h:  compiled  with  openssl  version "OpenSSL 1.1.0e  16 Feb 2017" (0x1010005f), kerberos support: on, compression: on
Mar 31 11:20:41 spce lb[17194]: INFO: tls [tls_init.c:641]: init_tls_h(): tls: init_tls_h: installed openssl library version "OpenSSL 1.1.0e  16 Feb 2017" (0x1010005f), kerberos support: off,  zlib compression: off#012 compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/x86_64-linux-gnu/engines-1.1\"" 
Mar 31 11:20:41 spce lb[17194]: : tls [tls_init.c:651]: init_tls_h(): ERROR: tls: init_tls_h: openssl compile options mismatch: library has kerberos support disabled and Kamailio tls enabled (unstable configuration)#012 (tls_force_run in kamailio.cfg will override this check)
Mar 31 11:20:41 spce lb[17194]: CRITICAL: <core> [main.c:2592]: main(): could not initialize tls, exiting...
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1050
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20170331/96cd0f55/attachment.html>

More information about the sr-dev mailing list