[sr-dev] [kamailio/kamailio] MySQL connection crash on Ubuntu 18.04 with libmysqlclient using libssl 1.1 (#2360)

Daniel-Constantin Mierla notifications at github.com
Tue Jun 16 10:52:05 CEST 2020 

### Description

Ubuntu 18.04 offers both libssl 1.0 and 1.1, however the -dev packages conflict between them and only one can be installed at a given time. The libmysqlclient-dev (the MySQL project, not MariaDB) requires the libssl1.1-dev, so only this one can be used to compile at the same time db_mysql and tls.

During start up, a few kamailio processes die due to a crash in libmysqlclient, referencing the use of libssl and libcrypto. This happens when connecting over IP sockets to MySQL server, not over local unix file socket (which is done when using `localhost` for db server host).

The solution so far was to add a new modparam opt_ssl_mode to db_mysql to set the SSL mode for the connection, allowing to disable it. Without, the client library attempts always to use SSL/TLS.

A set of commits were pushed recently to db_mysql modules:

  * https://github.com/kamailio/kamailio/commits/master/src/modules/db_mysql

I plan to backport them 5.3 and 5.2 branches, in order to fix the crash and be able to connect to MySQL servers in private network. It proved that the SSL mode options can be set only when MySQL Project libmysqlclient library is used (and maybe only when using the MySQL server, in my case it was MySQL server 5.7.30), the MariaDB client library does not offer these options.

Wondering if anyone else experienced something similar?


### Troubleshooting

#### Reproduction

Kamailio v5.2.7 compiled from sources on Ubuntu 18.04 with db_mysql and tls loaded.

#### Debugging Data

A backtrace looks like:

```
(paste your debugging data here)#0  X509_LOOKUP_ctrl (ctx=0x15328f0b9ac0, cmd=2, argc=0x0, argl=3, ret=0x0) at ../crypto/x509/x509_lu.c:79
#1  0x00001532b24dcc7c in X509_STORE_set_default_paths (ctx=0x15328fed9f18) at ../crypto/x509/x509_d2.c:27
#2  0x00001532b27f2d79 in SSL_CTX_set_default_verify_paths (ctx=<optimized out>) at ../ssl/ssl_lib.c:3991
#3  0x00001532b2ecc364 in new_VioSSLFd (key_file=0x0, cert_file=0x0, ca_file=0x0, ca_path=0x0, cipher=0x0, is_client=is_client at entry=1 '\001', error=0x7ffd8c3a8090,
    crl_file=0x0, crl_path=0x0, ssl_ctx_flags=0) at ./vio/viosslfactories.c:623
#4  0x00001532b2ecc9e3 in new_VioSSLConnectorFd (key_file=<optimized out>, cert_file=<optimized out>, ca_file=<optimized out>, ca_path=<optimized out>, cipher=<optimized out>,
    error=error at entry=0x7ffd8c3a8090, crl_file=0x0, crl_path=0x0, ssl_ctx_flags=0) at ./vio/viosslfactories.c:710
#5  0x00001532b2e9f3f7 in cli_establish_ssl (mysql=0x1532b5abb698) at ./sql-common/client.c:3492
#6  mysql_real_connect (mysql=0x1532b5abb698, host=<optimized out>, user=<optimized out>, passwd=<optimized out>, db=0x1532b5a2e4b0 "enswitch", port=<optimized out>,
    unix_socket=<optimized out>, client_flag=65536) at ./sql-common/client.c:4609
#7  0x00001532b343a0fc in db_mysql_new_connection (id=0x1532b5a2e268) at km_my_con.c:137
#8  0x00001532b4f4dbdf in db_do_init2 (url=0x1532b53bc420 <db_url>, new_connection=0x1532b3438c9b <db_mysql_new_connection>, pooling=DB_POOLING_PERMITTED) at db.c:317
#9  0x00001532b4f4cb65 in db_do_init (url=0x1532b53bc420 <db_url>, new_connection=0x1532b3438c9b <db_mysql_new_connection>) at db.c:270
#10 0x00001532b34301e6 in db_mysql_init (_url=0x1532b53bc420 <db_url>) at km_dbase.c:206
#11 0x00001532b518dedd in child_init (_rank=37) at usrloc_mod.c:435
#12 0x0000559b145fcec0 in init_mod_child (m=0x1532b59cdb08, rank=37) at core/sr_module.c:846
#13 0x0000559b145fcb43 in init_mod_child (m=0x1532b59cdfa8, rank=37) at core/sr_module.c:842```

### Possible Solutions

Patches in master branch for db_mysql module

### Additional Information

  * **Kamailio Version** - output of `kamailio -v`

```
5.2.7
```

* **Operating System**:

```
Ubuntu 18.04 - Linux4.15.0-101-generic #102-Ubuntu SMP Mon May 11 10:07:26 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
```


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2360
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20200616/e76c052c/attachment-0001.html>

More information about the sr-dev mailing list