[SR-Users] Can't start Kamailio with both db_postgres and tls

Daniel-Constantin Mierla miconda at gmail.com
Wed Jan 28 13:57:56 CET 2015 

To conclude this thread -- it was reported that the patches I did to
break the initialization of libssl have solved the issue. Postgres
module connects ok when tls module is loaded. Also, tls connections
seems to work as expected. Patches are for now in master and 4.2
branches (backport to 4.1 also considered).

Cheers,
Daniel

On 09/01/15 18:30, Daniel-Constantin Mierla wrote:
> Do you have a testbed server where I can login and try couple of
> patches? It might be faster to try to get it solved this way ... Or
> maybe someone can make one server available with postgress and you
> configure it there in a similar way -- I am not a postgres user and no
> resourse to setup something new at this moment.
>
> If not, I will try to give some other steps to try to fix it this way,
> just is going to be probably slow ...
>
> Daniel
>
> On 09/01/15 16:02, Øyvind Kolbu wrote:
>> On 07.01.2015 14:27, Daniel-Constantin Mierla wrote:
>>> So it complains that the ssl lib is not initialized completely.
>>>
>>> Can you try the following:
>>>
>>> - edit modules/tls/tls_init.c and add at the beginning of function 'int
>>> init_tls_h(void)':
>>>
>>> if(tls_mod_initialized > 0) return 0;
>>>
>>> - in modules/db_postgres/km_pg_con.c, add:
>>>
>>> #include "../../tls_hooks_init.h"
>>>
>>> - then in same file, before the line you added with PQinitSSL(0); add:
>>>
>>> init_tls();
>>>
>>> Recompile, reinstall, restart and test only with tls module loaded
>>> before the db_postgres.
>>>
>>> Let's see the results and then I will make a proper patch if works.
>>>
>>>
>> Crashed again, this time with core dump. Used the following patch:
>> --- modules/db_postgres/km_pg_con.c.orig        2015-01-09
>> 15:39:02.411067822 +0100
>> +++ modules/db_postgres/km_pg_con.c     2015-01-09 15:40:32.980577115
>> +0100
>> @@ -29,6 +29,7 @@
>>  #include "../../mem/mem.h"
>>  #include "../../dprint.h"
>>  #include "../../ut.h"
>> +#include "../../tls_hooks_init.h"
>>  #include <string.h>
>>  #include <time.h>
>>
>> @@ -74,6 +75,9 @@
>>                         ZSW(id->database));
>>         }
>>
>> +        init_tls();
>> +        PQinitSSL(0);
>> +
>>         ptr->con = PQsetdbLogin(id->host, ports, NULL, NULL,
>> id->database, id->username, id->password);
>>         LM_DBG("PQsetdbLogin(%p)\n", ptr->con);
>>
>> --- modules/tls/tls_init.c.orig 2015-01-09 15:37:16.268298551 +0100
>> +++ modules/tls/tls_init.c      2015-01-09 15:38:31.924559696 +0100
>> @@ -498,6 +498,8 @@
>>         str s;
>>         cfg_ctx_t* cfg_ctx;
>>
>> +        if(tls_mod_initialized > 0) return 0;
>> +
>>  #if OPENSSL_VERSION_NUMBER < 0x00907000L
>>         WARN("You are using an old version of OpenSSL (< 0.9.7).
>> Upgrade!\n");
>>  #endif
>>
>> And got this message:
>> /usr/sbin/kamailio[22789]: INFO: tls [tls_mod.c:346]: mod_init(): With
>> ECDH-Support!
>> /usr/sbin/kamailio[22789]: INFO: tls [tls_mod.c:349]: mod_init(): With
>> Diffie Hellman
>> /usr/sbin/kamailio[22789]: INFO: ldap [ldap_mod.c:246]: mod_init():
>> OpenLDAP - 20439
>> /usr/sbin/kamailio[22789]: INFO: rr [../outbound/api.h:54]:
>> ob_load_api(): Failed to import bind_ob
>> /usr/sbin/kamailio[22789]: INFO: rr [rr_mod.c:159]: mod_init():
>> outbound module not available
>> /usr/sbin/kamailio[22789]: INFO: usrloc [hslot.c:53]: ul_init_locks():
>> locks array size 512
>> /usr/sbin/kamailio[22789]: INFO: tls [tls_init.c:551]: init_tls_h():
>> tls: _init_tls_h:  compiled  with  openssl  version "OpenSSL
>> 1.0.1e-fips 11 Feb 2013" (0x1000105f), kerberos support: on,
>> compression: on [...]
>> /usr/sbin/kamailio[22789]: : <core> [pt.c:164]: get_max_procs(): BUG:
>> get_max_procs() called too early (it must _not_ be called from
>> mod_init())
>>
>> and the following backtrace:
>> #0  0x0000003196e32625 in raise () from /lib64/libc.so.6
>> #1  0x0000003196e33e05 in abort () from /lib64/libc.so.6
>> #2  0x000000000049138f in get_max_procs () at pt.c:165
>> #3  0x00007f8ca8655106 in init_tls_h () at tls_init.c:598
>> #4  0x00000000005372b9 in init_tls () at tls_hooks.c:70
>> #5  0x00007f8c9fffb655 in db_postgres_new_connection (id=0x7f8ca8d7d0b0)
>>     at km_pg_con.c:78
>> #6  0x00007f8c9fbd0eaa in db_do_init2 (url=0x7f8c9ca52cd0,
>>     new_connection=0x7f8c9fffac47 <db_postgres_new_connection>,
>>     pooling=DB_POOLING_PERMITTED) at db.c:320
>> #7  0x00007f8c9fbd06d5 in db_do_init (url=0x7f8c9ca52cd0,
>>     new_connection=0x7f8c9fffac47 <db_postgres_new_connection>) at
>> db.c:273
>> #8  0x00007f8c9fff4bbc in db_postgres_init (_url=0x7f8c9ca52cd0)
>>     at km_dbase.c:133
>> #9  0x00007f8c9c81429f in dlg_connect_db (db_url=0x7f8c9ca52cd0)
>>     at dlg_db_handler.c:132
>> #10 0x00007f8c9c814457 in init_dlg_db (db_url=0x7f8c9ca52cd0,
>>     dlg_hash_size=4096, db_update_period=60, fetch_num_rows=200)
>>     at dlg_db_handler.c:146
>> #11 0x00007f8c9c80c7cd in mod_init () at dialog.c:700
>> #12 0x00000000004f884d in init_mod (m=0x7f8ca88e82d8) at sr_module.c:967
>> #13 0x00000000004f8703 in init_mod (m=0x7f8ca88e8f98) at sr_module.c:964
>> #14 0x00000000004f8703 in init_mod (m=0x7f8ca88e94c0) at sr_module.c:964
>>
>>
>> (gdb) bt full
>> #0  0x0000003196e32625 in raise () from /lib64/libc.so.6
>> No symbol table info available.
>> #1  0x0000003196e33e05 in abort () from /lib64/libc.so.6
>> No symbol table info available.
>> #2  0x000000000049138f in get_max_procs () at pt.c:165
>>         __FUNCTION__ = "get_max_procs"
>> #3  0x00007f8ca8655106 in init_tls_h () at tls_init.c:598
>>         ssl_version = 268439647
>>         lib_kerberos = 1
>>         lib_zlib = 1
>>         kerberos_support = 1
>>         comp_support = 1
>>         lib_cflags = 0x319a1dede0 "compiler: gcc -fPIC -DOPENSSL_PIC
>> -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
>> -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall
>> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fs"...
>>         low_mem_threshold1 = -1
>>         low_mem_threshold2 = -1
>>         tls_grp = {s = 0x7fffcec76560 "\025", len = 0}
>>         s = {s = 0x7f8ca0010660 "db_postgres_new_connection",
>>           len = -1462250968}
>>         cfg_ctx = 0x7f8ca0010378
>>         __FUNCTION__ = "init_tls_h"
>> #4  0x00000000005372b9 in init_tls () at tls_hooks.c:70
>>
>>
>> #5  0x00007f8c9fffb655 in db_postgres_new_connection (id=0x7f8ca8d7d0b0)
>>     at km_pg_con.c:78
>>         ptr = 0x7f8ca8d7d310
>>         ports = 0x0
>>         __FUNCTION__ = "db_postgres_new_connection"
>> #6  0x00007f8c9fbd0eaa in db_do_init2 (url=0x7f8c9ca52cd0,
>>     new_connection=0x7f8c9fffac47 <db_postgres_new_connection>,
>>     pooling=DB_POOLING_PERMITTED) at db.c:320
>>         id = 0x7f8ca8d7d0b0
>>         con = 0x0
>>         res = 0x7f8ca8d7d008
>>         con_size = 24
>>         __FUNCTION__ = "db_do_init2"
>> #7  0x00007f8c9fbd06d5 in db_do_init (url=0x7f8c9ca52cd0,
>>     new_connection=0x7f8c9fffac47 <db_postgres_new_connection>) at
>> db.c:273
>> No locals.
>> #8  0x00007f8c9fff4bbc in db_postgres_init (_url=0x7f8c9ca52cd0)
>>     at km_dbase.c:133
>> No locals.
>> #9  0x00007f8c9c81429f in dlg_connect_db (db_url=0x7f8c9ca52cd0)
>>     at dlg_db_handler.c:132
>>         __FUNCTION__ = "dlg_connect_db"
>>
>>
>> Kept the core in case you need it.
>>

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

More information about the sr-users mailing list