[SR-Users] Can't start Kamailio with both db_postgres and tls

Øyvind Kolbu oyvind.kolbu at usit.uio.no
Wed Jan 28 15:16:13 CET 2015 

Great work, thank you!

Best regards,
Øyvind

Den 28.01.2015 13:57, skrev Daniel-Constantin Mierla:
> To conclude this thread -- it was reported that the patches I did to
> break the initialization of libssl have solved the issue. Postgres
> module connects ok when tls module is loaded. Also, tls connections
> seems to work as expected. Patches are for now in master and 4.2
> branches (backport to 4.1 also considered).
>
> Cheers,
> Daniel
>
> On 09/01/15 18:30, Daniel-Constantin Mierla wrote:
>> Do you have a testbed server where I can login and try couple of
>> patches? It might be faster to try to get it solved this way ... Or
>> maybe someone can make one server available with postgress and you
>> configure it there in a similar way -- I am not a postgres user and no
>> resourse to setup something new at this moment.
>>
>> If not, I will try to give some other steps to try to fix it this way,
>> just is going to be probably slow ...
>>
>> Daniel
>>
>> On 09/01/15 16:02, Øyvind Kolbu wrote:
>>> On 07.01.2015 14:27, Daniel-Constantin Mierla wrote:
>>>> So it complains that the ssl lib is not initialized completely.
>>>>
>>>> Can you try the following:
>>>>
>>>> - edit modules/tls/tls_init.c and add at the beginning of function 'int
>>>> init_tls_h(void)':
>>>>
>>>> if(tls_mod_initialized > 0) return 0;
>>>>
>>>> - in modules/db_postgres/km_pg_con.c, add:
>>>>
>>>> #include "../../tls_hooks_init.h"
>>>>
>>>> - then in same file, before the line you added with PQinitSSL(0); add:
>>>>
>>>> init_tls();
>>>>
>>>> Recompile, reinstall, restart and test only with tls module loaded
>>>> before the db_postgres.
>>>>
>>>> Let's see the results and then I will make a proper patch if works.
>>>>
>>>>
>>> Crashed again, this time with core dump. Used the following patch:
>>> --- modules/db_postgres/km_pg_con.c.orig        2015-01-09
>>> 15:39:02.411067822 +0100
>>> +++ modules/db_postgres/km_pg_con.c     2015-01-09 15:40:32.980577115
>>> +0100
>>> @@ -29,6 +29,7 @@
>>>   #include "../../mem/mem.h"
>>>   #include "../../dprint.h"
>>>   #include "../../ut.h"
>>> +#include "../../tls_hooks_init.h"
>>>   #include <string.h>
>>>   #include <time.h>
>>>
>>> @@ -74,6 +75,9 @@
>>>                          ZSW(id->database));
>>>          }
>>>
>>> +        init_tls();
>>> +        PQinitSSL(0);
>>> +
>>>          ptr->con = PQsetdbLogin(id->host, ports, NULL, NULL,
>>> id->database, id->username, id->password);
>>>          LM_DBG("PQsetdbLogin(%p)\n", ptr->con);
>>>
>>> --- modules/tls/tls_init.c.orig 2015-01-09 15:37:16.268298551 +0100
>>> +++ modules/tls/tls_init.c      2015-01-09 15:38:31.924559696 +0100
>>> @@ -498,6 +498,8 @@
>>>          str s;
>>>          cfg_ctx_t* cfg_ctx;
>>>
>>> +        if(tls_mod_initialized > 0) return 0;
>>> +
>>>   #if OPENSSL_VERSION_NUMBER < 0x00907000L
>>>          WARN("You are using an old version of OpenSSL (< 0.9.7).
>>> Upgrade!\n");
>>>   #endif
>>>
>>> And got this message:
>>> /usr/sbin/kamailio[22789]: INFO: tls [tls_mod.c:346]: mod_init(): With
>>> ECDH-Support!
>>> /usr/sbin/kamailio[22789]: INFO: tls [tls_mod.c:349]: mod_init(): With
>>> Diffie Hellman
>>> /usr/sbin/kamailio[22789]: INFO: ldap [ldap_mod.c:246]: mod_init():
>>> OpenLDAP - 20439
>>> /usr/sbin/kamailio[22789]: INFO: rr [../outbound/api.h:54]:
>>> ob_load_api(): Failed to import bind_ob
>>> /usr/sbin/kamailio[22789]: INFO: rr [rr_mod.c:159]: mod_init():
>>> outbound module not available
>>> /usr/sbin/kamailio[22789]: INFO: usrloc [hslot.c:53]: ul_init_locks():
>>> locks array size 512
>>> /usr/sbin/kamailio[22789]: INFO: tls [tls_init.c:551]: init_tls_h():
>>> tls: _init_tls_h:  compiled  with  openssl  version "OpenSSL
>>> 1.0.1e-fips 11 Feb 2013" (0x1000105f), kerberos support: on,
>>> compression: on [...]
>>> /usr/sbin/kamailio[22789]: : <core> [pt.c:164]: get_max_procs(): BUG:
>>> get_max_procs() called too early (it must _not_ be called from
>>> mod_init())
>>>
>>> and the following backtrace:
>>> #0  0x0000003196e32625 in raise () from /lib64/libc.so.6
>>> #1  0x0000003196e33e05 in abort () from /lib64/libc.so.6
>>> #2  0x000000000049138f in get_max_procs () at pt.c:165
>>> #3  0x00007f8ca8655106 in init_tls_h () at tls_init.c:598
>>> #4  0x00000000005372b9 in init_tls () at tls_hooks.c:70
>>> #5  0x00007f8c9fffb655 in db_postgres_new_connection (id=0x7f8ca8d7d0b0)
>>>      at km_pg_con.c:78
>>> #6  0x00007f8c9fbd0eaa in db_do_init2 (url=0x7f8c9ca52cd0,
>>>      new_connection=0x7f8c9fffac47 <db_postgres_new_connection>,
>>>      pooling=DB_POOLING_PERMITTED) at db.c:320
>>> #7  0x00007f8c9fbd06d5 in db_do_init (url=0x7f8c9ca52cd0,
>>>      new_connection=0x7f8c9fffac47 <db_postgres_new_connection>) at
>>> db.c:273
>>> #8  0x00007f8c9fff4bbc in db_postgres_init (_url=0x7f8c9ca52cd0)
>>>      at km_dbase.c:133
>>> #9  0x00007f8c9c81429f in dlg_connect_db (db_url=0x7f8c9ca52cd0)
>>>      at dlg_db_handler.c:132
>>> #10 0x00007f8c9c814457 in init_dlg_db (db_url=0x7f8c9ca52cd0,
>>>      dlg_hash_size=4096, db_update_period=60, fetch_num_rows=200)
>>>      at dlg_db_handler.c:146
>>> #11 0x00007f8c9c80c7cd in mod_init () at dialog.c:700
>>> #12 0x00000000004f884d in init_mod (m=0x7f8ca88e82d8) at sr_module.c:967
>>> #13 0x00000000004f8703 in init_mod (m=0x7f8ca88e8f98) at sr_module.c:964
>>> #14 0x00000000004f8703 in init_mod (m=0x7f8ca88e94c0) at sr_module.c:964
>>>
>>>
>>> (gdb) bt full
>>> #0  0x0000003196e32625 in raise () from /lib64/libc.so.6
>>> No symbol table info available.
>>> #1  0x0000003196e33e05 in abort () from /lib64/libc.so.6
>>> No symbol table info available.
>>> #2  0x000000000049138f in get_max_procs () at pt.c:165
>>>          __FUNCTION__ = "get_max_procs"
>>> #3  0x00007f8ca8655106 in init_tls_h () at tls_init.c:598
>>>          ssl_version = 268439647
>>>          lib_kerberos = 1
>>>          lib_zlib = 1
>>>          kerberos_support = 1
>>>          comp_support = 1
>>>          lib_cflags = 0x319a1dede0 "compiler: gcc -fPIC -DOPENSSL_PIC
>>> -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
>>> -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall
>>> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fs"...
>>>          low_mem_threshold1 = -1
>>>          low_mem_threshold2 = -1
>>>          tls_grp = {s = 0x7fffcec76560 "\025", len = 0}
>>>          s = {s = 0x7f8ca0010660 "db_postgres_new_connection",
>>>            len = -1462250968}
>>>          cfg_ctx = 0x7f8ca0010378
>>>          __FUNCTION__ = "init_tls_h"
>>> #4  0x00000000005372b9 in init_tls () at tls_hooks.c:70
>>>
>>>
>>> #5  0x00007f8c9fffb655 in db_postgres_new_connection (id=0x7f8ca8d7d0b0)
>>>      at km_pg_con.c:78
>>>          ptr = 0x7f8ca8d7d310
>>>          ports = 0x0
>>>          __FUNCTION__ = "db_postgres_new_connection"
>>> #6  0x00007f8c9fbd0eaa in db_do_init2 (url=0x7f8c9ca52cd0,
>>>      new_connection=0x7f8c9fffac47 <db_postgres_new_connection>,
>>>      pooling=DB_POOLING_PERMITTED) at db.c:320
>>>          id = 0x7f8ca8d7d0b0
>>>          con = 0x0
>>>          res = 0x7f8ca8d7d008
>>>          con_size = 24
>>>          __FUNCTION__ = "db_do_init2"
>>> #7  0x00007f8c9fbd06d5 in db_do_init (url=0x7f8c9ca52cd0,
>>>      new_connection=0x7f8c9fffac47 <db_postgres_new_connection>) at
>>> db.c:273
>>> No locals.
>>> #8  0x00007f8c9fff4bbc in db_postgres_init (_url=0x7f8c9ca52cd0)
>>>      at km_dbase.c:133
>>> No locals.
>>> #9  0x00007f8c9c81429f in dlg_connect_db (db_url=0x7f8c9ca52cd0)
>>>      at dlg_db_handler.c:132
>>>          __FUNCTION__ = "dlg_connect_db"
>>>
>>>
>>> Kept the core in case you need it.
>>>

More information about the sr-users mailing list