[SR-Users] Trouble initializing TLS on Fedora 23

Anthony Messina amessina at messinet.com
Sat Apr 2 08:05:30 CEST 2016 

On Tuesday, January 05, 2016 07:32:32 PM Daniel-Constantin Mierla wrote:
> Hello,
> 
> On 02/01/16 03:11, Anthony Messina wrote:
> > On Friday, January 01, 2016 04:43:56 PM Bruce Ferrell wrote:
> >> On 01/01/2016 03:34 PM, Anthony Messina wrote:
> >>> Happy New Year!
> >>> 
> >>> I've just upgraded my Kamailio (build from master at c7e411e) instance to
> >>> Fedora  23 from Fedora 22.  I've built the packages specifically for
> >>> Fedora 23 with the following current sources:
> >>> 
> >>> openssl-1.0.2e-3.fc23.x86_64
> >>> openssl-libs-1.0.2e-3.fc23.x86_64
> >>> 
> >>> openssl version reports...
> >>> OpenSSL 1.0.2e-fips 3 Dec 2015
> >>> 
> >>> Even so, the following error occurs.  It seems like Kamailio having
> >>> trouble  detecting that I'm using running with the same version that I
> >>> have installed, and the same version that I have compiled against.
> >>> 
> >>> tls [tls_init.c:557]: init_tls_h(): ERROR: tls: init_tls_h: installed
> >>> openssl  library version is too different from the library the Kamailio
> >>> tls module was compiled with: installed "OpenSSL 1.0.0-fips 29 Mar 2010"
> >>> (0x10000003), compiled "OpenSSL 1.0.2d-fips 9 Jul 2015" (0x1000204f).
> >>> 
> >>>                                                       Please make sure a
> >>> 
> >>> compatible version is used (tls_force_run in kamailio.cfg will override
> >>> this  check)
> >>> 
> >>> 
> >>> 
> >>> CRITICAL: <core> [main.c:2558]: main(): could not initialize tls,
> >>> exiting...
> >>> 
> >>> Any pointers?  -A
> >> 
> >> Anthony,
> >> 
> >> When you did the build, it found another openssl on the system.  for
> >> starts, I'd try ldd on the Kamailio binaries/libraries.  Make sure you
> >> don't have any from previous builds hanging around... I've been bit by
> >> that more than once
> > 
> > Thanks Bruce. The strange thing is that I build the RPMs in a Koji/Mock
> > instance which should yield a clean buildroot for each build. I'll
> > continue
> > digging further. -A
> 
> the issue is that the lib on target system is different than the lib on
> built system. Are you using same OS for building as for the target machine?
> 
> Cheers,
> Daniel

I had filed a bug upstream with Fedora 
https://bugzilla.redhat.com/show_bug.cgi?id=1301301 which eventually helped me 
to find that the Makefile for Kamailio's TLS module is using:

LIBS += $(shell pkg-config libssl --libs)

which only returns '-lssl':

# pkg-config libssl --libs
-lssl

It seems that in order for the version detection to work properly, it also 
needs '-lcrypto'

Perhaps the TLS module Makefile might need to add libcrypto just as the CRYPTO 
module Makefile does:
https://github.com/kamailio/kamailio/blob/master/modules/crypto/Makefile

-A

-- 
Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160402/646796e8/attachment.sig>

More information about the sr-users mailing list