[SR-Users] Trouble initializing TLS on Fedora 23

Anthony Messina amessina at messinet.com
Mon Jan 11 12:57:03 CET 2016


On Wednesday, January 06, 2016 02:54:42 PM Daniel-Constantin Mierla wrote:
> On 06/01/16 13:57, Anthony Messina wrote:
> > On Tuesday, January 05, 2016 07:32:32 PM Daniel-Constantin Mierla wrote:
> >> Hello,
> >> 
> >> On 02/01/16 03:11, Anthony Messina wrote:
> >>> On Friday, January 01, 2016 04:43:56 PM Bruce Ferrell wrote:
> >>>> On 01/01/2016 03:34 PM, Anthony Messina wrote:
> >>>>> Happy New Year!
> >>>>> 
> >>>>> I've just upgraded my Kamailio (build from master at c7e411e) instance to
> >>>>> Fedora  23 from Fedora 22.  I've built the packages specifically for
> >>>>> Fedora 23 with the following current sources:
> >>>>> 
> >>>>> openssl-1.0.2e-3.fc23.x86_64
> >>>>> openssl-libs-1.0.2e-3.fc23.x86_64
> >>>>> 
> >>>>> openssl version reports...
> >>>>> OpenSSL 1.0.2e-fips 3 Dec 2015
> >>>>> 
> >>>>> Even so, the following error occurs.  It seems like Kamailio having
> >>>>> trouble  detecting that I'm using running with the same version that I
> >>>>> have installed, and the same version that I have compiled against.
> >>>>> 
> >>>>> tls [tls_init.c:557]: init_tls_h(): ERROR: tls: init_tls_h: installed
> >>>>> openssl  library version is too different from the library the
> >>>>> Kamailio
> >>>>> tls module was compiled with: installed "OpenSSL 1.0.0-fips 29 Mar
> >>>>> 2010"
> >>>>> (0x10000003), compiled "OpenSSL 1.0.2d-fips 9 Jul 2015" (0x1000204f).
> >>>>> 
> >>>>>                                                       Please make sure
> >>>>>                                                       a
> >>>>> 
> >>>>> compatible version is used (tls_force_run in kamailio.cfg will
> >>>>> override
> >>>>> this  check)
> >>>>> 
> >>>>> 
> >>>>> 
> >>>>> CRITICAL: <core> [main.c:2558]: main(): could not initialize tls,
> >>>>> exiting...
> >>>>> 
> >>>>> Any pointers?  -A
> >>>> 
> >>>> Anthony,
> >>>> 
> >>>> When you did the build, it found another openssl on the system.  for
> >>>> starts, I'd try ldd on the Kamailio binaries/libraries.  Make sure you
> >>>> don't have any from previous builds hanging around... I've been bit by
> >>>> that more than once
> >>> 
> >>> Thanks Bruce. The strange thing is that I build the RPMs in a Koji/Mock
> >>> instance which should yield a clean buildroot for each build. I'll
> >>> continue
> >>> digging further. -A
> >> 
> >> the issue is that the lib on target system is different than the lib on
> >> built system. Are you using same OS for building as for the target
> >> machine?
> >> 
> >> Cheers,
> >> Daniel
> > 
> > Yes, the build system and the target system are both F23, where the
> > packages are built in a koji/mock chroot.  I have also installed the same
> > RPMs on a separate freshly installed (rather than an upgraded) F23 system
> > and have found the same results, though I haven't had time to dig further
> > yet.  For now I have "tls_force_run" enabled until I can dig further.  -A
> 
> If you search the repository for F23, are both packages with different
> versions for libssl provided?
> 
> Maybe there are other packages that require different versions of libssl
> which are installed as dependencies.
> 
> Cheers,
> Daniel

Well, I cannot find any other version of openssl libs in either the build 
system or the target host after some digging.  However, I'll be replacing my 
build system (with F23) in the near future--hopefully that'll clean up 
whatever cruft is causing this issue.  Thanks for the pointers gentlemen.  -A

-- 
Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160111/14d53a15/attachment.sig>


More information about the sr-users mailing list