[SR-Users] Unable to enable TLS on Kamailio

Tomi Hakkarainen tpaivaa at gmail.com
Wed Dec 13 00:20:12 CET 2017 

Hello,

I finally got Kamailio to start with TLS.
I tried with multiple openssl versions last with 
openssl version
OpenSSL 1.1.0g  2 Nov 2017

also updated Kamailio to 5.0.4 from Suse repo's
and had no luck with those two.

I decided to compile Kamailio 5.1 and with little fling with database I think I overcame the TLS starting troubleā€¦ 
Now it cranshes as it cannot connect to Asterisk DB -> will jack with that tomorrow.

Thank you for your guidance as with it I focused on the openssl and finally have I hope working setup...

Regards,
 Tomi

> On 12 Dec 2017, at 10.26, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
> 
> Hello,
> 
> there were some broken versions of openssl that didn't allow anymore to set custom memory manager. The only option is to upgrade libssl to a version that doesn't expose the issue. If you search on kamailio issues tracker on github.com, there should be one closed about this topic.
> 
> Cheers,
> Daniel
> 
> On 11.12.17 22:20, Tomi Hakkarainen wrote:
>> Hi,
>>   
>> I have problem to enable TLS on just installed Kamailio server 
>> openSUSE 42.3 (x86_64)
>> VERSION = 42.3
>> CODENAME = Malachite
>> 
>> version: kamailio 5.0.4 (x86_64/linux) 
>> flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>> id: unknown 
>> compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
>> 
>> I get this on debug log:
>> 
>>  0(11336) DEBUG: <core> [core/cfg.y:1642]: yyparse(): loading modules under /usr/lib64/kamailio/modules/
>> loading modules under config path: /usr/lib64/kamailio/modules/
>>  0(11336) DEBUG: <core> [core/cfg.y:1623]: yyparse(): loading module tls.so
>>  0(11336) DEBUG: <core> [core/sr_module.c:575]: load_module(): trying to load </usr/lib64/kamailio/modules/tls.so>
>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:189]: qm_malloc_init(): qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:191]: qm_malloc_init(): qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=235152
>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:193]: qm_malloc_init(): qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb000
>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:202]: qm_malloc_init(): qm_malloc_init: size= 67108864, init_overhead=235256
>>  0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set the memory allocation functions
>>  0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl current mem functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f: 0x7f6e055b39a0
>>  0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls module is loaded before any other module using libssl (can be loaded first to be safe)
>>  0(11336) ERROR: <core> [core/sr_module.c:607]: load_module(): /usr/lib64/kamailio/modules/tls.so: mod_register failed
>>  0(11336) CRITICAL: <core> [core/cfg.y:3411]: yyerror_at(): parse error in config file /etc/kamailio/kamailio.cfg, line 150, column 12-19: failed to load module
>> 
>> for resolving have compiled openssl from 1.0.2j-fips to
>> 
>> openssl version
>> OpenSSL 1.0.2n  7 Dec 2017
>> 
>> 
>> 
>> 
>> Is this information enough to see what we are missing 
>> Will provide more info if needed.
>> Any help and suggestions are appreciated.
>> 
>> Regards, 
>> T
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> 
> -- 
> Daniel-Constantin Mierla
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
> Kamailio Advanced Training - www.asipto.com <http://www.asipto.com/>
> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com <http://www.kamailioworld.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20171213/5584fc25/attachment.html>

More information about the sr-users mailing list