[SR-Users] Unable to enable TLS on Kamailio

Daniel-Constantin Mierla miconda at gmail.com
Wed Dec 13 18:50:25 CET 2017


Hello,

there should be also good openssl 1.0.x versions, maybe the problem was
the order of modules. Can you list all loadmodule line from your
kamailio.cfg?

Cheers,
Daniel


On 13.12.17 00:20, Tomi Hakkarainen wrote:
> Hello,
>
> I finally got Kamailio to start with TLS.
> I tried with multiple openssl versions last with 
> openssl version
> OpenSSL 1.1.0g  2 Nov 2017
>
> also updated Kamailio to 5.0.4 from Suse repo's
> and had no luck with those two.
>
> I decided to compile Kamailio 5.1 and with little fling with database
> I think I overcame the TLS starting trouble… 
> Now it cranshes as it cannot connect to Asterisk DB -> will jack with
> that tomorrow.
>
> Thank you for your guidance as with it I focused on the openssl and
> finally have I hope working setup...
>
> Regards,
>  Tomi
>
>> On 12 Dec 2017, at 10.26, Daniel-Constantin Mierla <miconda at gmail.com
>> <mailto:miconda at gmail.com>> wrote:
>>
>> Hello,
>>
>> there were some broken versions of openssl that didn't allow anymore
>> to set custom memory manager. The only option is to upgrade libssl to
>> a version that doesn't expose the issue. If you search on kamailio
>> issues tracker on github.com <http://github.com>, there should be one
>> closed about this topic.
>>
>> Cheers,
>> Daniel
>>
>>
>> On 11.12.17 22:20, Tomi Hakkarainen wrote:
>>> Hi,
>>>   
>>> I have problem to enable TLS on just installed Kamailio server 
>>> openSUSE 42.3 (x86_64)
>>> VERSION = 42.3
>>> CODENAME = Malachite
>>>
>>> version: kamailio 5.0.4 (x86_64/linux) 
>>> flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS,
>>> DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP,
>>> PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY,
>>> USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER,
>>> USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
>>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN
>>> 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
>>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>>> id: unknown 
>>> compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
>>>
>>> I get this on debug log:
>>>
>>>  0(11336) DEBUG: <core> [core/cfg.y:1642]: yyparse(): loading
>>> modules under /usr/lib64/kamailio/modules/
>>> loading modules under config path: /usr/lib64/kamailio/modules/
>>>  0(11336) DEBUG: <core> [core/cfg.y:1623]: yyparse(): loading module
>>> tls.so
>>>  0(11336) DEBUG: <core> [core/sr_module.c:575]: load_module():
>>> trying to load </usr/lib64/kamailio/modules/tls.so>
>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:189]: qm_malloc_init():
>>> qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:191]: qm_malloc_init():
>>> qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=235152
>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:193]: qm_malloc_init():
>>> qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb000
>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:202]: qm_malloc_init():
>>> qm_malloc_init: size= 67108864, init_overhead=235256
>>>  0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set
>>> the memory allocation functions
>>>  0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl
>>> current mem functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f:
>>> 0x7f6e055b39a0
>>>  0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls
>>> module is loaded before any other module using libssl (can be loaded
>>> first to be safe)
>>>  0(11336) ERROR: <core> [core/sr_module.c:607]: load_module():
>>> /usr/lib64/kamailio/modules/tls.so: mod_register failed
>>>  0(11336) CRITICAL: <core> [core/cfg.y:3411]: yyerror_at(): parse
>>> error in config file /etc/kamailio/kamailio.cfg, line 150, column
>>> 12-19: failed to load module
>>>
>>> for resolving have compiled openssl from 1.0.2j-fips to
>>>
>>> openssl version
>>> OpenSSL 1.0.2n  7 Dec 2017
>>>
>>>
>>>
>>>
>>> Is this information enough to see what we are missing 
>>> Will provide more info if needed.
>>> Any help and suggestions are appreciated.
>>>
>>> Regards, 
>>> T
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>> -- 
>> Daniel-Constantin Mierla
>> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>> Kamailio Advanced Training - www.asipto.com
>> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
>

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20171213/d6396da6/attachment.html>


More information about the sr-users mailing list