[SR-Users] Unable to enable TLS on Kamailio

Tomi Hakkarainen tpaivaa at gmail.com
Wed Dec 13 21:41:06 CET 2017 

Hi,

Do you see something wrong by using that 1.1.0g version ?
or just astonished it did not work with those 1.0.x  versions...

I’m not so familiar with Suse and its perks in here -> would prefer debian/Ubuntu myself but this was handed to me so I have to live with it for now… unless.

If needed I could test downgrading opnessl but did not yet find how it could be done :)  sorry

ps. I'm very pleased and happy for your involvement in this. So warm welcome to Kamailio world, thank you..

Tomi

> On 13 Dec 2017, at 19.50, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
> 
> Hello,
> 
> there should be also good openssl 1.0.x versions, maybe the problem was the order of modules. Can you list all loadmodule line from your kamailio.cfg?
> 
> Cheers,
> Daniel
> 
> On 13.12.17 00:20, Tomi Hakkarainen wrote:
>> Hello,
>> 
>> I finally got Kamailio to start with TLS.
>> I tried with multiple openssl versions last with 
>> openssl version
>> OpenSSL 1.1.0g  2 Nov 2017
>> 
>> also updated Kamailio to 5.0.4 from Suse repo's
>> and had no luck with those two.
>> 
>> I decided to compile Kamailio 5.1 and with little fling with database I think I overcame the TLS starting trouble… 
>> Now it cranshes as it cannot connect to Asterisk DB -> will jack with that tomorrow.
>> 
>> Thank you for your guidance as with it I focused on the openssl and finally have I hope working setup...
>> 
>> Regards,
>>  Tomi
>> 
>>> On 12 Dec 2017, at 10.26, Daniel-Constantin Mierla <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>>> 
>>> Hello,
>>> 
>>> there were some broken versions of openssl that didn't allow anymore to set custom memory manager. The only option is to upgrade libssl to a version that doesn't expose the issue. If you search on kamailio issues tracker on github.com <http://github.com/>, there should be one closed about this topic.
>>> 
>>> Cheers,
>>> Daniel
>>> 
>>> On 11.12.17 22:20, Tomi Hakkarainen wrote:
>>>> Hi,
>>>>   
>>>> I have problem to enable TLS on just installed Kamailio server 
>>>> openSUSE 42.3 (x86_64)
>>>> VERSION = 42.3
>>>> CODENAME = Malachite
>>>> 
>>>> version: kamailio 5.0.4 (x86_64/linux) 
>>>> flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
>>>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
>>>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>>>> id: unknown 
>>>> compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
>>>> 
>>>> I get this on debug log:
>>>> 
>>>>  0(11336) DEBUG: <core> [core/cfg.y:1642]: yyparse(): loading modules under /usr/lib64/kamailio/modules/
>>>> loading modules under config path: /usr/lib64/kamailio/modules/
>>>>  0(11336) DEBUG: <core> [core/cfg.y:1623]: yyparse(): loading module tls.so
>>>>  0(11336) DEBUG: <core> [core/sr_module.c:575]: load_module(): trying to load </usr/lib64/kamailio/modules/tls.so>
>>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:189]: qm_malloc_init(): qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
>>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:191]: qm_malloc_init(): qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=235152
>>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:193]: qm_malloc_init(): qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb000
>>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:202]: qm_malloc_init(): qm_malloc_init: size= 67108864, init_overhead=235256
>>>>  0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set the memory allocation functions
>>>>  0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl current mem functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f: 0x7f6e055b39a0
>>>>  0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls module is loaded before any other module using libssl (can be loaded first to be safe)
>>>>  0(11336) ERROR: <core> [core/sr_module.c:607]: load_module(): /usr/lib64/kamailio/modules/tls.so: mod_register failed
>>>>  0(11336) CRITICAL: <core> [core/cfg.y:3411]: yyerror_at(): parse error in config file /etc/kamailio/kamailio.cfg, line 150, column 12-19: failed to load module
>>>> 
>>>> for resolving have compiled openssl from 1.0.2j-fips to
>>>> 
>>>> openssl version
>>>> OpenSSL 1.0.2n  7 Dec 2017
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Is this information enough to see what we are missing 
>>>> Will provide more info if needed.
>>>> Any help and suggestions are appreciated.
>>>> 
>>>> Regards, 
>>>> T
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>>> 
>>> -- 
>>> Daniel-Constantin Mierla
>>> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>>> Kamailio Advanced Training - www.asipto.com <http://www.asipto.com/>
>>> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com <http://www.kamailioworld.com/>
> 
> -- 
> Daniel-Constantin Mierla
> www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
> Kamailio Advanced Training - www.asipto.com <http://www.asipto.com/>
> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com <http://www.kamailioworld.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20171213/a930b72d/attachment.html>

More information about the sr-users mailing list