[SR-Users] Unable to enable TLS on Kamailio

Daniel-Constantin Mierla miconda at gmail.com
Thu Dec 14 08:49:00 CET 2017


Hello,

ok, then seems to be the libssl issue.

Cheers,
Daniel

On 13.12.17 19:56, Tomi Hakkarainen wrote:
> Hi,
>
> Yes I tought that also at the beginning and moved that tls loading to
> first. And same configuration works now with 5.1.
>
> ####### Modules Section ########
>
>  
>
> # set paths to location of modules (to sources or installation folders)
> #!ifdef WITH_SRCPATH
> mpath="modules_k:modules"
> #!else
> #mpath="/usr/local/lib/kamailio/modules_k/:/usr/local/lib/kamailio/modules/"
> mpath="/lib64/kamailio/modules/"
> #!endif
>
> #!ifdef WITH_TLS
> loadmodule "tls.so"
> #!endif
>
>  
>
> #!ifdef WITH_MYSQL
> loadmodule "db_mysql.so"
> #!endif
>
> loadmodule "jsonrpcs.so"
> loadmodule "kex.so"
> loadmodule "tm.so"
> loadmodule "tmx.so"
> loadmodule "sl.so"
> loadmodule "rr.so"
> loadmodule "pv.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "siputils.so"
> loadmodule "xlog.so"
> loadmodule "sanity.so"
> loadmodule "ctl.so"
> loadmodule "cfg_rpc.so"
> loadmodule "acc.so"
> loadmodule "dispatcher.so"
>
>  
>
> #!ifdef WITH_AUTH
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> #!ifdef WITH_IPAUTH
> loadmodule "permissions.so"
> #!endif
> #!endif
>
>  
>
> #!ifdef WITH_IPAUTH
> loadmodule "permissions.so"
> #!endif
> #!endif
>
>  
>
> #!ifdef WITH_ALIASDB
> loadmodule "alias_db.so"
> #!endif
>
>  
>
> #!ifdef WITH_SPEEDDIAL
> loadmodule "speeddial.so"
> #!endif
>
>  
>
> #!ifdef WITH_MULTIDOMAIN
> loadmodule "domain.so"
> #!endif
>
>  
>
> #!ifdef WITH_PRESENCE
> loadmodule "presence.so"
> loadmodule "presence_xml.so"
> #!endif
>
>  
>
> #!ifdef WITH_NAT
> loadmodule "nathelper.so"
> loadmodule "rtpproxy.so"
> #!endif
>
>   
>
> #!ifdef WITH_ANTIFLOOD
> loadmodule "htable.so"
> loadmodule "pike.so"
> #!endif
>
>  
>
> #!ifdef WITH_XMLRPC
> loadmodule "xmlrpc.so"
> #!endif
>
>  
>
> #!ifdef WITH_DEBUG
> loadmodule "debugger.so"
> #!endif
>
>  
>
> #!ifdef WITH_ASTERISK
> loadmodule "uac.so"
> #!endif
>
>  
>
>
>
> Regards, Tomi
>
>> On 13 Dec 2017, at 19.50, Daniel-Constantin Mierla <miconda at gmail.com
>> <mailto:miconda at gmail.com>> wrote:
>>
>> Hello,
>>
>> there should be also good openssl 1.0.x versions, maybe the problem
>> was the order of modules. Can you list all loadmodule line from your
>> kamailio.cfg?
>>
>> Cheers,
>> Daniel
>>
>>
>> On 13.12.17 00:20, Tomi Hakkarainen wrote:
>>> Hello,
>>>
>>> I finally got Kamailio to start with TLS.
>>> I tried with multiple openssl versions last with 
>>> openssl version
>>> OpenSSL 1.1.0g  2 Nov 2017
>>>
>>> also updated Kamailio to 5.0.4 from Suse repo's
>>> and had no luck with those two.
>>>
>>> I decided to compile Kamailio 5.1 and with little fling with
>>> database I think I overcame the TLS starting trouble… 
>>> Now it cranshes as it cannot connect to Asterisk DB -> will jack
>>> with that tomorrow.
>>>
>>> Thank you for your guidance as with it I focused on the openssl and
>>> finally have I hope working setup...
>>>
>>> Regards,
>>>  Tomi
>>>
>>>> On 12 Dec 2017, at 10.26, Daniel-Constantin Mierla
>>>> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>>>>
>>>> Hello,
>>>>
>>>> there were some broken versions of openssl that didn't allow
>>>> anymore to set custom memory manager. The only option is to upgrade
>>>> libssl to a version that doesn't expose the issue. If you search on
>>>> kamailio issues tracker on github.com <http://github.com/>, there
>>>> should be one closed about this topic.
>>>>
>>>> Cheers,
>>>> Daniel
>>>>
>>>>
>>>> On 11.12.17 22:20, Tomi Hakkarainen wrote:
>>>>> Hi,
>>>>>   
>>>>> I have problem to enable TLS on just installed Kamailio server 
>>>>> openSUSE 42.3 (x86_64)
>>>>> VERSION = 42.3
>>>>> CODENAME = Malachite
>>>>>
>>>>> version: kamailio 5.0.4 (x86_64/linux) 
>>>>> flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS,
>>>>> DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP,
>>>>> PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY,
>>>>> USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE,
>>>>> USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
>>>>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN
>>>>> 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
>>>>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>>>>> id: unknown 
>>>>> compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
>>>>>
>>>>> I get this on debug log:
>>>>>
>>>>>  0(11336) DEBUG: <core> [core/cfg.y:1642]: yyparse(): loading
>>>>> modules under /usr/lib64/kamailio/modules/
>>>>> loading modules under config path: /usr/lib64/kamailio/modules/
>>>>>  0(11336) DEBUG: <core> [core/cfg.y:1623]: yyparse(): loading
>>>>> module tls.so
>>>>>  0(11336) DEBUG: <core> [core/sr_module.c:575]: load_module():
>>>>> trying to load </usr/lib64/kamailio/modules/tls.so>
>>>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:189]:
>>>>> qm_malloc_init(): qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
>>>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:191]:
>>>>> qm_malloc_init(): qm_malloc_init: QM_HASH_SIZE=2099, qm_block
>>>>> size=235152
>>>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:193]:
>>>>> qm_malloc_init(): qm_malloc_init(0x7f6e001cb000, 67108864),
>>>>> start=0x7f6e001cb000
>>>>>  0(11336) DEBUG: <core> [core/mem/q_malloc.c:202]:
>>>>> qm_malloc_init(): qm_malloc_init: size= 67108864, init_overhead=235256
>>>>>  0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to
>>>>> set the memory allocation functions
>>>>>  0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl
>>>>> current mem functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f:
>>>>> 0x7f6e055b39a0
>>>>>  0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls
>>>>> module is loaded before any other module using libssl (can be
>>>>> loaded first to be safe)
>>>>>  0(11336) ERROR: <core> [core/sr_module.c:607]: load_module():
>>>>> /usr/lib64/kamailio/modules/tls.so: mod_register failed
>>>>>  0(11336) CRITICAL: <core> [core/cfg.y:3411]: yyerror_at(): parse
>>>>> error in config file /etc/kamailio/kamailio.cfg, line 150, column
>>>>> 12-19: failed to load module
>>>>>
>>>>> for resolving have compiled openssl from 1.0.2j-fips to
>>>>>
>>>>> openssl version
>>>>> OpenSSL 1.0.2n  7 Dec 2017
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Is this information enough to see what we are missing 
>>>>> Will provide more info if needed.
>>>>> Any help and suggestions are appreciated.
>>>>>
>>>>> Regards, 
>>>>> T
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing List
>>>>> sr-users at lists.kamailio.org
>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>> -- 
>>>> Daniel-Constantin Mierla
>>>> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>>>> Kamailio Advanced Training - www.asipto.com
>>>> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
>>>
>>
>> -- 
>> Daniel-Constantin Mierla
>> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>> Kamailio Advanced Training - www.asipto.com
>> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
>

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20171214/98429676/attachment.html>


More information about the sr-users mailing list