Bug#902452: Kamailio TLS module in Debian Stretch is unusable
proposed change to stretch #917880
Bug#902452: Kamailio TLS module in Debian Stretch is unusable
upstream fix included at 4.4.6 https://github.com/kamailio/kamailio/commit/406c02f7b76ada56d6e1f73e763fecb05c1f51c5
Bug#902452: Kamailio TLS module in Debian Stretch is unusable
> kamailio[4041]: INFO: tls [tls_init.c:633]: init_tls_h(): tls: _init_tls_h: compiled with openssl version "OpenSSL 1.1.0f 25 May 2017" (0x1010006f), kerberos support: on, compression: on kamailio[4041]: INFO: tls [tls_init.c:641]: init_tls_h(): tls: init_tls_h: installed openssl library version > "OpenSSL 1.1.0j 20 Nov 2018" (0x101000af), kerberos support: off, zlib compression: off compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/x86_64-linux-gnu/engines-1.1\"" > kamailio[4041]: : tls [tls_init.c:651]: init_tls_h(): ERROR: tls: init_tls_h: openssl compile options mismatch: library has kerberos support disabled and Kamailio tls enabled (unstable configuration) (tls_force_run in kamailio.cfg will override this check) > kamailio[4041]: CRITICAL: [main.c:2592]: main(): could not initialize tls, exiting... > kamailio[4041]: INFO: [sctp_core.c:53]: sctp_core_destroy(): SCTP API not initialized Full error output
Bug#902452: Kamailio TLS module in Debian Stretch is unusable
Thanks for the report, I didn't find the time to investigate but I think this info is relevant here https://github.com/kamailio/kamailio/issues/1050 Will try to look into this in the next few days, Victor Seva
Bug#902452: Kamailio TLS module in Debian Stretch is unusable
Package: kamailio-tls-modules Version: 4.4.4-2+deb9u1 Severity: grave After installation of kamailio-tls-modules package on Debian Stretch and enabling TLS support in kamailio.cfg via #!define WITH_TLS I'm just getting following fatal error (in syslog): Jun 27 00:19:57 pali /usr/sbin/kamailio[15055]: : tls [tls_init.c:651]: init_tls_h(): ERROR: tls: init_tls_h: openssl compile options mismatch: library has kerberos support disabled and Kamailio tls enabled (unstable configuration)#012 (tls_force_run in kamailio.cfg will override this check) Jun 27 00:19:57 pali /usr/sbin/kamailio[15055]: CRITICAL: [main.c:2592]: main(): could not initialize tls, exiting... And kamailio refuse to start. Therefore current version of kamailio-tls-modules package in Debian Stretch is unusable as TLS support which it provides cannot be enabled. It looks like this package needs to be (re)compiled against correct version of openssl with correct configure options or it needs to runtime depends on correct version of openssl libraries. As package currently does not work at all, I'm marking this issue with severity grave. -- Pali Rohár pali.ro...@gmail.com signature.asc Description: PGP signature
