subject:"\[SR\-Users\] Unable to enable TLS on Kamailio"

Re: [SR-Users] Unable to enable TLS on Kamailio

2017-12-13 Thread Daniel-Constantin Mierla

Hello,

libssl 1.1.x should be better and there is nothing wrong using it. I
expected that not so many 1.0.x versions were affected by the issue.

The packages for suse were built because of opensuse build system, but
not sure if anyone were using them in the past to be sure that they work
properly.

Cheers,
Daniel

On 13.12.17 21:41, Tomi Hakkarainen wrote:
> Hi,
>
> Do you see something wrong by using that 1.1.0g version ?
> or just astonished it did not work with those 1.0.x  versions...
>
> I’m not so familiar with Suse and its perks in here -> would prefer
> debian/Ubuntu myself but this was handed to me so I have to live with
> it for now… unless.
>
> If needed I could test downgrading opnessl but did not yet find how it
> could be done :)  sorry
>
> ps. I'm very pleased and happy for your involvement in this. So warm
> welcome to Kamailio world, thank you..
>
> Tomi
>
>> On 13 Dec 2017, at 19.50, Daniel-Constantin Mierla > > wrote:
>>
>> Hello,
>>
>> there should be also good openssl 1.0.x versions, maybe the problem
>> was the order of modules. Can you list all loadmodule line from your
>> kamailio.cfg?
>>
>> Cheers,
>> Daniel
>>
>>
>> On 13.12.17 00:20, Tomi Hakkarainen wrote:
>>> Hello,
>>>
>>> I finally got Kamailio to start with TLS.
>>> I tried with multiple openssl versions last with 
>>> openssl version
>>> OpenSSL 1.1.0g  2 Nov 2017
>>>
>>> also updated Kamailio to 5.0.4 from Suse repo's
>>> and had no luck with those two.
>>>
>>> I decided to compile Kamailio 5.1 and with little fling with
>>> database I think I overcame the TLS starting trouble… 
>>> Now it cranshes as it cannot connect to Asterisk DB -> will jack
>>> with that tomorrow.
>>>
>>> Thank you for your guidance as with it I focused on the openssl and
>>> finally have I hope working setup...
>>>
>>> Regards,
>>>  Tomi
>>>
 On 12 Dec 2017, at 10.26, Daniel-Constantin Mierla
 > wrote:

 Hello,

 there were some broken versions of openssl that didn't allow
 anymore to set custom memory manager. The only option is to upgrade
 libssl to a version that doesn't expose the issue. If you search on
 kamailio issues tracker on github.com , there
 should be one closed about this topic.

 Cheers,
 Daniel


 On 11.12.17 22:20, Tomi Hakkarainen wrote:
> Hi,
>   
> I have problem to enable TLS on just installed Kamailio server 
> openSUSE 42.3 (x86_64)
> VERSION = 42.3
> CODENAME = Malachite
>
> version: kamailio 5.0.4 (x86_64/linux) 
> flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS,
> DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP,
> PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY,
> USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE,
> USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN
> 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
> id: unknown 
> compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
>
> I get this on debug log:
>
>  0(11336) DEBUG:  [core/cfg.y:1642]: yyparse(): loading
> modules under /usr/lib64/kamailio/modules/
> loading modules under config path: /usr/lib64/kamailio/modules/
>  0(11336) DEBUG:  [core/cfg.y:1623]: yyparse(): loading
> module tls.so
>  0(11336) DEBUG:  [core/sr_module.c:575]: load_module():
> trying to load 
>  0(11336) DEBUG:  [core/mem/q_malloc.c:189]:
> qm_malloc_init(): qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
>  0(11336) DEBUG:  [core/mem/q_malloc.c:191]:
> qm_malloc_init(): qm_malloc_init: QM_HASH_SIZE=2099, qm_block
> size=235152
>  0(11336) DEBUG:  [core/mem/q_malloc.c:193]:
> qm_malloc_init(): qm_malloc_init(0x7f6e001cb000, 67108864),
> start=0x7f6e001cb000
>  0(11336) DEBUG:  [core/mem/q_malloc.c:202]:
> qm_malloc_init(): qm_malloc_init: size= 67108864, init_overhead=235256
>  0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to
> set the memory allocation functions
>  0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl
> current mem functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f:
> 0x7f6e055b39a0
>  0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls
> module is loaded before any other module using libssl (can be
> loaded first to be safe)
>  0(11336) ERROR:  [core/sr_module.c:607]: load_module():
> /usr/lib64/kamailio/modules/tls.so: mod_register failed
>  0(11336) CRITICAL:  [core/cfg.y:3411]: yyerror_at(): parse
> error in config file /etc/kamailio/kamailio.cfg, line 150, column
> 12-19: failed to load module
>
> for resolving have compiled openssl from 1.0.2j-fips to
>
>

Re: [SR-Users] Unable to enable TLS on Kamailio

2017-12-13 Thread Daniel-Constantin Mierla

Hello,

ok, then seems to be the libssl issue.

Cheers,
Daniel

On 13.12.17 19:56, Tomi Hakkarainen wrote:
> Hi,
>
> Yes I tought that also at the beginning and moved that tls loading to
> first. And same configuration works now with 5.1.
>
> ### Modules Section 
>
>  
>
> # set paths to location of modules (to sources or installation folders)
> #!ifdef WITH_SRCPATH
> mpath="modules_k:modules"
> #!else
> #mpath="/usr/local/lib/kamailio/modules_k/:/usr/local/lib/kamailio/modules/"
> mpath="/lib64/kamailio/modules/"
> #!endif
>
> #!ifdef WITH_TLS
> loadmodule "tls.so"
> #!endif
>
>  
>
> #!ifdef WITH_MYSQL
> loadmodule "db_mysql.so"
> #!endif
>
> loadmodule "jsonrpcs.so"
> loadmodule "kex.so"
> loadmodule "tm.so"
> loadmodule "tmx.so"
> loadmodule "sl.so"
> loadmodule "rr.so"
> loadmodule "pv.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "siputils.so"
> loadmodule "xlog.so"
> loadmodule "sanity.so"
> loadmodule "ctl.so"
> loadmodule "cfg_rpc.so"
> loadmodule "acc.so"
> loadmodule "dispatcher.so"
>
>  
>
> #!ifdef WITH_AUTH
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> #!ifdef WITH_IPAUTH
> loadmodule "permissions.so"
> #!endif
> #!endif
>
>  
>
> #!ifdef WITH_IPAUTH
> loadmodule "permissions.so"
> #!endif
> #!endif
>
>  
>
> #!ifdef WITH_ALIASDB
> loadmodule "alias_db.so"
> #!endif
>
>  
>
> #!ifdef WITH_SPEEDDIAL
> loadmodule "speeddial.so"
> #!endif
>
>  
>
> #!ifdef WITH_MULTIDOMAIN
> loadmodule "domain.so"
> #!endif
>
>  
>
> #!ifdef WITH_PRESENCE
> loadmodule "presence.so"
> loadmodule "presence_xml.so"
> #!endif
>
>  
>
> #!ifdef WITH_NAT
> loadmodule "nathelper.so"
> loadmodule "rtpproxy.so"
> #!endif
>
>   
>
> #!ifdef WITH_ANTIFLOOD
> loadmodule "htable.so"
> loadmodule "pike.so"
> #!endif
>
>  
>
> #!ifdef WITH_XMLRPC
> loadmodule "xmlrpc.so"
> #!endif
>
>  
>
> #!ifdef WITH_DEBUG
> loadmodule "debugger.so"
> #!endif
>
>  
>
> #!ifdef WITH_ASTERISK
> loadmodule "uac.so"
> #!endif
>
>  
>
>
>
> Regards, Tomi
>
>> On 13 Dec 2017, at 19.50, Daniel-Constantin Mierla > > wrote:
>>
>> Hello,
>>
>> there should be also good openssl 1.0.x versions, maybe the problem
>> was the order of modules. Can you list all loadmodule line from your
>> kamailio.cfg?
>>
>> Cheers,
>> Daniel
>>
>>
>> On 13.12.17 00:20, Tomi Hakkarainen wrote:
>>> Hello,
>>>
>>> I finally got Kamailio to start with TLS.
>>> I tried with multiple openssl versions last with 
>>> openssl version
>>> OpenSSL 1.1.0g  2 Nov 2017
>>>
>>> also updated Kamailio to 5.0.4 from Suse repo's
>>> and had no luck with those two.
>>>
>>> I decided to compile Kamailio 5.1 and with little fling with
>>> database I think I overcame the TLS starting trouble… 
>>> Now it cranshes as it cannot connect to Asterisk DB -> will jack
>>> with that tomorrow.
>>>
>>> Thank you for your guidance as with it I focused on the openssl and
>>> finally have I hope working setup...
>>>
>>> Regards,
>>>  Tomi
>>>
 On 12 Dec 2017, at 10.26, Daniel-Constantin Mierla
 > wrote:

 Hello,

 there were some broken versions of openssl that didn't allow
 anymore to set custom memory manager. The only option is to upgrade
 libssl to a version that doesn't expose the issue. If you search on
 kamailio issues tracker on github.com , there
 should be one closed about this topic.

 Cheers,
 Daniel


 On 11.12.17 22:20, Tomi Hakkarainen wrote:
> Hi,
>   
> I have problem to enable TLS on just installed Kamailio server 
> openSUSE 42.3 (x86_64)
> VERSION = 42.3
> CODENAME = Malachite
>
> version: kamailio 5.0.4 (x86_64/linux) 
> flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS,
> DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP,
> PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY,
> USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE,
> USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN
> 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
> id: unknown 
> compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
>
> I get this on debug log:
>
>  0(11336) DEBUG:  [core/cfg.y:1642]: yyparse(): loading
> modules under /usr/lib64/kamailio/modules/
> loading modules under config path: /usr/lib64/kamailio/modules/
>  0(11336) DEBUG:  [core/cfg.y:1623]: yyparse(): loading
> module tls.so
>  0(11336) DEBUG:  [core/sr_module.c:575]: load_module():
> trying to load 
>  0(11336) DEBUG:  [core/mem/q_malloc.c:189]:
> qm_malloc_init(): qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
>  0(11336) DEBUG:  [core/mem/q_malloc.c:191]:
> qm_malloc_init():

Re: [SR-Users] Unable to enable TLS on Kamailio

2017-12-13 Thread Tomi Hakkarainen

Hi,

Do you see something wrong by using that 1.1.0g version ?
or just astonished it did not work with those 1.0.x  versions...

I’m not so familiar with Suse and its perks in here -> would prefer 
debian/Ubuntu myself but this was handed to me so I have to live with it for 
now… unless.

If needed I could test downgrading opnessl but did not yet find how it could be 
done :)  sorry

ps. I'm very pleased and happy for your involvement in this. So warm welcome to 
Kamailio world, thank you..

Tomi

> On 13 Dec 2017, at 19.50, Daniel-Constantin Mierla  wrote:
> 
> Hello,
> 
> there should be also good openssl 1.0.x versions, maybe the problem was the 
> order of modules. Can you list all loadmodule line from your kamailio.cfg?
> 
> Cheers,
> Daniel
> 
> On 13.12.17 00:20, Tomi Hakkarainen wrote:
>> Hello,
>> 
>> I finally got Kamailio to start with TLS.
>> I tried with multiple openssl versions last with 
>> openssl version
>> OpenSSL 1.1.0g  2 Nov 2017
>> 
>> also updated Kamailio to 5.0.4 from Suse repo's
>> and had no luck with those two.
>> 
>> I decided to compile Kamailio 5.1 and with little fling with database I 
>> think I overcame the TLS starting trouble… 
>> Now it cranshes as it cannot connect to Asterisk DB -> will jack with that 
>> tomorrow.
>> 
>> Thank you for your guidance as with it I focused on the openssl and finally 
>> have I hope working setup...
>> 
>> Regards,
>>  Tomi
>> 
>>> On 12 Dec 2017, at 10.26, Daniel-Constantin Mierla >> > wrote:
>>> 
>>> Hello,
>>> 
>>> there were some broken versions of openssl that didn't allow anymore to set 
>>> custom memory manager. The only option is to upgrade libssl to a version 
>>> that doesn't expose the issue. If you search on kamailio issues tracker on 
>>> github.com , there should be one closed about this 
>>> topic.
>>> 
>>> Cheers,
>>> Daniel
>>> 
>>> On 11.12.17 22:20, Tomi Hakkarainen wrote:
 Hi,
   
 I have problem to enable TLS on just installed Kamailio server 
 openSUSE 42.3 (x86_64)
 VERSION = 42.3
 CODENAME = Malachite
 
 version: kamailio 5.0.4 (x86_64/linux) 
 flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, 
 USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, 
 TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, 
 USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, 
 HAVE_RESOLV_RES
 ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
 id: unknown 
 compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
 
 I get this on debug log:
 
  0(11336) DEBUG:  [core/cfg.y:1642]: yyparse(): loading modules 
 under /usr/lib64/kamailio/modules/
 loading modules under config path: /usr/lib64/kamailio/modules/
  0(11336) DEBUG:  [core/cfg.y:1623]: yyparse(): loading module tls.so
  0(11336) DEBUG:  [core/sr_module.c:575]: load_module(): trying to 
 load 
  0(11336) DEBUG:  [core/mem/q_malloc.c:189]: qm_malloc_init(): 
 qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
  0(11336) DEBUG:  [core/mem/q_malloc.c:191]: qm_malloc_init(): 
 qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=235152
  0(11336) DEBUG:  [core/mem/q_malloc.c:193]: qm_malloc_init(): 
 qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb000
  0(11336) DEBUG:  [core/mem/q_malloc.c:202]: qm_malloc_init(): 
 qm_malloc_init: size= 67108864, init_overhead=235256
  0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set the 
 memory allocation functions
  0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl current mem 
 functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f: 0x7f6e055b39a0
  0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls module 
 is loaded before any other module using libssl (can be loaded first to be 
 safe)
  0(11336) ERROR:  [core/sr_module.c:607]: load_module(): 
 /usr/lib64/kamailio/modules/tls.so: mod_register failed
  0(11336) CRITICAL:  [core/cfg.y:3411]: yyerror_at(): parse error in 
 config file /etc/kamailio/kamailio.cfg, line 150, column 12-19: failed to 
 load module
 
 for resolving have compiled openssl from 1.0.2j-fips to
 
 openssl version
 OpenSSL 1.0.2n  7 Dec 2017
 
 
 
 
 Is this information enough to see what we are missing 
 Will provide more info if needed.
 Any help and suggestions are appreciated.
 
 Regards, 
 T
 
 
 
 
 
 
 
 
 
 
 
 
 ___
 Kamailio (SER) - Users Mailing List
 sr-users@lists.kamailio.org

Re: [SR-Users] Unable to enable TLS on Kamailio

2017-12-13 Thread Tomi Hakkarainen

Hi,

Yes I tought that also at the beginning and moved that tls loading to first. 
And same configuration works now with 5.1.

### Modules Section 
 
# set paths to location of modules (to sources or installation folders)
#!ifdef WITH_SRCPATH
mpath="modules_k:modules"
#!else
#mpath="/usr/local/lib/kamailio/modules_k/:/usr/local/lib/kamailio/modules/"
mpath="/lib64/kamailio/modules/"
#!endif

#!ifdef WITH_TLS
loadmodule "tls.so"
#!endif
 
#!ifdef WITH_MYSQL
loadmodule "db_mysql.so"
#!endif

loadmodule "jsonrpcs.so"
loadmodule "kex.so"
loadmodule "tm.so"
loadmodule "tmx.so"
loadmodule "sl.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "ctl.so"
loadmodule "cfg_rpc.so"
loadmodule "acc.so"
loadmodule "dispatcher.so"
 
#!ifdef WITH_AUTH
loadmodule "auth.so"
loadmodule "auth_db.so"
#!ifdef WITH_IPAUTH
loadmodule "permissions.so"
#!endif
#!endif
 
#!ifdef WITH_IPAUTH
loadmodule "permissions.so"
#!endif
#!endif
 
#!ifdef WITH_ALIASDB
loadmodule "alias_db.so"
#!endif
 
#!ifdef WITH_SPEEDDIAL
loadmodule "speeddial.so"
#!endif
 
#!ifdef WITH_MULTIDOMAIN
loadmodule "domain.so"
#!endif
 
#!ifdef WITH_PRESENCE
loadmodule "presence.so"
loadmodule "presence_xml.so"
#!endif
 
#!ifdef WITH_NAT
loadmodule "nathelper.so"
loadmodule "rtpproxy.so"
#!endif
  
#!ifdef WITH_ANTIFLOOD
loadmodule "htable.so"
loadmodule "pike.so"
#!endif
 
#!ifdef WITH_XMLRPC
loadmodule "xmlrpc.so"
#!endif
 
#!ifdef WITH_DEBUG
loadmodule "debugger.so"
#!endif
 
#!ifdef WITH_ASTERISK
loadmodule "uac.so"
#!endif
 


Regards, Tomi

> On 13 Dec 2017, at 19.50, Daniel-Constantin Mierla  wrote:
> 
> Hello,
> 
> there should be also good openssl 1.0.x versions, maybe the problem was the 
> order of modules. Can you list all loadmodule line from your kamailio.cfg?
> 
> Cheers,
> Daniel
> 
> On 13.12.17 00:20, Tomi Hakkarainen wrote:
>> Hello,
>> 
>> I finally got Kamailio to start with TLS.
>> I tried with multiple openssl versions last with 
>> openssl version
>> OpenSSL 1.1.0g  2 Nov 2017
>> 
>> also updated Kamailio to 5.0.4 from Suse repo's
>> and had no luck with those two.
>> 
>> I decided to compile Kamailio 5.1 and with little fling with database I 
>> think I overcame the TLS starting trouble… 
>> Now it cranshes as it cannot connect to Asterisk DB -> will jack with that 
>> tomorrow.
>> 
>> Thank you for your guidance as with it I focused on the openssl and finally 
>> have I hope working setup...
>> 
>> Regards,
>>  Tomi
>> 
>>> On 12 Dec 2017, at 10.26, Daniel-Constantin Mierla >> > wrote:
>>> 
>>> Hello,
>>> 
>>> there were some broken versions of openssl that didn't allow anymore to set 
>>> custom memory manager. The only option is to upgrade libssl to a version 
>>> that doesn't expose the issue. If you search on kamailio issues tracker on 
>>> github.com , there should be one closed about this 
>>> topic.
>>> 
>>> Cheers,
>>> Daniel
>>> 
>>> On 11.12.17 22:20, Tomi Hakkarainen wrote:
 Hi,
   
 I have problem to enable TLS on just installed Kamailio server 
 openSUSE 42.3 (x86_64)
 VERSION = 42.3
 CODENAME = Malachite
 
 version: kamailio 5.0.4 (x86_64/linux) 
 flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, 
 USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, 
 TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, 
 USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, 
 HAVE_RESOLV_RES
 ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
 id: unknown 
 compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
 
 I get this on debug log:
 
  0(11336) DEBUG:  [core/cfg.y:1642]: yyparse(): loading modules 
 under /usr/lib64/kamailio/modules/
 loading modules under config path: /usr/lib64/kamailio/modules/
  0(11336) DEBUG:  [core/cfg.y:1623]: yyparse(): loading module tls.so
  0(11336) DEBUG:  [core/sr_module.c:575]: load_module(): trying to 
 load 
  0(11336) DEBUG:  [core/mem/q_malloc.c:189]: qm_malloc_init(): 
 qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
  0(11336) DEBUG:  [core/mem/q_malloc.c:191]: qm_malloc_init(): 
 qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=235152
  0(11336) DEBUG:  [core/mem/q_malloc.c:193]: qm_malloc_init(): 
 qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb000
  0(11336) DEBUG:  [core/mem/q_malloc.c:202]: qm_malloc_init(): 
 qm_malloc_init: size= 67108864, init_overhead=235256
  0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set the 
 memory allocation functions

Re: [SR-Users] Unable to enable TLS on Kamailio

2017-12-13 Thread Daniel-Constantin Mierla

Hello,

there should be also good openssl 1.0.x versions, maybe the problem was
the order of modules. Can you list all loadmodule line from your
kamailio.cfg?

Cheers,
Daniel


On 13.12.17 00:20, Tomi Hakkarainen wrote:
> Hello,
>
> I finally got Kamailio to start with TLS.
> I tried with multiple openssl versions last with 
> openssl version
> OpenSSL 1.1.0g  2 Nov 2017
>
> also updated Kamailio to 5.0.4 from Suse repo's
> and had no luck with those two.
>
> I decided to compile Kamailio 5.1 and with little fling with database
> I think I overcame the TLS starting trouble… 
> Now it cranshes as it cannot connect to Asterisk DB -> will jack with
> that tomorrow.
>
> Thank you for your guidance as with it I focused on the openssl and
> finally have I hope working setup...
>
> Regards,
>  Tomi
>
>> On 12 Dec 2017, at 10.26, Daniel-Constantin Mierla > > wrote:
>>
>> Hello,
>>
>> there were some broken versions of openssl that didn't allow anymore
>> to set custom memory manager. The only option is to upgrade libssl to
>> a version that doesn't expose the issue. If you search on kamailio
>> issues tracker on github.com , there should be one
>> closed about this topic.
>>
>> Cheers,
>> Daniel
>>
>>
>> On 11.12.17 22:20, Tomi Hakkarainen wrote:
>>> Hi,
>>>   
>>> I have problem to enable TLS on just installed Kamailio server 
>>> openSUSE 42.3 (x86_64)
>>> VERSION = 42.3
>>> CODENAME = Malachite
>>>
>>> version: kamailio 5.0.4 (x86_64/linux) 
>>> flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS,
>>> DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP,
>>> PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY,
>>> USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER,
>>> USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
>>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN
>>> 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
>>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>>> id: unknown 
>>> compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
>>>
>>> I get this on debug log:
>>>
>>>  0(11336) DEBUG:  [core/cfg.y:1642]: yyparse(): loading
>>> modules under /usr/lib64/kamailio/modules/
>>> loading modules under config path: /usr/lib64/kamailio/modules/
>>>  0(11336) DEBUG:  [core/cfg.y:1623]: yyparse(): loading module
>>> tls.so
>>>  0(11336) DEBUG:  [core/sr_module.c:575]: load_module():
>>> trying to load 
>>>  0(11336) DEBUG:  [core/mem/q_malloc.c:189]: qm_malloc_init():
>>> qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
>>>  0(11336) DEBUG:  [core/mem/q_malloc.c:191]: qm_malloc_init():
>>> qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=235152
>>>  0(11336) DEBUG:  [core/mem/q_malloc.c:193]: qm_malloc_init():
>>> qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb000
>>>  0(11336) DEBUG:  [core/mem/q_malloc.c:202]: qm_malloc_init():
>>> qm_malloc_init: size= 67108864, init_overhead=235256
>>>  0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set
>>> the memory allocation functions
>>>  0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl
>>> current mem functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f:
>>> 0x7f6e055b39a0
>>>  0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls
>>> module is loaded before any other module using libssl (can be loaded
>>> first to be safe)
>>>  0(11336) ERROR:  [core/sr_module.c:607]: load_module():
>>> /usr/lib64/kamailio/modules/tls.so: mod_register failed
>>>  0(11336) CRITICAL:  [core/cfg.y:3411]: yyerror_at(): parse
>>> error in config file /etc/kamailio/kamailio.cfg, line 150, column
>>> 12-19: failed to load module
>>>
>>> for resolving have compiled openssl from 1.0.2j-fips to
>>>
>>> openssl version
>>> OpenSSL 1.0.2n  7 Dec 2017
>>>
>>>
>>>
>>>
>>> Is this information enough to see what we are missing 
>>> Will provide more info if needed.
>>> Any help and suggestions are appreciated.
>>>
>>> Regards, 
>>> T
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ___
>>> Kamailio (SER) - Users Mailing List
>>> sr-users@lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>> -- 
>> Daniel-Constantin Mierla
>> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>> Kamailio Advanced Training - www.asipto.com
>> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
>

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Unable to enable TLS on Kamailio

2017-12-12 Thread Tomi Hakkarainen

Hello,

I finally got Kamailio to start with TLS.
I tried with multiple openssl versions last with 
openssl version
OpenSSL 1.1.0g  2 Nov 2017

also updated Kamailio to 5.0.4 from Suse repo's
and had no luck with those two.

I decided to compile Kamailio 5.1 and with little fling with database I think I 
overcame the TLS starting trouble… 
Now it cranshes as it cannot connect to Asterisk DB -> will jack with that 
tomorrow.

Thank you for your guidance as with it I focused on the openssl and finally 
have I hope working setup...

Regards,
 Tomi

> On 12 Dec 2017, at 10.26, Daniel-Constantin Mierla  wrote:
> 
> Hello,
> 
> there were some broken versions of openssl that didn't allow anymore to set 
> custom memory manager. The only option is to upgrade libssl to a version that 
> doesn't expose the issue. If you search on kamailio issues tracker on 
> github.com, there should be one closed about this topic.
> 
> Cheers,
> Daniel
> 
> On 11.12.17 22:20, Tomi Hakkarainen wrote:
>> Hi,
>>   
>> I have problem to enable TLS on just installed Kamailio server 
>> openSUSE 42.3 (x86_64)
>> VERSION = 42.3
>> CODENAME = Malachite
>> 
>> version: kamailio 5.0.4 (x86_64/linux) 
>> flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, 
>> USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, 
>> TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, 
>> USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, 
>> HAVE_RESOLV_RES
>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
>> MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>> id: unknown 
>> compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
>> 
>> I get this on debug log:
>> 
>>  0(11336) DEBUG:  [core/cfg.y:1642]: yyparse(): loading modules under 
>> /usr/lib64/kamailio/modules/
>> loading modules under config path: /usr/lib64/kamailio/modules/
>>  0(11336) DEBUG:  [core/cfg.y:1623]: yyparse(): loading module tls.so
>>  0(11336) DEBUG:  [core/sr_module.c:575]: load_module(): trying to 
>> load 
>>  0(11336) DEBUG:  [core/mem/q_malloc.c:189]: qm_malloc_init(): 
>> qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
>>  0(11336) DEBUG:  [core/mem/q_malloc.c:191]: qm_malloc_init(): 
>> qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=235152
>>  0(11336) DEBUG:  [core/mem/q_malloc.c:193]: qm_malloc_init(): 
>> qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb000
>>  0(11336) DEBUG:  [core/mem/q_malloc.c:202]: qm_malloc_init(): 
>> qm_malloc_init: size= 67108864, init_overhead=235256
>>  0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set the 
>> memory allocation functions
>>  0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl current mem 
>> functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f: 0x7f6e055b39a0
>>  0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls module is 
>> loaded before any other module using libssl (can be loaded first to be safe)
>>  0(11336) ERROR:  [core/sr_module.c:607]: load_module(): 
>> /usr/lib64/kamailio/modules/tls.so: mod_register failed
>>  0(11336) CRITICAL:  [core/cfg.y:3411]: yyerror_at(): parse error in 
>> config file /etc/kamailio/kamailio.cfg, line 150, column 12-19: failed to 
>> load module
>> 
>> for resolving have compiled openssl from 1.0.2j-fips to
>> 
>> openssl version
>> OpenSSL 1.0.2n  7 Dec 2017
>> 
>> 
>> 
>> 
>> Is this information enough to see what we are missing 
>> Will provide more info if needed.
>> Any help and suggestions are appreciated.
>> 
>> Regards, 
>> T
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> ___
>> Kamailio (SER) - Users Mailing List
>> sr-users@lists.kamailio.org 
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users 
>> 
> 
> -- 
> Daniel-Constantin Mierla
> www.twitter.com/miconda  -- 
> www.linkedin.com/in/miconda 
> Kamailio Advanced Training - www.asipto.com 
> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com 
> 
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Unable to enable TLS on Kamailio

2017-12-12 Thread Daniel-Constantin Mierla

Can you actually explain better what is the relation between your
message and the issue discussed on this email thread? Maybe I didn't get
it right, but the bug that didn't allow setting a memory manager has
nothing to do with how good or bad a memory manager implementation is
from security and safety points of view. Your suggestion to use jemalloc
or whatever else memory manager is not possible in that version of
libssl, because that version simply doesn't allow setting a memory manager.

The bug was fixed in libssl, but some distros distributed the broken
version, that's the reason it is required to use an older or newer
version than the affected ones.

Cheers,
Daniel

On 12.12.17 18:01, otron2...@gmail.com wrote:
>
> Broken is in the eyes of the beholder:  well designed cryptographic
> code wants to ensure that information (keys, cleartext) doesn't leak
> via unsanitized memory (there are many ways, both within and beyond
> calling programs); the easy and more foolproof way to do that for the
> cryptography programmer is often to use a memory manager that takes
> care of that, such as jemalloc (with appropriate configuration
> parameters).
>
> If you make security representations (and the certificate is
> reasonably construed to make a security representation) you shouldn't
> bypass this unless you verify that you prevent all possible
> information leaks. 
>
> From armslength, you might just try to use jemalloc as kamailio's mm
> library, but even there it would be necessary to be really careful
> about kamailio freeing sensitive memory immediately after
> use--everywhere that happens.   That's why it's probably easier to
> just let a properly implemented crypto library do what it's designed
> to do. 
>
>
> Sent from Samsung Mobile
>
>
>
>  Original message 
> From: Daniel-Constantin Mierla <mico...@gmail.com>
> Date: 12/12/2017 2:26 AM (GMT-06:00)
> To: "Kamailio (SER) - Users Mailing List"
> <sr-users@lists.kamailio.org>,Tomi Hakkarainen <tpai...@gmail.com>
> Subject: Re: [SR-Users] Unable to enable TLS on Kamailio
>
>
> Hello,
>
> there were some broken versions of openssl that didn't allow anymore
> to set custom memory manager. The only option is to upgrade libssl to
> a version that doesn't expose the issue. If you search on kamailio
> issues tracker on gihub.com, there should be one closed about this topic.
>
> Cheers,
> Daniel
>
>
> On 11.12.17 22:20, Tomi Hakkarainen wrote:
>> Hi,
>>   
>> I have problem to enable TLS on just installed Kamailio server 
>> openSUSE 42.3 (x86_64)
>> VERSION = 42.3
>> CODENAME = Malachite
>>
>> version: kamailio 5.0.4 (x86_64/linux) 
>> flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS,
>> DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC,
>> Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX,
>> FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
>> USE_DST_BLACKLIST, HAVE_RESOLV_RES
>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
>> MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>> id: unknown 
>> compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
>>
>> I get this on debug log:
>>
>>  0(11336) DEBUG:  [core/cfg.y:1642]: yyparse(): loading modules
>> under /usr/lib64/kamailio/modules/
>> loading modules under config path: /usr/lib64/kamailio/modules/
>>  0(11336) DEBUG:  [core/cfg.y:1623]: yyparse(): loading module
>> tls.so
>>  0(11336) DEBUG:  [core/sr_module.c:575]: load_module(): trying
>> to load 
>>  0(11336) DEBUG:  [core/mem/q_malloc.c:189]: qm_malloc_init():
>> qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
>>  0(11336) DEBUG:  [core/mem/q_malloc.c:191]: qm_malloc_init():
>> qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=235152
>>  0(11336) DEBUG:  [core/mem/q_malloc.c:193]: qm_malloc_init():
>> qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb000
>>  0(11336) DEBUG:  [core/mem/q_malloc.c:202]: qm_malloc_init():
>> qm_malloc_init: size= 67108864, init_overhead=235256
>>  0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set
>> the memory allocation functions
>>  0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl current
>> mem functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f: 0x7f6e055b39a0
>>  0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls
>> module is loaded before any other module using libssl (can be loaded
>> first to be safe)
>>  0(11336) ERROR:  [core/sr_module.c:607]: load_module():
>> /usr/lib64/

Re: [SR-Users] Unable to enable TLS on Kamailio

2017-12-12 Thread otron2...@gmail.com


Broken is in the eyes of the beholder:  well designed cryptographic code wants 
to ensure that information (keys, cleartext) doesn't leak via unsanitized 
memory (there are many ways, both within and beyond calling programs); the easy 
and more foolproof way to do that for the cryptography programmer is often to 
use a memory manager that takes care of that, such as jemalloc (with 
appropriate configuration parameters).

If you make security representations (and the certificate is reasonably 
construed to make a security representation) you shouldn't bypass this unless 
you verify that you prevent all possible information leaks. 

From armslength, you might just try to use jemalloc as kamailio's mm library, 
but even there it would be necessary to be really careful about kamailio 
freeing sensitive memory immediately after use--everywhere that happens.   
That's why it's probably easier to just let a properly implemented crypto 
library do what it's designed to do. 


Sent from Samsung Mobile

 Original message 
From: Daniel-Constantin Mierla <mico...@gmail.com> 
Date: 12/12/2017  2:26 AM  (GMT-06:00) 
To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org>,Tomi 
Hakkarainen <tpai...@gmail.com> 
Subject: Re: [SR-Users] Unable to enable TLS on Kamailio 
 
Hello,

there were some broken versions of openssl that didn't allow anymore to set 
custom memory manager. The only option is to upgrade libssl to a version that 
doesn't expose the issue. If you search on kamailio issues tracker on 
gihub.com, there should be one closed about this topic.

Cheers,
Daniel

On 11.12.17 22:20, Tomi Hakkarainen wrote:
Hi,
  
I have problem to enable TLS on just installed Kamailio server 
openSUSE 42.3 (x86_64)
VERSION = 42.3
CODENAME = Malachite

version: kamailio 5.0.4 (x86_64/linux) 
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, 
USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, 
TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX,   FAST_LOCK-ADAPTIVE_WAIT, 
USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown 
compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5

I get this on debug log:

 0(11336) DEBUG:  [core/cfg.y:1642]: yyparse(): loading modules   
under /usr/lib64/kamailio/modules/
loading modules under config path: /usr/lib64/kamailio/modules/
 0(11336) DEBUG:  [core/cfg.y:1623]: yyparse(): loading module tls.so
 0(11336) DEBUG:  [core/sr_module.c:575]: load_module(): trying to load 

 0(11336) DEBUG:  [core/mem/q_malloc.c:189]: qm_malloc_init(): 
qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
 0(11336) DEBUG:  [core/mem/q_malloc.c:191]: qm_malloc_init(): 
qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=235152
 0(11336) DEBUG:  [core/mem/q_malloc.c:193]: qm_malloc_init(): 
qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb000
 0(11336) DEBUG:  [core/mem/q_malloc.c:202]: qm_malloc_init(): 
qm_malloc_init: size= 67108864, init_overhead=235256
 0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set the memory 
allocation functions
 0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl current mem 
functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f: 0x7f6e055b39a0
 0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls module is 
loaded before any other module using libssl (can be loaded first to be safe)
 0(11336) ERROR:  [core/sr_module.c:607]: load_module():   
/usr/lib64/kamailio/modules/tls.so: mod_register failed
 0(11336) CRITICAL:  [core/cfg.y:3411]: yyerror_at(): parse error in 
config file /etc/kamailio/kamailio.cfg, line 150, column 12-19: 
failed to load module

for resolving have compiled openssl from 1.0.2j-fips to

openssl version
OpenSSL 1.0.2n  7 Dec 2017




Is this information enough to see what we are missing 
Will provide more info if needed.
Any help and suggestions are appreciated.

Regards, 
T












___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Unable to enable TLS on Kamailio

2017-12-12 Thread Daniel-Constantin Mierla

Hello,

there were some broken versions of openssl that didn't allow anymore to
set custom memory manager. The only option is to upgrade libssl to a
version that doesn't expose the issue. If you search on kamailio issues
tracker on gihub.com, there should be one closed about this topic.

Cheers,
Daniel


On 11.12.17 22:20, Tomi Hakkarainen wrote:
> Hi,
>   
> I have problem to enable TLS on just installed Kamailio server 
> openSUSE 42.3 (x86_64)
> VERSION = 42.3
> CODENAME = Malachite
>
> version: kamailio 5.0.4 (x86_64/linux) 
> flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS,
> DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC,
> Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX,
> FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
> USE_DST_BLACKLIST, HAVE_RESOLV_RES
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
> MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
> id: unknown 
> compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5
>
> I get this on debug log:
>
>  0(11336) DEBUG:  [core/cfg.y:1642]: yyparse(): loading modules
> under /usr/lib64/kamailio/modules/
> loading modules under config path: /usr/lib64/kamailio/modules/
>  0(11336) DEBUG:  [core/cfg.y:1623]: yyparse(): loading module
> tls.so
>  0(11336) DEBUG:  [core/sr_module.c:575]: load_module(): trying
> to load 
>  0(11336) DEBUG:  [core/mem/q_malloc.c:189]: qm_malloc_init():
> qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
>  0(11336) DEBUG:  [core/mem/q_malloc.c:191]: qm_malloc_init():
> qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=235152
>  0(11336) DEBUG:  [core/mem/q_malloc.c:193]: qm_malloc_init():
> qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb000
>  0(11336) DEBUG:  [core/mem/q_malloc.c:202]: qm_malloc_init():
> qm_malloc_init: size= 67108864, init_overhead=235256
>  0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set
> the memory allocation functions
>  0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl current
> mem functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f: 0x7f6e055b39a0
>  0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls
> module is loaded before any other module using libssl (can be loaded
> first to be safe)
>  0(11336) ERROR:  [core/sr_module.c:607]: load_module():
> /usr/lib64/kamailio/modules/tls.so: mod_register failed
>  0(11336) CRITICAL:  [core/cfg.y:3411]: yyerror_at(): parse
> error in config file /etc/kamailio/kamailio.cfg, line 150, column
> 12-19: failed to load module
>
> for resolving have compiled openssl from 1.0.2j-fips to
>
> openssl version
> OpenSSL 1.0.2n  7 Dec 2017
>
>
>
>
> Is this information enough to see what we are missing 
> Will provide more info if needed.
> Any help and suggestions are appreciated.
>
> Regards, 
> T
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] Unable to enable TLS on Kamailio

2017-12-11 Thread Tomi Hakkarainen

Hi,
  
I have problem to enable TLS on just installed Kamailio server 
openSUSE 42.3 (x86_64)
VERSION = 42.3
CODENAME = Malachite

version: kamailio 5.0.4 (x86_64/linux) 
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, 
USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, 
TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, 
USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown 
compiled on 18:06:25 Dec  3 2017 with gcc 4.8.5

I get this on debug log:

 0(11336) DEBUG:  [core/cfg.y:1642]: yyparse(): loading modules under 
/usr/lib64/kamailio/modules/
loading modules under config path: /usr/lib64/kamailio/modules/
 0(11336) DEBUG:  [core/cfg.y:1623]: yyparse(): loading module tls.so
 0(11336) DEBUG:  [core/sr_module.c:575]: load_module(): trying to load 

 0(11336) DEBUG:  [core/mem/q_malloc.c:189]: qm_malloc_init(): 
qm_malloc_init: QM_OPTIMIZE=16384, /ROUNDTO=2048
 0(11336) DEBUG:  [core/mem/q_malloc.c:191]: qm_malloc_init(): 
qm_malloc_init: QM_HASH_SIZE=2099, qm_block size=235152
 0(11336) DEBUG:  [core/mem/q_malloc.c:193]: qm_malloc_init(): 
qm_malloc_init(0x7f6e001cb000, 67108864), start=0x7f6e001cb000
 0(11336) DEBUG:  [core/mem/q_malloc.c:202]: qm_malloc_init(): 
qm_malloc_init: size= 67108864, init_overhead=235256
 0(11336) ERROR: tls [tls_init.c:595]: tls_pre_init(): Unable to set the memory 
allocation functions
 0(11336) ERROR: tls [tls_init.c:597]: tls_pre_init(): libssl current mem 
functions - m: 0x7f6e055b33d0 r: 0x7f6e055b3a30 f: 0x7f6e055b39a0
 0(11336) ERROR: tls [tls_init.c:599]: tls_pre_init(): Be sure tls module is 
loaded before any other module using libssl (can be loaded first to be safe)
 0(11336) ERROR:  [core/sr_module.c:607]: load_module(): 
/usr/lib64/kamailio/modules/tls.so: mod_register failed
 0(11336) CRITICAL:  [core/cfg.y:3411]: yyerror_at(): parse error in 
config file /etc/kamailio/kamailio.cfg, line 150, column 12-19: failed to load 
module

for resolving have compiled openssl from 1.0.2j-fips to

openssl version
OpenSSL 1.0.2n  7 Dec 2017




Is this information enough to see what we are missing 
Will provide more info if needed.
Any help and suggestions are appreciated.

Regards, 
T










___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Unable to enable TLS on Kamailio

Re: [SR-Users] Unable to enable TLS on Kamailio

Re: [SR-Users] Unable to enable TLS on Kamailio

Re: [SR-Users] Unable to enable TLS on Kamailio

Re: [SR-Users] Unable to enable TLS on Kamailio

Re: [SR-Users] Unable to enable TLS on Kamailio

Re: [SR-Users] Unable to enable TLS on Kamailio

Re: [SR-Users] Unable to enable TLS on Kamailio

Re: [SR-Users] Unable to enable TLS on Kamailio

[SR-Users] Unable to enable TLS on Kamailio

10 matches

Site Navigation

Mail list logo

Footer information