On 07/01/15 13:32, Øyvind Kolbu wrote: > > On 07.01.2015 11:49, Daniel-Constantin Mierla wrote: >> >> Searching on google about libpq and tls I found the notes about SSL >> Initialization at: >> >> - http://www.postgresql.org/docs/9.3/static/libpq-ssl.html >> >> Scroll down the page. >> >> Can you try adding: >> >> PQinitSSL(0); >> >> inside function: >> >> struct pg_con* db_postgres_new_connection(struct db_id* id) >> >> in file: >> >> modules/db_postgres/km_pg_con.c >> >> Before line with: >> >> ptr->con = PQsetdbLogin(id->host, ports, ... >> >> If works, we have to make that optional via modparam or try auto-detect >> if ssl is initialized (finding tls is loaded, but some other modules can >> do it, even when tls is not initialized, so mod param could be a safe >> way). >> > Thanks, just rebuilt git 2f690887b45dbc4, ~4.1.6. > > Without tls enabled db_postgres fails with > ERROR: db_postgres [km_pg_con.c:82]: db_postgres_new_connection(): > could not create SSL context: SSL error code 336236705#012 > ERROR: db_postgres [km_pg_con.c:95]: db_postgres_new_connection(): > cleaning up 0x7f1cfe8ba3c0=pkg_free()
The workaround is only for the case when tls module is loaded. I said it needs tuning afterwards, if proved to work with tls module, to skip it otherwise. > > When attempting to start with tls enabled I get: > INFO: tls [tls_mod.c:346]: mod_init(): With ECDH-Support! > INFO: tls [tls_mod.c:349]: mod_init(): With Diffie Hellman > ERROR: db_postgres [km_pg_con.c:82]: db_postgres_new_connection(): > could not create SSL context: SSL error code 336236705#012 > ERROR: db_postgres [km_pg_con.c:95]: db_postgres_new_connection(): > cleaning up 0x7f10849d4310=pkg_free() > So it complains that the ssl lib is not initialized completely. Can you try the following: - edit modules/tls/tls_init.c and add at the beginning of function 'int init_tls_h(void)': if(tls_mod_initialized > 0) return 0; - in modules/db_postgres/km_pg_con.c, add: #include "../../tls_hooks_init.h" - then in same file, before the line you added with PQinitSSL(0); add: init_tls(); Recompile, reinstall, restart and test only with tls module loaded before the db_postgres. Let's see the results and then I will make a proper patch if works. Cheers, Daniel -- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
