<font face="Helvetica, Verdana, sans-serif"><div><span style="font-size:12px">We have observed this error when using multiple tls connecitons with openssl version 1.0.0. This is because CRYPTO_set_id_callback() is not used in tls_init_locks(). The kamailio code has following comment</span></div>
<div><span style="font-size:12px"> /* thread id callback: not needed because ser doesn't use thread and</span></div><div><span style="font-size:12px"> * openssl already uses getpid() (by default)</span></div><div>
<span style="font-size:12px"> * CRYPTO_set_id_callback(id_f);</span></div><div><span style="font-size:12px"><br></span></div><div><span style="font-size:12px">As per the documentation openssl is not using getpid anymore , it is valid only till 0.9. </span></div>
<div><span style="font-size:12px">the openssl man page says </span></div><div><span style="font-size:12px">If the application does not register such a callback using CRYPTO_THREADID_set_callback(), then a default implementation is used - on Windows and BeOS this uses the system's default thread identifying APIs, and on all other platforms it uses the address of errno.</span></div>
<div><span style="font-size:12px">In multi process environment Errno can points to same virtual address. So we need to use getpid() in CRYPTO_set_id_callback(id_f)</span></div><div><span style="font-size:12px"><br></span></div>
<div><span style="font-size:12px">unsigned long id_f()</span></div><div><span style="font-size:12px">{</span></div><div><span style="font-size:12px"><span class="Apple-tab-span" style="white-space:pre">        </span>return my_pid();</span></div>
<div><span style="font-size:12px">}</span></div><div><span style="font-size:12px"><br></span></div><div><span style="font-size:12px">Please read the link below for refrence</span></div><div><span style="font-size:12px"><a href="http://www.openssl.org/docs/crypto/threads.html">http://www.openssl.org/docs/crypto/threads.html</a></span></div>
</font><div><div><br></div><div><br></div></div><div><div class="gmail_quote">On Thu, Jul 12, 2012 at 9:46 PM, sip-router <span dir="ltr"><<a href="mailto:bugtracker@sip-router.org" target="_blank">bugtracker@sip-router.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.<br>
<br>
A new Flyspray task has been opened. Details are below. <br>
User who did this - Shaobin.Feng (saxon_leo) <br>
Attached to Project - sip-router<br>
Summary - kamailio tls debug error<br>
Task Type - Bug Report<br>
Category - tls<br>
Status - Unconfirmed<br>
Assigned To - Operating System - Linux<br>
Severity - Low<br>
Priority - Normal<br>
Reported Version - 3.2<br>
Due in Version - Undecided<br>
Due Date - Undecided<br>
Details - kamailio keeps debuging follows:<br>
"ERROR: tls [tls_server.c:1174]: TLS accept:error:1408F119:SSL routines:SSL3_GET_RECORD:<u></u>decryption failed or bad record mac"<br>
<br>
Well,I used command (openssl s_client -connect host:port -no_ssl2 -bugs) to connect to kamailio, it returns normal.<br>
<br>
So, this really confuse me,is there something wrong or not?<br>
<br>
Is there any other method can check the tls module works normal or not? Any suggestion will be nice.<br>
<br>
More information can be found at the following URL:<br>
<a href="http://sip-router.org/tracker/index.php?do=details&task_id=245" target="_blank">http://sip-router.org/tracker/<u></u>index.php?do=details&task_id=<u></u>245</a><br>
<br>
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.<br>
<br>
______________________________<u></u>_________________<br>
sr-dev mailing list<br>
<a href="mailto:sr-dev@lists.sip-router.org" target="_blank">sr-dev@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev" target="_blank">http://lists.sip-router.org/<u></u>cgi-bin/mailman/listinfo/sr-<u></u>dev</a><br>
</blockquote></div><br>
</div>