<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
thanks for noticing and reporting that. I just committed the fix,
just using a different function name.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 7/17/12 7:54 PM, Jijo wrote:<br>
</div>
<blockquote
cite="mid:CAOYmDE-BQURwDC6GCsQYNb4WH4aZ5OAFognH3k4ryuzVD+6TLA@mail.gmail.com"
type="cite"><font face="Helvetica, Verdana, sans-serif">
<div><span style="font-size:12px">We have observed this error
when using multiple tls connecitons with openssl version
1.0.0. This is because CRYPTO_set_id_callback() is not used
in tls_init_locks(). The kamailio code has following comment</span></div>
<div><span style="font-size:12px"> /* thread id callback: not
needed because ser doesn't use thread and</span></div>
<div><span style="font-size:12px"> * openssl already uses
getpid() (by default)</span></div>
<div>
<span style="font-size:12px"> *
CRYPTO_set_id_callback(id_f);</span></div>
<div><span style="font-size:12px"><br>
</span></div>
<div><span style="font-size:12px">As per the documentation
openssl is not using getpid anymore , it is valid only till
0.9. </span></div>
<div><span style="font-size:12px">the openssl man page says </span></div>
<div><span style="font-size:12px">If the application does not
register such a callback using
CRYPTO_THREADID_set_callback(), then a default
implementation is used - on Windows and BeOS this uses the
system's default thread identifying APIs, and on all other
platforms it uses the address of errno.</span></div>
<div><span style="font-size:12px">In multi process environment
Errno can points to same virtual address. So we need to use
getpid() in CRYPTO_set_id_callback(id_f)</span></div>
<div><span style="font-size:12px"><br>
</span></div>
<div><span style="font-size:12px">unsigned long id_f()</span></div>
<div><span style="font-size:12px">{</span></div>
<div><span style="font-size:12px"><span class="Apple-tab-span"
style="white-space:pre"> </span>return my_pid();</span></div>
<div><span style="font-size:12px">}</span></div>
<div><span style="font-size:12px"><br>
</span></div>
<div><span style="font-size:12px">Please read the link below for
refrence</span></div>
<div><span style="font-size:12px"><a moz-do-not-send="true"
href="http://www.openssl.org/docs/crypto/threads.html">http://www.openssl.org/docs/crypto/threads.html</a></span></div>
</font>
<div>
<div><br>
</div>
<div><br>
</div>
</div>
<div>
<div class="gmail_quote">On Thu, Jul 12, 2012 at 9:46 PM,
sip-router <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bugtracker@sip-router.org" target="_blank">bugtracker@sip-router.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">THIS IS AN
AUTOMATED MESSAGE, DO NOT REPLY.<br>
<br>
A new Flyspray task has been opened. Details are below. <br>
User who did this - Shaobin.Feng (saxon_leo) <br>
Attached to Project - sip-router<br>
Summary - kamailio tls debug error<br>
Task Type - Bug Report<br>
Category - tls<br>
Status - Unconfirmed<br>
Assigned To - Operating System - Linux<br>
Severity - Low<br>
Priority - Normal<br>
Reported Version - 3.2<br>
Due in Version - Undecided<br>
Due Date - Undecided<br>
Details - kamailio keeps debuging follows:<br>
"ERROR: tls [tls_server.c:1174]: TLS
accept:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption
failed or bad record mac"<br>
<br>
Well,I used command (openssl s_client -connect host:port
-no_ssl2 -bugs) to connect to kamailio, it returns normal.<br>
<br>
So, this really confuse me,is there something wrong or not?<br>
<br>
Is there any other method can check the tls module works
normal or not? Any suggestion will be nice.<br>
<br>
More information can be found at the following URL:<br>
<a moz-do-not-send="true"
href="http://sip-router.org/tracker/index.php?do=details&task_id=245"
target="_blank">http://sip-router.org/tracker/index.php?do=details&task_id=245</a><br>
<br>
You are receiving this message because you have requested it
from the Flyspray bugtracking system. If you did not expect
this message or don't want to receive mails in future, you
can change your notification settings at the URL shown
above.<br>
<br>
_______________________________________________<br>
sr-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:sr-dev@lists.sip-router.org" target="_blank">sr-dev@lists.sip-router.org</a><br>
<a moz-do-not-send="true"
href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev"
target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
sr-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-dev@lists.sip-router.org">sr-dev@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 - <a class="moz-txt-link-freetext" href="http://asipto.com/u/katu">http://asipto.com/u/katu</a>
Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 - <a class="moz-txt-link-freetext" href="http://asipto.com/u/kpw">http://asipto.com/u/kpw</a></pre>
</body>
</html>