[Users] Re: [Devel] Please help for configuration TLS in Fedora Core5

Ferianto siregar ferianto_voip at yahoo.com
Sat Sep 9 13:46:33 CEST 2006


Dear Klaus,
   
  Thank you very much for you kind-hearted to reply my message. Thank you very much.
  Klaus, I still do not understand what you mean .Maybe because I have lack skill in this system.
  So, yesterday I tried to check file tls_init.c that there is in # openser-1.1.0-tls/tls directory.
  I found the script that you write below in tls_init.c file . Both of them are same (the script that you write below and the script in tls_ini.c file).
   So, I am confused, what should I do? What I have to change so TLS can run in my openser?
  Would you mind giving me explanation, Please..
   
  Thank you very much
   
  Regards,
   
   
  Ferianto

Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
  Ferianto siregar wrote:
> Dear all,
> 
> I would like to say thanks to all of you for your kind-hearted read my 
> message. Thank you very much.
> All, I need you help now.Please..
> Now, I tried to build openser with TLS in Fedora Core 5. Before, I use 
> Redhat 9 and the openser installation can be build successfully.( I can 
> make a call with TLS support)
> But, Why when I tried to install it in Fedora Core 5, the openser can 
> not run?(there is no pid for openser)
> But, When I erase the TLS configuration (TLS script for enable the TLS) 
> in openser.cfg, the openser can run successfully.(There is a pid).
> So, in my opinion, the TLS Script in openser.cfg is error.
> But, I need this script to make secure openser server (openser with TLS 
> support).
> 
> What should I do? I do hope anybody can give a suggestion. Please help 
> me...Please..

Maybe the openssl library is different on fedora. The interesintg pieco 
of code is:

#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
/* disabling compression */
LOG(L_ERR, "WARNING:init_tls: disabling compression due ZLIB problems\n");
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods==0) {
LOG(L_ERR, "ERRRO:init_tls: null openssl compression 
methods\n");
return -1;
}
sk_SSL_COMP_zero(comp_methods);
#endif

I wonder why it is an error if the comp_methods are zero. Then we do not 
have to disable them.

regards
klaus


> 
> Thank you very much
> 
> Regards,
> 
> 
> Ferianto
> 
> Note:
> 1. This is the error message that I got when execute, # openser, command:
> 0(8715) DEBUG:socket2str: 
> 0(8715) DEBUG:socket2str: 
> 0(8715) DEBUG:socket2str: 
> Listening on
> udp: 202.95.149.251 [202.95.149.251]:5060
> tcp: 202.95.149.251 [202.95.149.251]:5060
> tls: 202.95.149.251 [202.95.149.251]:5061
> Aliases:
> tls: sip:5061
> tls: sip.pcr.ac.id:5061
> tcp: sip:5060
> tcp: sip.pcr.ac.id:5060
> udp: sip:5060
> udp: sip.pcr.ac.id:5060
> 
> 0(8715) fm_malloc_init: F_OPTIMIZE=16384, /ROUNDTO=2048
> 0(8715) fm_malloc_init: F_HASH_SIZE=2067, fm_block size=16560
> 0(8715) fm_malloc_init(0xb5fbb000, 33554432), start=0xb5fbb000
> 0(8715) shm_mem_init: success
> 0(8715) init_tcp: using epoll_lt as the io watch method (auto detected)
> 0(8715) init_tls: Entered
> 0(8715) WARNING:init_tls: disabling compression due ZLIB problems
> 0(8715) ERRRO:init_tls: null openssl compression methods
> 0(8715) could not initialize tls, exiting...
> 0(8715) DEBUG: tm_shutdown : start
> 0(8715) DEBUG: tm_shutdown : emptying hash table
> 0(8715) DEBUG: tm_shutdown : releasing timers
> 0(8715) DEBUG: tm_shutdown : removing semaphores
> 0(8715) DEBUG: tm_shutdown : destroying tmcb lists
> 0(8715) DEBUG: tm_shutdown : done
> 0(8715) destroy_tls: Entered
> 0(8715) shm_mem_destroy
> 0(8715) destroying the shared memory lock
> 
> 2. This is the contain part of openser.cfg
> 
> listen=202.95.149.250
> port=5060
> children=4
> dns=no # (cmd. line: -r)
> rev_dns=no # (cmd. line: -R)
> fifo="/tmp/openser_fifo" 
> fifo_db_url="mysql://openser:openserrw@localhost/openser"
> fifo_mode=0666
> alias="pcr.ac.id"
> 
> # uncomment the following lines for TLS support
> disable_tls = 0
> listen = tls:202.95.149.250:5061
> tls_verify_client = on
> tls_require_client_certificate = on
> tls_verify_server=on
> tls_method = TLSv1
> tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
> tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
> tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
> 
> # ------------------ module loading ----------------------------------
> # Uncomment this if you want to use SQL database loadmodule 
> "/usr/local/lib/openser/modules/mysql.so" loadmodule 
> "/usr/local/lib/openser/modules/sl.so" loadmodule 
> "/usr/local/lib/openser/modules/tm.so" loadmodule 
> "/usr/local/lib/openser/modules/rr.so" loadmodule 
> "/usr/local/lib/openser/modules/maxfwd.so" loadmodule 
> "/usr/local/lib/openser/modules/usrloc.so" loadmodule 
> "/usr/local/lib/openser/modules/registrar.so" loadmodule 
> "/usr/local/lib/openser/modules/auth.so" loadmodule 
> "/usr/local/lib/openser/modules/auth_db.so" loadmodule 
> "/usr/local/lib/openser/modules/uri.so" loadmodule 
> "/usr/local/lib/openser/modules/uri_db.so" loadmodule 
> "/usr/local/lib/openser/modules/mediaproxy.so" loadmodule 
> "/usr/local/lib/openser/modules/nathelper.so" loadmodule 
> "/usr/local/lib/openser/modules/textops.so" loadmodule 
> "/usr/local/lib/openser/modules/avpops.so" loadmodule 
> "/usr/local/lib/openser/modules/domain.so" loadmodule 
> "/usr/local/lib/openser/modules/permissions.so"
> 
> ------------------------------------------------------------------------
> Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great 
> rates starting at 1¢/min. 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
> 



 		
---------------------------------
Stay in the know. Pulse on the new Yahoo.com.  Check it out. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060909/a8856d3a/attachment.htm>


More information about the sr-users mailing list