[SR-Users] Error while running TLS enabled Kamailio proxy

Kamal Palei palei.kamal at gmail.com
Tue Oct 16 15:16:11 CEST 2012 

Resolved this error, modified tls.cfg file.
Replaced default certificate/key file names with actual ones.

Thanks
-Kamal



On Tue, Oct 16, 2012 at 6:05 PM, Kamal Palei <palei.kamal at gmail.com> wrote:

> Dear All
> While executing TLS enabled Kamailio proxy (3.1.5), getting below error.
>
> * 0(15895) INFO: tls [tls_domain.c:227]: TLSs<default>: verify_depth=9
>  0(15895) ERROR: tls [tls_domain.c:393]: TLSs<default>: Unable to load
> certificate file './modules/tls/ser-selfsigned.pem'
>  0(15895) ERROR: tls [tls_domain.c:394]: load_cert:error:02001002:system
> library:fopen:No such file or directory
>  0(15895) ERROR: tls [tls_domain.c:394]: load_cert:error:20074002:BIO
> routines:FILE_CTRL:system lib
>  0(15895) ERROR: tls [tls_domain.c:394]: load_cert:error:140DC002:SSL
> routines:SSL_CTX_use_certificate_chain_file:system lib
>  0(15895) ERROR: <core> [sr_module.c:832]: init_mod_child(): Error while
> initializing module tls (/usr/local/lib/kamailio/modules/tls.so)
>  0(15895) ERROR: <core> [main.c:1532]: ERROR: main: error in
> init_child(PROC_INT) -- exiting
>  0(15895) : <core> [mem/q_malloc.c:431]: BUG: qm_free: bad pointer (nil)
> (out of memory block!) - aborting
>  0(15893) ERROR: <core> [daemonize.c:307]: Main process exited before
> writing to pipe
> *
>
> I performed below steps to compile and install.
>
> 1. I had a working Kamailio-3.1.5 code base without TLS
> 2. Downloaded latest openssl source code
> 3. Compiled and generated libssl.a  and libcrypto.a
> 4. Next, I recompiled kamailio proxy, compilation did not go through. I
> had to modify Makefile in modules/tls module, added path for openssl/bio.h
> and path for libssl.a
> 5. Then executed make all clean  and  make all include_modules=tls , this
> time compilation succeeded
> 6. Next I did make install
> 7. Generated certificates using openssl library that comes by default with
> ubuntu 10.04 lte
> 8. Added below entries in kamailio.cfg
>
>
> #!define WITH_TLS
>
>
> #!ifdef WITH_TLS
> loadmodule "tls.so"
> modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
> modparam("tls", "private_key", "/etc/certs/localb2bua.com/key.pem")
> modparam("tls", "certificate", "/etc/certs/localb2bua.com/cert.pem")
> modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem")
> enable_tls=yes
> #!endif
>
> 9. Then I tried running kamailio proxy
> It complained not getting tls.so and tls.cfg
> Copied these files from modules/tls to /usr/local/etc/kamailio/ path
>
> 10. Then I was able to run Kamailio proxy and got the errors pasted at top
> of email (* Unable to load certificate file
> './modules/tls/ser-selfsigned.pem')
> *
> Please guide me what should I do to avoid this error.
>
> Thanks a lot.
> -Kamal
>
> *
> *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20121016/33591879/attachment-0001.htm>

More information about the sr-users mailing list