<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 08/19/2013 03:34 PM, Roberto Fichera
wrote:<br>
</div>
<blockquote cite="mid:52121EE5.7020109@tekno-soft.it" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 08/19/2013 12:37 PM,
Daniel-Constantin Mierla wrote:<br>
<br>
Hi Daniel,<br>
<br>
</div>
<blockquote cite="mid:5211F579.40209@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Does it work with tls.so as first loaded module?<br>
<br>
If not, can you send the logs messages with debug=3?<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 8/19/13 12:26 PM, Roberto
Fichera wrote:<br>
</div>
<blockquote cite="mid:5211F2D8.5090703@tekno-soft.it"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 08/19/2013 12:14 PM,
Daniel-Constantin Mierla wrote:<br>
</div>
<blockquote cite="mid:5211EFFD.7020303@gmail.com" type="cite">Hello,
<br>
</blockquote>
<br>
Hi,<br>
<br>
<blockquote cite="mid:5211EFFD.7020303@gmail.com" type="cite">
what version of libssl is installed? <br>
</blockquote>
<br>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
[root@proxy CA]# rpm -q -a openssl-libs<br>
openssl-libs-1.0.1e-4.fc18.x86_64<br>
[root@proxy CA]# <br>
</blockquote>
</blockquote>
<br>
Mmmhhh!!! Looks like this particular version has problem, see:<br>
<br>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a moz-do-not-send="true" href="http://bugs.python.org/msg191610">http://bugs.python.org/msg191610</a><br>
</blockquote>
<br>
I can confirm that the bug is present in both Fedora 18 & 19.
The openssl has a bug<br>
which prevent the tls module to work due to allow_customize = 0 set
in one of the <br>
functions called by OPENSSL_init() within
CRYPTO_set_mem_functions(). <br>
<br>
You can check easily with this small code:<br>
<br>
#include <stdio.h><br>
#include <openssl/ssl.h><br>
<br>
static void *myMalloc( size_t s ) { return NULL; } <br>
static void *myRealloc( void *p, size_t s ) { return NULL; }<br>
static void myFree( void *p ) {}<br>
<br>
int main()<br>
{<br>
if ( !CRYPTO_set_mem_functions( myMalloc, myRealloc, myFree) )<br>
{<br>
fprintf( stderr, "Unable to set the memory allocation
functions\n");<br>
return -1;<br>
}<br>
<br>
return 0;<br>
}<br>
<br>
compile with "gcc -o testssl testssl.c -lssl -lcrypto"<br>
<br>
I've done a small patch in order to workaround the problem in case
someone need it.<br>
<br>
<blockquote cite="mid:52121EE5.7020109@tekno-soft.it" type="cite"> <br>
<blockquote cite="mid:5211F579.40209@gmail.com" type="cite">
<blockquote cite="mid:5211F2D8.5090703@tekno-soft.it"
type="cite"> <br>
<blockquote cite="mid:5211EFFD.7020303@gmail.com" type="cite">
<br>
can you list what modules are loaded in your kamailio.cfg?
Try with tls.so loaded as first module... <br>
</blockquote>
<br>
Sure!<br>
<br>
#!define WITH_PGSQL<br>
#!define WITH_AUTH<br>
#!define WITH_NAT<br>
#!define WITH_TLS<br>
#!define WITH_ANTIFLOOD<br>
#!define WITH_ACCDB<br>
#!define WITH_DIALPLAN<br>
<br>
.....<br>
<br>
# set paths to location of modules (to sources or installation
folders)<br>
#!ifdef WITH_SRCPATH<br>
mpath="modules_k:modules"<br>
#!else<br>
mpath="/usr/local/lib/kamailio/modules_k/:/usr/lib64/kamailio/modules/"<br>
#!endif<br>
<br>
#!ifdef WITH_TLS<br>
loadmodule "tls.so"<br>
#!endif<br>
<br>
#!ifdef WITH_MYSQL<br>
loadmodule "db_mysql.so"<br>
#!endif<br>
<br>
#!ifdef WITH_PGSQL<br>
loadmodule "db_postgres.so"<br>
#!endif<br>
<br>
loadmodule "mi_fifo.so"<br>
loadmodule "kex.so"<br>
loadmodule "corex.so"<br>
loadmodule "tm.so"<br>
loadmodule "tmx.so"<br>
loadmodule "sl.so"<br>
loadmodule "rr.so"<br>
loadmodule "pv.so"<br>
loadmodule "maxfwd.so"<br>
loadmodule "usrloc.so"<br>
loadmodule "registrar.so"<br>
loadmodule "textops.so"<br>
loadmodule "siputils.so"<br>
loadmodule "xlog.so"<br>
loadmodule "sanity.so"<br>
loadmodule "ctl.so"<br>
loadmodule "cfg_rpc.so"<br>
loadmodule "mi_rpc.so"<br>
loadmodule "acc.so"<br>
loadmodule "avpops.so"<br>
<br>
#!ifdef WITH_AUTH<br>
loadmodule "auth.so"<br>
loadmodule "auth_db.so"<br>
#!ifdef WITH_IPAUTH<br>
loadmodule "permissions.so"<br>
#!endif<br>
#!endif<br>
<br>
#!ifdef WITH_ALIASDB<br>
loadmodule "alias_db.so"<br>
#!endif<br>
<br>
#!ifdef WITH_SPEEDDIAL<br>
loadmodule "speeddial.so"<br>
#!endif<br>
<br>
#!ifdef WITH_DIALPLAN<br>
loadmodule "dialplan.so"<br>
#!endif<br>
<br>
#!ifdef WITH_MULTIDOMAIN<br>
loadmodule "domain.so"<br>
#!endif<br>
<br>
#!ifdef WITH_PRESENCE<br>
loadmodule "presence.so"<br>
loadmodule "presence_xml.so"<br>
#!endif<br>
<br>
#!ifdef WITH_NAT<br>
loadmodule "nathelper.so"<br>
loadmodule "rtpproxy.so"<br>
#!endif<br>
<br>
#!ifdef WITH_ANTIFLOOD<br>
loadmodule "htable.so"<br>
loadmodule "pike.so"<br>
#!endif<br>
<br>
#!ifdef WITH_XMLRPC<br>
loadmodule "xmlrpc.so"<br>
#!endif<br>
<br>
#!ifdef WITH_DEBUG<br>
loadmodule "debugger.so"<br>
#!endif<br>
<br>
Cheers,<br>
Roberto Fichera.<br>
<br>
<blockquote cite="mid:5211EFFD.7020303@gmail.com" type="cite">Cheers,
<br>
Daniel <br>
<br>
On 8/19/13 11:47 AM, Roberto Fichera wrote: <br>
<blockquote type="cite">Hi All, <br>
<br>
I'm just trying to setup the TLS on the last Kamailio
v4.0.3 on Fedora 18 64bits. Kamailio <br>
doesn't start and terminate with the error below: <br>
<br>
loading modules under
/usr/local/lib/kamailio/modules_k/:/usr/lib64/kamailio/modules/
<br>
0(1676) ERROR: tls [tls_init.c:471]: tls_pre_init():
Unable to set the memory allocation functions <br>
0(1676) ERROR: <core> [sr_module.c:600]:
load_module(): ERROR: load_module:
/usr/lib64/kamailio/modules/tls.so: <br>
mod_register failed <br>
0(1676) : <core> [cfg.y:3567]: yyerror_at(): parse
error in config file //etc/kamailio/kamailio.cfg, line
279, column <br>
12-19: failed to load module <br>
0(1676) ERROR: <core> [modparam.c:163]:
set_mod_param_regex(): set_mod_param_regex: No module
matching <tls> found <br>
0(1676) : <core> [cfg.y:3570]: yyerror_at(): parse
error in config file //etc/kamailio/kamailio.cfg, line
439, column <br>
51: Can't set module parameter <br>
0(1676) ERROR: <core> [modparam.c:163]:
set_mod_param_regex(): set_mod_param_regex: No module
matching <tls> found <br>
0(1676) : <core> [cfg.y:3570]: yyerror_at(): parse
error in config file //etc/kamailio/kamailio.cfg, line
440, column <br>
97: Can't set module parameter <br>
0(1676) ERROR: <core> [modparam.c:163]:
set_mod_param_regex(): set_mod_param_regex: No module
matching <tls> found <br>
0(1676) : <core> [cfg.y:3570]: yyerror_at(): parse
error in config file //etc/kamailio/kamailio.cfg, line
441, column <br>
92: Can't set module parameter <br>
0(1676) ERROR: <core> [modparam.c:163]:
set_mod_param_regex(): set_mod_param_regex: No module
matching <tls> found <br>
0(1676) : <core> [cfg.y:3570]: yyerror_at(): parse
error in config file //etc/kamailio/kamailio.cfg, line
442, column <br>
64: Can't set module parameter <br>
ERROR: bad config file (5 errors) <br>
<br>
Cheers, <br>
Roberto Fichera. <br>
<br>
_______________________________________________ <br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users
mailing list <br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
<br>
</blockquote>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://twitter.com/#%21/miconda">http://twitter.com/#!/miconda</a> - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
</body>
</html>