<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 08/22/2013 10:23 AM,
Daniel-Constantin Mierla wrote:<br>
</div>
<blockquote cite="mid:5215CA6F.2020105@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<br>
<div class="moz-cite-prefix">On 8/22/13 9:00 AM, Roberto Fichera
wrote:<br>
</div>
<blockquote cite="mid:5215B70D.6070402@tekno-soft.it" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 08/21/2013 10:23 PM,
Daniel-Constantin Mierla wrote:<br>
</div>
<blockquote cite="mid:521521DE.4020107@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Hello,<br>
<br>
<div class="moz-cite-prefix">On 8/20/13 4:24 PM, Roberto
Fichera wrote:<br>
</div>
<blockquote cite="mid:52137C36.5070207@tekno-soft.it"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
[...]<br>
<blockquote cite="mid:52121EE5.7020109@tekno-soft.it"
type="cite"> Mmmhhh!!! Looks like this particular version
has problem, see:<br>
<br>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a moz-do-not-send="true"
href="http://bugs.python.org/msg191610">http://bugs.python.org/msg191610</a><br>
</blockquote>
<br>
I can confirm that the bug is present in both Fedora 18
& 19. The openssl has a bug<br>
which prevent the tls module to work due to allow_customize
= 0 set in one of the <br>
functions called by OPENSSL_init() within
CRYPTO_set_mem_functions(). <br>
<br>
You can check easily with this small code:<br>
<br>
#include <stdio.h><br>
#include <openssl/ssl.h><br>
<br>
static void *myMalloc( size_t s ) { return NULL; } <br>
static void *myRealloc( void *p, size_t s ) { return NULL; }<br>
static void myFree( void *p ) {}<br>
<br>
int main()<br>
{<br>
if ( !CRYPTO_set_mem_functions( myMalloc, myRealloc,
myFree) )<br>
{<br>
fprintf( stderr, "Unable to set the memory allocation
functions\n");<br>
return -1;<br>
}<br>
<br>
return 0;<br>
}<br>
<br>
compile with "gcc -o testssl testssl.c -lssl -lcrypto"<br>
<br>
I've done a small patch in order to workaround the problem
in case someone need it.<br>
</blockquote>
Thanks for investigating further and providing proper
references.<br>
<br>
Is the patch for kamailio? If yes, you can attach it here or
on our tracker, so others can use it. Eventually we can
integrate it in the module, there are couple of other
workarounds for openssl bugs there.<br>
</blockquote>
<br>
Unfortunately not! I haven't found yet a solution to workaround
the openssl patch! <br>
I guess we cannot easily workaround inside the kamailio tls
module since the <br>
problem is strictly related to openssl.<br>
</blockquote>
Can you share the openssl patch? Maybe we find a solution together
here...<br>
</blockquote>
<br>
Sure! See below<br>
<br>
diff -urN openssl-1.0.1e/crypto/mem.c openssl-1.0.1e/crypto/mem.c<br>
--- openssl-1.0.1e/crypto/mem.c 2013-02-11 16:26:04.000000000
+0100<br>
+++ openssl-1.0.1e/crypto/mem.c 2013-08-20 12:44:01.375906737
+0200<br>
@@ -125,7 +125,7 @@<br>
void (*f)(void *))<br>
{<br>
/* Dummy call just to ensure OPENSSL_init() gets linked in */<br>
- OPENSSL_init();<br>
+ static void *ptr = (void*)OPENSSL_init;<br>
if (!allow_customize)<br>
return 0;<br>
if ((m == 0) || (r == 0) || (f == 0))<br>
<br>
<br>
<blockquote cite="mid:5215CA6F.2020105@gmail.com" type="cite"> <br>
Cheers,<br>
Daniel<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://twitter.com/#%21/miconda">http://twitter.com/#!/miconda</a> - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
</pre>
</blockquote>
<br>
</body>
</html>