<div dir="ltr"><div><div><div><div><div><div>Hi Daniel,<br><br></div>I just moved the TLS config lines up top even before sl and tm module. Also moved the modparam stuff up there. When starting, Kamailio says, it is listening on a TLS socket, but netstat says, it isn't. It's basically the same behavior as before. (This is the last log line from shutting down and the very first lines when starting up.)<br><br>Nov 13 17:29:37 lasola /usr/sbin/kamailio[3536]: DEBUG: <core> [mem/shm_mem.c:235]: shm_mem_destroy(): destroying the shared memory lock<br>Nov 13 17:29:42 lasola /usr/sbin/kamailio[3704]: DEBUG: <core> [daemonize.c:583]: set_core_dump(): core dump limits set to 18446744073709551615<br>Nov 13 17:29:42 lasola /usr/sbin/kamailio[3704]: WARNING: <core> [main.c:2475]: main(): tls support enabled, but no tls engine available (forgot to load the tls module?)<br>Nov 13 17:29:42 lasola /usr/sbin/kamailio[3704]: WARNING: <core> [main.c:2476]: main(): disabling tls...<br>Nov 13 17:29:42 lasola /usr/sbin/kamailio[3704]: DEBUG: <core> [async_task.c:88]: async_task_init(): start initializing asynk task framework<br>Nov 13 17:29:42 lasola /usr/sbin/kamailio[3704]: DEBUG: <core> [sr_module.c:959]: init_mod(): tls<br>Nov 13 17:29:42 lasola /usr/sbin/kamailio[3704]: WARNING: tls [tls_mod.c:287]: mod_init(): tls support is disabled (set enable_tls=1 in the config to enable it)<br><br></div>I tried finding out, when those messages are written to the log. The first one with "no engine available" comes from main.c, if it wants to initialize tls but the module is not loaded yet. But it comes only, if tls_disable is not set. So at this point, Kamailio knows that we want to use TLS. But when this message appears, Kamailio sets tls_disable to 1. The second message "tls support is disabled" comes from the tls module, and only when tls_disable is set. So that's quite logical, because it was set this way before. <br><br></div>I compared the startup behavior between 4.1.3 and 4.3.3, and in 4.1.3 we had it pretty late in the init section, so there were a lot of modules loaded before tls and it worked without a problem.<br><br></div>I'm too bad in reading code, so I don't know what I have to do to get this message go away. The part of the code, where this is printed, changed a bit, but the conditions for printing the message stayed the same. I'm out of ideas what to check anymore.<br><br></div>Best Regards,<br></div>Sebastian<br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 13, 2015 at 2:29 PM, Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
it could be related to the fact that a lot of internal things are
initialized when the first modparam is found in config, but I
thought that change was done in 3.x.<br>
<br>
Can you put the tls module config part being the first? The other
modules don't need to be initialized before, actually tls needs to
be initialized and it does some of its init stuff when it is loaded
(unlike the common to do init stuff in mod init).<br>
<br>
Cheers,<br>
Daniel<div><div class="h5"><br>
<br>
<div>On 13/11/15 14:16, Sebastian Damm
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi Daniel,<br>
<br>
</div>
yes, we see this message.<br>
<br>
Nov 13 11:44:42 lasola /usr/sbin/kamailio[16113]: DEBUG:
<core> [sr_module.c:959]: init_mod(): tls<br>
Nov 13 11:44:42 lasola /usr/sbin/kamailio[16113]: WARNING: tls
[tls_mod.c:287]: mod_init(): tls support is disabled (set
enable_tls=1 in the config to enable it)<br>
Nov 13 11:44:42 lasola /usr/sbin/kamailio[16113]: DEBUG:
<core> [main.c:2520]: main(): Expect (at least) 30
kamailio processes in your process list<br>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Okay, then the message right at the
beginning probably just irritated us. But as you can see, we
have set enable_tls=1 (previously and in the documentation it
was set to 'yes'), but it still doesn't get enabled.<br>
<br>
</div>
<div class="gmail_extra">Any more ideas?<br>
<br>
</div>
<div class="gmail_extra">Best Regards,<br>
</div>
<div class="gmail_extra">Sebastian<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Nov 13, 2015 at 12:32 PM,
Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hello,<br>
<br>
if you start with debug=3, do you see the message:<br>
<br>
DEBUG: <core> [sr_module.c:959]: init_mod(): tls<br>
<br>
Cheers,<br>
Daniel
<div>
<div><br>
<br>
<div>On 13/11/15 12:17, Sebastian Damm wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">
<div>
<div>
<div>
<div>Hello,<br>
<br>
</div>
we just updated one kamailio server from
4.1.5 to 4.3.3, and although the config
file is correct and kamailio starts up, it
doesn't initialize TLS and says " tls
support enabled, but no tls engine
available (forgot to load the tls
module?)"<br>
<br>
</div>
In the log I see:<br>
<br>
Old shutdown (last lines):<br>
Nov 13 11:44:38 lasola
/usr/sbin/kamailio[15890]: DEBUG:
<core> [mem/shm_mem.c:235]:
shm_mem_destroy(): destroying the shared
memory lock<br>
Nov 13 11:44:41 lasola
/usr/sbin/kamailio[14818]: ERROR:
<core> [tcp_read.c:271]:
tcp_read_data(): error reading: Connection
reset by peer (104)<br>
Nov 13 11:44:41 lasola
/usr/sbin/kamailio[14818]: ERROR:
<core> [tcp_read.c:1296]:
tcp_read_req(): ERROR: tcp_read_req: error
reading<br>
<br>
New startup (first lines):<br>
Nov 13 11:44:42 lasola
/usr/sbin/kamailio[16113]: DEBUG:
<core> [daemonize.c:583]:
set_core_dump(): core dump limits set to
18446744073709551615<br>
Nov 13 11:44:42 lasola
/usr/sbin/kamailio[16113]: WARNING:
<core> [main.c:2475]: main(): tls
support enabled, but no tls engine
available (forgot to load the tls module?)<br>
Nov 13 11:44:42 lasola
/usr/sbin/kamailio[16113]: WARNING:
<core> [main.c:2476]: main():
disabling tls...<br>
Nov 13 11:44:42 lasola
/usr/sbin/kamailio[16113]: DEBUG:
<core> [async_task.c:88]:
async_task_init(): start initializing asynk
task framework<br>
Nov 13 11:44:42 lasola
/usr/sbin/kamailio[16113]: DEBUG:
<core> [sr_module.c:959]: init_mod():
xmlrpc<br>
Nov 13 11:44:42 lasola
/usr/sbin/kamailio[16113]: DEBUG:
<core> [sr_module.c:689]:
find_mod_export_record():
find_export_record: found <bind_sl> in
module sl
[/usr/lib/x86_64-linux-gnu/kamailio/modules//sl.so]<br>
Nov 13 11:44:42 lasola
/usr/sbin/kamailio[16113]: DEBUG:
<core> [sr_module.c:959]: init_mod():
sl<br>
<br>
</div>
In our config file we have the following lines
for TLS (pretty late, after all other module
loading and after most parameters):<br>
</div>
<div><br>
#!ifdef ENABLETLS<br>
loadmodule "tls.so"<br>
<br>
modparam("tls", "private_key",
"/etc/ssl/private/my.kamailio-key.pem")<br>
modparam("tls", "certificate",
"/etc/ssl/certs/my.kamailio.crt")<br>
#!ifdef TLS_CA_CHAIN<br>
# Maybe we want to use a chain to the CA<br>
modparam("tls", "ca_list",
"/etc/ssl/certs/my.ca-bundle.crt")<br>
#!endif<br>
enable_tls=1<br>
listen=tls:<a href="http://1.2.3.4:5061" target="_blank">1.2.3.4:5061</a><br>
#!endif<br>
<br>
</div>
<div>After starting up, kamailio listens on port
5060, but not on port 5061. In version 4.1.1,
this config worked without a problem.<br>
<br>
</div>
<div>Has anybody seen this before? the tls
module is there and available, it doesn't say
anything about "cannot load module", and it is
only a warning message. I'm also wondering,
why this message is the first after starting
the server. From config I would expect that
sl, tm and all the other modules should be
initialized before tls.<br>
<br>
</div>
<div>Best Regards,<br>
</div>
<div>Sebastian<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote></div></div></div></blockquote></div><br></div></div>