<div dir="ltr"><div><div><div><div>Hi,<br><br></div>thanks for the patience. We finally found it. Starting it with debug info to stdout didn't show much more, but it again showed the "is disabled" message was still there. So I moved the "enable_tls" line and the "listen:" line up before loading the module. And that changed everything. Now Kamailio is listening on the TLS interface, too.<br><br></div>So it looks like the enable_tls line must be there before the module is actually loaded. That's something that changed coming from Kamailio 4.1.<br><br></div>Regards,<br></div>Sebastian<br><div><div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 16, 2015 at 10:26 AM, Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
run with -E -ddd command line parameters, some of the messages are
in stderror.<br>
<br>
The error is somewhere else, because the the one related to tls is
during shutdown process, therefore something else was detected
before.<br>
<br>
Cheers,<br>
Daniel<div><div class="h5"><br>
<br>
<div>On 16/11/15 09:53, Sebastian Damm
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div>
<div>Hi Daniel,<br>
<br>
</div>
as I wrote, I copied the last log line from shutdown and the
first lines from the start. That was just to show that those
lines really are the first lines that appear in the log. You
can see the PID change and the 5sec gap between the shutdown
and start.<br>
<br>
<br>
</div>
<div>There are no error messages, otherwise. And I don't know
what Kamailio is doing and why it thinks that it should
disable tls.<br>
<br>
</div>
<div>Best Regards,<br>
</div>
<div>Sebastian<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Nov 16, 2015 at 9:34 AM,
Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hello,<br>
<br>
the following log message:<span><br>
<br>
Nov 13 17:29:37 lasola /usr/sbin/kamailio[3536]:
DEBUG: <core> [mem/shm_mem.c:235]:
shm_mem_destroy(): destroying the shared memory lock<br>
<br>
</span> indicates that Kamailio is shutting down
already. Can you check up in the logs and see if there
are other error messages?<br>
<br>
Do you have /var/log/kamailio folder with appropriate
permissions so kamailio can create fifo file/etc.?<br>
<br>
Cheers,<br>
Daniel
<div>
<div><br>
<br>
<div>On 13/11/15 18:07, Sebastian Damm wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>
<div>Hi Daniel,<br>
<br>
</div>
I just moved the TLS config lines up
top even before sl and tm module. Also
moved the modparam stuff up there.
When starting, Kamailio says, it is
listening on a TLS socket, but netstat
says, it isn't. It's basically the
same behavior as before. (This is the
last log line from shutting down and
the very first lines when starting
up.)<br>
<br>
Nov 13 17:29:37 lasola
/usr/sbin/kamailio[3536]: DEBUG:
<core> [mem/shm_mem.c:235]:
shm_mem_destroy(): destroying the
shared memory lock<br>
Nov 13 17:29:42 lasola
/usr/sbin/kamailio[3704]: DEBUG:
<core> [daemonize.c:583]:
set_core_dump(): core dump limits set
to 18446744073709551615<br>
Nov 13 17:29:42 lasola
/usr/sbin/kamailio[3704]: WARNING:
<core> [main.c:2475]: main():
tls support enabled, but no tls
engineĀ available (forgot to load the
tls module?)<br>
Nov 13 17:29:42 lasola
/usr/sbin/kamailio[3704]: WARNING:
<core> [main.c:2476]: main():
disabling tls...<br>
Nov 13 17:29:42 lasola
/usr/sbin/kamailio[3704]: DEBUG:
<core> [async_task.c:88]:
async_task_init(): start initializing
asynk task framework<br>
Nov 13 17:29:42 lasola
/usr/sbin/kamailio[3704]: DEBUG:
<core> [sr_module.c:959]:
init_mod(): tls<br>
Nov 13 17:29:42 lasola
/usr/sbin/kamailio[3704]: WARNING: tls
[tls_mod.c:287]: mod_init(): tls
support is disabled (set enable_tls=1
in the config to enable it)<br>
<br>
</div>
I tried finding out, when those messages
are written to the log. The first one
with "no engine available" comes from
main.c, if it wants to initialize tls
but the module is not loaded yet. But it
comes only, if tls_disable is not set.
So at this point, Kamailio knows that we
want to use TLS. But when this message
appears, Kamailio sets tls_disable to 1.
The second message "tls support is
disabled" comes from the tls module, and
only when tls_disable is set. So that's
quite logical, because it was set this
way before. <br>
<br>
</div>
I compared the startup behavior between
4.1.3 and 4.3.3, and in 4.1.3 we had it
pretty late in the init section, so there
were a lot of modules loaded before tls
and it worked without a problem.<br>
<br>
</div>
I'm too bad in reading code, so I don't know
what I have to do to get this message go
away. The part of the code, where this is
printed, changed a bit, but the conditions
for printing the message stayed the same.
I'm out of ideas what to check anymore.<br>
<br>
</div>
Best Regards,<br>
</div>
Sebastian<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Nov 13, 2015
at 2:29 PM, Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
it could be related to the fact that a
lot of internal things are initialized
when the first modparam is found in
config, but I thought that change was
done in 3.x.<br>
<br>
Can you put the tls module config part
being the first? The other modules don't
need to be initialized before, actually
tls needs to be initialized and it does
some of its init stuff when it is loaded
(unlike the common to do init stuff in
mod init).<br>
<br>
Cheers,<br>
Daniel
<div>
<div><br>
<br>
<div>On 13/11/15 14:16, Sebastian
Damm wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi Daniel,<br>
<br>
</div>
yes, we see this message.<br>
<br>
Nov 13 11:44:42 lasola
/usr/sbin/kamailio[16113]:
DEBUG: <core>
[sr_module.c:959]: init_mod():
tls<br>
Nov 13 11:44:42 lasola
/usr/sbin/kamailio[16113]:
WARNING: tls [tls_mod.c:287]:
mod_init(): tls support is
disabled (set enable_tls=1 in
the config to enable it)<br>
Nov 13 11:44:42 lasola
/usr/sbin/kamailio[16113]:
DEBUG: <core>
[main.c:2520]: main(): Expect
(at least) 30 kamailio processes
in your process list<br>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Okay,
then the message right at the
beginning probably just
irritated us. But as you can
see, we have set enable_tls=1
(previously and in the
documentation it was set to
'yes'), but it still doesn't
get enabled.<br>
<br>
</div>
<div class="gmail_extra">Any
more ideas?<br>
<br>
</div>
<div class="gmail_extra">Best
Regards,<br>
</div>
<div class="gmail_extra">Sebastian<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
Fri, Nov 13, 2015 at 12:32
PM, Daniel-Constantin Mierla
<span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hello,<br>
<br>
if you start with
debug=3, do you see the
message:<br>
<br>
DEBUG: <core>
[sr_module.c:959]:
init_mod(): tls<br>
<br>
Cheers,<br>
Daniel
<div>
<div><br>
<br>
<div>On 13/11/15
12:17, Sebastian
Damm wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">
<div>
<div>
<div>
<div>Hello,<br>
<br>
</div>
we just
updated one
kamailio
server from
4.1.5 to
4.3.3, and
although the
config file is
correct and
kamailio
starts up, it
doesn't
initialize TLS
and says " tls
support
enabled, but
no tls engineĀ
available
(forgot to
load the tls
module?)"<br>
<br>
</div>
In the log I
see:<br>
<br>
Old shutdown
(last lines):<br>
Nov 13
11:44:38
lasola
/usr/sbin/kamailio[15890]:
DEBUG:
<core>
[mem/shm_mem.c:235]:
shm_mem_destroy():
destroying the
shared memory
lock<br>
Nov 13
11:44:41
lasola
/usr/sbin/kamailio[14818]:
ERROR:
<core>
[tcp_read.c:271]:
tcp_read_data():
error reading:
Connection
reset by peer
(104)<br>
Nov 13
11:44:41
lasola
/usr/sbin/kamailio[14818]:
ERROR:
<core>
[tcp_read.c:1296]:
tcp_read_req():
ERROR:
tcp_read_req:
error reading<br>
<br>
New startup
(first lines):<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[daemonize.c:583]:
set_core_dump():
core dump
limits set to
18446744073709551615<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
WARNING:
<core>
[main.c:2475]:
main(): tls
support
enabled, but
no tls engineĀ
available
(forgot to
load the tls
module?)<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
WARNING:
<core>
[main.c:2476]:
main():
disabling
tls...<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[async_task.c:88]:
async_task_init():
start
initializing
asynk task
framework<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[sr_module.c:959]:
init_mod():
xmlrpc<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[sr_module.c:689]:
find_mod_export_record():
find_export_record:
found
<bind_sl>
in module sl
[/usr/lib/x86_64-linux-gnu/kamailio/modules//sl.so]<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[sr_module.c:959]:
init_mod(): sl<br>
<br>
</div>
In our config
file we have
the following
lines for TLS
(pretty late,
after all
other module
loading and
after most
parameters):<br>
</div>
<div><br>
#!ifdef
ENABLETLS<br>
loadmodule
"tls.so"<br>
<br>
modparam("tls",
"private_key",
"/etc/ssl/private/my.kamailio-key.pem")<br>
modparam("tls",
"certificate",
"/etc/ssl/certs/my.kamailio.crt")<br>
#!ifdef
TLS_CA_CHAIN<br>
# Maybe we
want to use a
chain to the
CA<br>
modparam("tls",
"ca_list",
"/etc/ssl/certs/my.ca-bundle.crt")<br>
#!endif<br>
enable_tls=1<br>
listen=tls:<a href="http://1.2.3.4:5061" target="_blank">1.2.3.4:5061</a><br>
#!endif<br>
<br>
</div>
<div>After
starting up,
kamailio
listens on
port 5060, but
not on port
5061. In
version 4.1.1,
this config
worked without
a problem.<br>
<br>
</div>
<div>Has anybody
seen this
before? the
tls module is
there and
available, it
doesn't say
anything about
"cannot load
module", and
it is only a
warning
message. I'm
also
wondering, why
this message
is the first
after starting
the server.
From config I
would expect
that sl, tm
and all the
other modules
should be
initialized
before tls.<br>
<br>
</div>
<div>Best
Regards,<br>
</div>
<div>Sebastian<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset></fieldset></div></div></blockquote></div></blockquote></div><br></div></div></div></div></div></div>