<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
tls module does some initialization of libssl when it is loaded,
otherwise other modules that link against libssl can initialize the
lib before, making it unusable with shared memory.<br>
<br>
Although is not a constraint, core parameters should be before
module parameters, otherwise the module might get the default value
and it won't refresh it later.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 16/11/15 12:10, Sebastian Damm
wrote:<br>
</div>
<blockquote
cite="mid:CABkWSFwFfyJxCkoZ8Ti0LBf0Q-wDPab1EWKqmVBKK1jfeAHr4Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>Hi,<br>
<br>
</div>
thanks for the patience. We finally found it. Starting it
with debug info to stdout didn't show much more, but it
again showed the "is disabled" message was still there. So
I moved the "enable_tls" line and the "listen:" line up
before loading the module. And that changed everything.
Now Kamailio is listening on the TLS interface, too.<br>
<br>
</div>
So it looks like the enable_tls line must be there before
the module is actually loaded. That's something that changed
coming from Kamailio 4.1.<br>
<br>
</div>
Regards,<br>
</div>
Sebastian<br>
<div>
<div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Nov 16, 2015 at 10:26
AM, Daniel-Constantin Mierla <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:miconda@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:miconda@gmail.com">miconda@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hello,<br>
<br>
run with -E -ddd command line parameters, some
of the messages are in stderror.<br>
<br>
The error is somewhere else, because the the one
related to tls is during shutdown process,
therefore something else was detected before.<br>
<br>
Cheers,<br>
Daniel
<div>
<div class="h5"><br>
<br>
<div>On 16/11/15 09:53, Sebastian Damm
wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">
<div>
<div>Hi Daniel,<br>
<br>
</div>
as I wrote, I copied the last log line
from shutdown and the first lines from
the start. That was just to show that
those lines really are the first lines
that appear in the log. You can see
the PID change and the 5sec gap
between the shutdown and start.<br>
<br>
<br>
</div>
<div>There are no error messages,
otherwise. And I don't know what
Kamailio is doing and why it thinks
that it should disable tls.<br>
<br>
</div>
<div>Best Regards,<br>
</div>
<div>Sebastian<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Nov
16, 2015 at 9:34 AM,
Daniel-Constantin Mierla <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:miconda@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:miconda@gmail.com">miconda@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000"> Hello,<br>
<br>
the following log message:<span><br>
<br>
Nov 13 17:29:37 lasola
/usr/sbin/kamailio[3536]:
DEBUG: <core>
[mem/shm_mem.c:235]:
shm_mem_destroy(): destroying
the shared memory lock<br>
<br>
</span> indicates that Kamailio
is shutting down already. Can
you check up in the logs and see
if there are other error
messages?<br>
<br>
Do you have /var/log/kamailio
folder with appropriate
permissions so kamailio can
create fifo file/etc.?<br>
<br>
Cheers,<br>
Daniel
<div>
<div><br>
<br>
<div>On 13/11/15 18:07,
Sebastian Damm wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>
<div>Hi
Daniel,<br>
<br>
</div>
I just moved
the TLS config
lines up top
even before sl
and tm module.
Also moved the
modparam stuff
up there. When
starting,
Kamailio says,
it is
listening on a
TLS socket,
but netstat
says, it
isn't. It's
basically the
same behavior
as before.
(This is the
last log line
from shutting
down and the
very first
lines when
starting up.)<br>
<br>
Nov 13
17:29:37
lasola
/usr/sbin/kamailio[3536]:
DEBUG:
<core>
[mem/shm_mem.c:235]:
shm_mem_destroy():
destroying the
shared memory
lock<br>
Nov 13
17:29:42
lasola
/usr/sbin/kamailio[3704]:
DEBUG:
<core>
[daemonize.c:583]:
set_core_dump():
core dump
limits set to
18446744073709551615<br>
Nov 13
17:29:42
lasola
/usr/sbin/kamailio[3704]:
WARNING:
<core>
[main.c:2475]:
main(): tls
support
enabled, but
no tls engineĀ
available
(forgot to
load the tls
module?)<br>
Nov 13
17:29:42
lasola
/usr/sbin/kamailio[3704]:
WARNING:
<core>
[main.c:2476]:
main():
disabling
tls...<br>
Nov 13
17:29:42
lasola
/usr/sbin/kamailio[3704]:
DEBUG:
<core>
[async_task.c:88]:
async_task_init():
start
initializing
asynk task
framework<br>
Nov 13
17:29:42
lasola
/usr/sbin/kamailio[3704]:
DEBUG:
<core>
[sr_module.c:959]:
init_mod():
tls<br>
Nov 13
17:29:42
lasola
/usr/sbin/kamailio[3704]:
WARNING: tls
[tls_mod.c:287]:
mod_init():
tls support is
disabled (set
enable_tls=1
in the config
to enable it)<br>
<br>
</div>
I tried finding
out, when those
messages are
written to the
log. The first
one with "no
engine
available" comes
from main.c, if
it wants to
initialize tls
but the module
is not loaded
yet. But it
comes only, if
tls_disable is
not set. So at
this point,
Kamailio knows
that we want to
use TLS. But
when this
message appears,
Kamailio sets
tls_disable to
1. The second
message "tls
support is
disabled" comes
from the tls
module, and only
when tls_disable
is set. So
that's quite
logical, because
it was set this
way before. <br>
<br>
</div>
I compared the
startup behavior
between 4.1.3 and
4.3.3, and in
4.1.3 we had it
pretty late in the
init section, so
there were a lot
of modules loaded
before tls and it
worked without a
problem.<br>
<br>
</div>
I'm too bad in
reading code, so I
don't know what I
have to do to get
this message go
away. The part of
the code, where this
is printed, changed
a bit, but the
conditions for
printing the message
stayed the same. I'm
out of ideas what to
check anymore.<br>
<br>
</div>
Best Regards,<br>
</div>
Sebastian<br>
<div class="gmail_extra"><br>
<div
class="gmail_quote">On
Fri, Nov 13, 2015 at
2:29 PM,
Daniel-Constantin
Mierla <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:miconda@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:miconda@gmail.com">miconda@gmail.com</a></a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0
0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div
bgcolor="#FFFFFF"
text="#000000">
Hello,<br>
<br>
it could be
related to the
fact that a lot
of internal
things are
initialized when
the first
modparam is
found in config,
but I thought
that change was
done in 3.x.<br>
<br>
Can you put the
tls module
config part
being the first?
The other
modules don't
need to be
initialized
before, actually
tls needs to be
initialized and
it does some of
its init stuff
when it is
loaded (unlike
the common to do
init stuff in
mod init).<br>
<br>
Cheers,<br>
Daniel
<div>
<div><br>
<br>
<div>On
13/11/15
14:16,
Sebastian Damm
wrote:<br>
</div>
<blockquote
type="cite">
<div dir="ltr">
<div>Hi
Daniel,<br>
<br>
</div>
yes, we see
this message.<br>
<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[sr_module.c:959]:
init_mod():
tls<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
WARNING: tls
[tls_mod.c:287]:
mod_init():
tls support is
disabled (set
enable_tls=1
in the config
to enable it)<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[main.c:2520]:
main(): Expect
(at least) 30
kamailio
processes in
your process
list<br>
<div
class="gmail_extra"><br>
</div>
<div
class="gmail_extra">Okay,
then the
message right
at the
beginning
probably just
irritated us.
But as you can
see, we have
set
enable_tls=1
(previously
and in the
documentation
it was set to
'yes'), but it
still doesn't
get enabled.<br>
<br>
</div>
<div
class="gmail_extra">Any
more ideas?<br>
<br>
</div>
<div
class="gmail_extra">Best
Regards,<br>
</div>
<div
class="gmail_extra">Sebastian<br>
</div>
<div
class="gmail_extra"><br>
<div
class="gmail_quote">On
Fri, Nov 13,
2015 at 12:32
PM,
Daniel-Constantin
Mierla <span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:miconda@gmail.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:miconda@gmail.com">miconda@gmail.com</a></a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div
bgcolor="#FFFFFF"
text="#000000">
Hello,<br>
<br>
if you start
with debug=3,
do you see the
message:<br>
<br>
DEBUG:
<core>
[sr_module.c:959]:
init_mod():
tls<br>
<br>
Cheers,<br>
Daniel
<div>
<div><br>
<br>
<div>On
13/11/15
12:17,
Sebastian Damm
wrote:<br>
</div>
</div>
</div>
<blockquote
type="cite">
<div>
<div>
<div dir="ltr">
<div>
<div>
<div>
<div>Hello,<br>
<br>
</div>
we just
updated one
kamailio
server from
4.1.5 to
4.3.3, and
although the
config file is
correct and
kamailio
starts up, it
doesn't
initialize TLS
and says " tls
support
enabled, but
no tls engineĀ
available
(forgot to
load the tls
module?)"<br>
<br>
</div>
In the log I
see:<br>
<br>
Old shutdown
(last lines):<br>
Nov 13
11:44:38
lasola
/usr/sbin/kamailio[15890]:
DEBUG:
<core>
[mem/shm_mem.c:235]:
shm_mem_destroy():
destroying the
shared memory
lock<br>
Nov 13
11:44:41
lasola
/usr/sbin/kamailio[14818]:
ERROR:
<core>
[tcp_read.c:271]:
tcp_read_data():
error reading:
Connection
reset by peer
(104)<br>
Nov 13
11:44:41
lasola
/usr/sbin/kamailio[14818]:
ERROR:
<core>
[tcp_read.c:1296]:
tcp_read_req():
ERROR:
tcp_read_req:
error reading<br>
<br>
New startup
(first lines):<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[daemonize.c:583]:
set_core_dump():
core dump
limits set to
18446744073709551615<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
WARNING:
<core>
[main.c:2475]:
main(): tls
support
enabled, but
no tls engineĀ
available
(forgot to
load the tls
module?)<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
WARNING:
<core>
[main.c:2476]:
main():
disabling
tls...<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[async_task.c:88]:
async_task_init():
start
initializing
asynk task
framework<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[sr_module.c:959]:
init_mod():
xmlrpc<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[sr_module.c:689]:
find_mod_export_record():
find_export_record:
found
<bind_sl>
in module sl
[/usr/lib/x86_64-linux-gnu/kamailio/modules//sl.so]<br>
Nov 13
11:44:42
lasola
/usr/sbin/kamailio[16113]:
DEBUG:
<core>
[sr_module.c:959]:
init_mod(): sl<br>
<br>
</div>
In our config
file we have
the following
lines for TLS
(pretty late,
after all
other module
loading and
after most
parameters):<br>
</div>
<div><br>
#!ifdef
ENABLETLS<br>
loadmodule
"tls.so"<br>
<br>
modparam("tls",
"private_key",
"/etc/ssl/private/my.kamailio-key.pem")<br>
modparam("tls",
"certificate",
"/etc/ssl/certs/my.kamailio.crt")<br>
#!ifdef
TLS_CA_CHAIN<br>
# Maybe we
want to use a
chain to the
CA<br>
modparam("tls",
"ca_list",
"/etc/ssl/certs/my.ca-bundle.crt")<br>
#!endif<br>
enable_tls=1<br>
listen=tls:<a
moz-do-not-send="true" href="http://1.2.3.4:5061" target="_blank">1.2.3.4:5061</a><br>
#!endif<br>
<br>
</div>
<div>After
starting up,
kamailio
listens on
port 5060, but
not on port
5061. In
version 4.1.1,
this config
worked without
a problem.<br>
<br>
</div>
<div>Has
anybody seen
this before?
the tls module
is there and
available, it
doesn't say
anything about
"cannot load
module", and
it is only a
warning
message. I'm
also
wondering, why
this message
is the first
after starting
the server.
From config I
would expect
that sl, tm
and all the
other modules
should be
initialized
before tls.<br>
<br>
</div>
<div>Best
Regards,<br>
</div>
<div>Sebastian<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset></fieldset>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
Book: SIP Routing With Kamailio - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
Kamailio Advanced Training, Nov 30-Dec 2, Berlin - <a class="moz-txt-link-freetext" href="http://asipto.com/kat">http://asipto.com/kat</a></pre>
</body>
</html>