[OpenSIPS-Devel] Opensips TLS issues
Răzvan Crainea
razvan at opensips.org
Thu Mar 31 11:38:02 CEST 2016
Hi, Alexandru!
This bug has been there for a while (see [1]), however we didn't manage
to fix it. Seems to be something related to the openssl version you are
using (1.0.1e)[2].
Just to make sure this issue is not caused by some of the changes we've
made for OpenSIPS 2.1, can you try to use an older version of OpenSIPS
(1.11) to see if this works?
[1] https://github.com/OpenSIPS/opensips/issues/834
[2] https://rt.openssl.org/Ticket/Display.html?id=3137&user=guest&pass=guest
Best regards,
Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com
On 03/25/2016 01:12 AM, Alexandru Valentin Pavelescu wrote:
> Hello,
>
> I'm trying to make Opensips work with TLS.
>
> When I start it I get the following error (debug level 6):
>
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> DBG:core:init_mod: initializing module proto_tls
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> INFO:proto_tls:mod_init: initializing TLS protocol
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> ERROR:proto_tls:mod_init: unable to set the memory allocation functions
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> ERROR:core:init_mod: failed to initialize module proto_tls
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> ERROR:core:main: error while initializing modules
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> INFO:core:cleanup: cleanup
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> DBG:tm:tm_shutdown: tm_shutdown : start
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> DBG:tm:unlink_timer_lists: emptying DELETE list for set 0
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> DBG:tm:tm_shutdown: emptying hash table
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> DBG:tm:tm_shutdown: releasing timers
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> DBG:tm:tm_shutdown: removing semaphores
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> DBG:tm:tm_shutdown: destroying callback lists
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> DBG:tm:tm_shutdown: tm_shutdown : done
> Mar 24 14:51:01 ip-10-25-15-118 /usr/local/sbin/opensips[2394]:
> DBG:core:shm_mem_destroy: destroying the shared memory lock
> Mar 24 14:51:01 ip-10-25-15-118 opensips: DBG:core:wait_status_code:
> read code 0 ? rc = 0, errno=Success
> Mar 24 14:51:01 ip-10-25-15-118 opensips: INFO:core:daemonize:
> pre-daemon process exiting with -1
>
>
>
> [root at ip-10-25-15-118 opensips_2_1]# vi /etc/sysconfig/opensips
> [root at ip-10-25-15-118 opensips_2_1]# vi /usr/local/etc/opensips/opensips.cfg
> [root at ip-10-25-15-118 opensips_2_1]# opensips -V
> version: opensips 2.1.2 (x86_64/linux)
> flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC,
> F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
> MAX_URI_SIZE 1024, BUF_SIZE 65535
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
> git revision: 92245fd
> main.c compiled on 14:11:13 Mar 24 2016 with gcc 4.4.7
> [root at ip-10-25-15-118 opensips_2_1]# uname -a
> Linux ip-10-25-15-118 2.6.32-573.18.1.el6.x86_64 #1 SMP Tue Feb 9
> 22:46:17 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
> [root at ip-10-25-15-118 opensips_2_1]# yum list installed openssl
> Loaded plugins: fastestmirror, presto
> Loading mirror speeds from cached hostfile
> * base: mirror.vcu.edu
> * extras: mirror.cogentco.com
> * updates: mirror.cogentco.com
> Installed Packages
> openssl.x86_64 1.0.1e-42.el6_7.4 @updates
> [root at ip-10-25-15-118 opensips_2_1]# yum list installed openssl-devel
> Loaded plugins: fastestmirror, presto
> Loading mirror speeds from cached hostfile
> * base: mirror.vcu.edu
> * extras: mirror.cogentco.com
> * updates: mirror.cogentco.com
> Installed Packages
> openssl-devel.x86_64 1.0.1e-42.el6_7.4 @updates
> [root at ip-10-25-15-118 opensips_2_1]#
>
>
>
> [root at ip-10-25-15-118 opensips_2_1]# cat
> /usr/local/etc/opensips/opensips.cfg
>
> #
> # $Id$
> #
> # OpenSIPS residential configuration script
> # by OpenSIPS Solutions <team at opensips-solutions.com>
> #
> # This script was generated via "make menuconfig", from
> # the "Residential" scenario.
> # You can enable / disable more features / functionalities by
> # re-generating the scenario with different options.#
> #
> # Please refer to the Core CookBook at:
> # http://www.opensips.org/Resources/DocsCookbooks
> # for a explanation of possible statements, functions and parameters.
> #
>
>
> ####### Global Parameters #########
>
> debug=6
> log_stderror=no
> log_facility=LOG_LOCAL0
>
> fork=yes
> children=4
>
> /* uncomment the following lines to enable debugging */
> #debug=6
> #fork=no
> #log_stderror=yes
>
> /* uncomment the next line to enable the auto temporary blacklisting of
> not available destinations (default disabled) */
> #disable_dns_blacklist=no
>
> /* uncomment the next line to enable IPv6 lookup after IPv4 dns
> lookup failures (default disabled) */
> #dns_try_ipv6=yes
>
> /* comment the next line to enable the auto discovery of local aliases
> based on revers DNS on IPs */
> auto_aliases=no
>
>
> listen=udp:10.25.15.118:5060 # CUSTOMIZE ME
>
> listen=tcp:10.25.15.118:5060 # CUSTOMIZE ME
> listen=tls:10.25.15.118:5061 # CUSTOMIZE ME
>
> advertised_address=xxxxxxxxxxxxx
> alias=xxxxxxxxxxxxxxxxx
>
> ####### Modules Section ########
>
> #set module path
> mpath="/usr/local/lib64/opensips/modules/"
>
> #### SIGNALING module
> loadmodule "signaling.so"
>
> #### StateLess module
> loadmodule "sl.so"
>
> #### Transaction Module
> loadmodule "tm.so"
> modparam("tm", "fr_timeout", 5)
> modparam("tm", "fr_inv_timeout", 30)
> modparam("tm", "restart_fr_on_each_reply", 0)
> modparam("tm", "onreply_avp_mode", 1)
>
> #### Record Route Module
> loadmodule "rr.so"
> /* do not append from tag to the RR (no need for this script) */
> modparam("rr", "append_fromtag", 0)
>
> #### MAX ForWarD module
> loadmodule "maxfwd.so"
>
> #### SIP MSG OPerationS module
> loadmodule "sipmsgops.so"
>
> #### FIFO Management Interface
> loadmodule "mi_fifo.so"
> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
> modparam("mi_fifo", "fifo_mode", 0666)
>
>
> #### URI module
> loadmodule "uri.so"
> modparam("uri", "use_uri_table", 0)
>
>
> #### PGSQL module
> loadmodule "db_postgres.so"
>
>
> #### USeR LOCation module
> loadmodule "usrloc.so"
> modparam("usrloc", "nat_bflag", "NAT")
> modparam("usrloc", "db_mode", 2)
> modparam("usrloc", "db_url",
>
> "postgres://xxxxxxxxxxx:xxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxxxxxxxxxxxxx/opensips7")
> # CUSTOMIZE ME
>
>
> #### REGISTRAR module
> loadmodule "registrar.so"
> modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
>
> /* uncomment the next line not to allow more than 10 contacts per AOR */
> #modparam("registrar", "max_contacts", 10)
>
> #### ACCounting module
> loadmodule "acc.so"
> /* what special events should be accounted ? */
> modparam("acc", "early_media", 0)
> modparam("acc", "report_cancels", 0)
> /* by default we do not adjust the direct of the sequential requests.
> if you enable this parameter, be sure the enable "append_fromtag"
> in "rr" module */
> modparam("acc", "detect_direction", 0)
> modparam("acc", "failed_transaction_flag", "ACC_FAILED")
> /* account triggers (flags) */
> modparam("acc", "log_flag", "ACC_DO")
> modparam("acc", "log_missed_flag", "ACC_MISSED")
>
>
> #### AUTHentication modules
> loadmodule "auth.so"
> loadmodule "auth_db.so"
> modparam("auth_db", "calculate_ha1", yes)
> modparam("auth_db", "password_column", "password")
> modparam("auth_db|uri", "db_url",
>
> "postgres://xxxxxxxxxxx:xxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxxxxxxxxxxxxx/opensips7")
> # CUSTOMIZE ME
> modparam("auth_db", "load_credentials", "")
>
>
> loadmodule "proto_udp.so"
>
> loadmodule "proto_tcp.so"
> loadmodule "proto_tls.so"
> modparam("proto_tls","verify_cert", "1")
> modparam("proto_tls","require_cert", "0")
> modparam("proto_tls","tls_method", "TLSv1")
> modparam("proto_tls","certificate",
> "/usr/local/etc/opensips/tls/user/user-cert.pem")
> modparam("proto_tls","private_key",
> "/usr/local/etc/opensips/tls/user/user-privkey.pem")
> modparam("proto_tls","ca_list",
> "/usr/local/etc/opensips/tls/user/user-calist.pem")
>
>
>
> ####### Routing Logic ########
>
> # main request routing logic
>
>
>
>
> Could you please be so kind and help with this as I've searched all the
> internet but couldn't find a solution.
> I can see there were more people asking about this but I don't see any
> resolution
>
> Thanks in advance for your support.
>
> Kind regards,
> Alex
>
>
> _______________________________________________
> Devel mailing list
> Devel at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
>
More information about the Devel
mailing list