Re: [SR-Users] kamailio 5.4.3 ubuntu 20.04 tls - http_async_client
Running Debian 10 on docker with http_async_client Connect to HTTPS. No issues found. ср, 27 янв. 2021 г. в 14:01, Filippo Graziola : > Hello, > > here are the results for ssl packages (dpkg -l | grep ssl): > > ii libcrypt-openssl-bignum-perl 0.09-1build3 > amd64Perl module to access OpenSSL multiprecision integer > arithmetic libraries > ii libcrypt-openssl-random-perl 0.15-1build2 > amd64module to access the OpenSSL pseudo-random number generator > ii libcrypt-openssl-rsa-perl0.31-1build1 > amd64module for RSA encryption using OpenSSL > ii libevent-openssl-2.1-7:amd64 2.1.11-stable-1 > amd64Asynchronous event notification library (openssl) > ii libgnutls-openssl27:amd643.6.13-2ubuntu1.3 > amd64GNU TLS library - OpenSSL wrapper > ii libssl-dev:amd64 1.1.1f-1ubuntu2.1 > amd64Secure Sockets Layer toolkit - development files > ii libssl1.1:amd64 1.1.1f-1ubuntu2.1 > amd64Secure Sockets Layer toolkit - shared libraries > ii libwavpack1:amd645.2.0-1ubuntu0.1 > amd64audio codec (lossy and lossless) - library > ii libxmlsec1-openssl:amd64 1.2.28-2 > amd64Openssl engine for the XML security library > ii libzstd1:amd64 1.4.4+dfsg-3 > amd64fast lossless compression algorithm > ii openssl 1.1.1f-1ubuntu2.1 > amd64Secure Sockets Layer toolkit - cryptographic utility > ii perl-openssl-defaults:amd64 4 > amd64version compatibility baseline for Perl OpenSSL packages > ii python3-openssl 19.0.0-1build1 > all Python 3 wrapper around the OpenSSL library > ii ssl-cert 1.0.39 > all simple debconf wrapper for OpenSSL > > here is the result of ldd on tls.so: > > linux-vdso.so.1 (0x7ffd687d6000) > libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x7f9feaf1c000) > libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 > (0x7f9feaef9000) > libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f9fead07000) > libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 > (0x7f9feaa31000) > /lib64/ld-linux-x86-64.so.2 (0x7f9feb071000) > libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f9feaa2b000) > > thanks > Filippo > > > Il giorno mer 27 gen 2021 alle ore 13:11 Daniel-Constantin Mierla < > mico...@gmail.com> ha scritto: > >> Hello, >> >> can you give more details about libssl on Ubuntu 20.04? The version (apt >> show libssl, or apt search libssl, ...), eventually the ldd over the tls.so >> kamailio module. >> >> Cheers, >> Daniel >> On 26.01.21 16:10, Filippo Graziola wrote: >> >> Hello, >> >> thanks for the fast reply, I just tried kamailio (5.4.3) from kamailio >> repo on debian buster, self-signed certificates, same minimal >> configuration. No error on start, so it seems specific for ubuntu. >> >> Il giorno mar 26 gen 2021 alle ore 15:39 Daniel-Constantin Mierla < >> mico...@gmail.com> ha scritto: >> >>> Hello, >>> >>> would you be able to test on Debian 10 (maybe using docker or virtual >>> machine/virtualbox) and see if you get the same issue? >>> >>> I do not have Ubuntu 20.04 at hand and I haven't encountered any issue >>> lately with tls on Debian 10. In this way we can rule out if it is specific >>> to Ubuntu version of the libraries or not. >>> >>> Cheers, >>> Daniel >>> On 26.01.21 15:06, Filippo Graziola wrote: >>> >>> Hi all, >>> I have an issue related (my guess) to tls and http_async_client module >>> that result in a segmentation fault and a not correct handle of tls >>> connections. >>> >>> First with only tls module loaded, not forked: >>> >>> 0(1021) INFO: [core/tcp_main.c:4983]: init_tcp(): using epoll_lt >>> as the io watch method (auto detected) >>> 0(1021) INFO: rr [../outbound/api.h:52]: ob_load_api(): unable to >>> import bind_ob - maybe module is not loaded >>> 0(1021) INFO: rr [rr_mod.c:185]: mod_init(): outbound module not >>> available >>> 0(1021) INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support! >>> 0(1021) INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman >>> 0(1021) WARNING: tls [tls_init.c:784]: tls_h_mod_init_f(): openssl bug >>> #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls >>> operations will fail preemptively) with free memory thresholds 4718592 and >>> 2359296 bytes >>> 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): >>> tls.low_mem_threshold1 has been changed to 4718592 >>> 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): >>> tls.low_mem_threshold2 has been changed to 2359296 >>> 0(1021) INFO: [main.c:2833]: main(): processes (at least): 9 - >>> shm size: 67108864 - pkg size: 67108864 >>> 0(1021) INFO: [core/udp_server.c:154]: >>> probe_max_receive_buffer(): SO_RCVBUF is initially 212992 >>> 0(1021) INFO:
Re: [SR-Users] kamailio 5.4.3 ubuntu 20.04 tls - http_async_client
Hello, here are the results for ssl packages (dpkg -l | grep ssl): ii libcrypt-openssl-bignum-perl 0.09-1build3 amd64Perl module to access OpenSSL multiprecision integer arithmetic libraries ii libcrypt-openssl-random-perl 0.15-1build2 amd64module to access the OpenSSL pseudo-random number generator ii libcrypt-openssl-rsa-perl0.31-1build1 amd64module for RSA encryption using OpenSSL ii libevent-openssl-2.1-7:amd64 2.1.11-stable-1 amd64Asynchronous event notification library (openssl) ii libgnutls-openssl27:amd643.6.13-2ubuntu1.3 amd64GNU TLS library - OpenSSL wrapper ii libssl-dev:amd64 1.1.1f-1ubuntu2.1 amd64Secure Sockets Layer toolkit - development files ii libssl1.1:amd64 1.1.1f-1ubuntu2.1 amd64Secure Sockets Layer toolkit - shared libraries ii libwavpack1:amd645.2.0-1ubuntu0.1 amd64audio codec (lossy and lossless) - library ii libxmlsec1-openssl:amd64 1.2.28-2 amd64Openssl engine for the XML security library ii libzstd1:amd64 1.4.4+dfsg-3 amd64fast lossless compression algorithm ii openssl 1.1.1f-1ubuntu2.1 amd64Secure Sockets Layer toolkit - cryptographic utility ii perl-openssl-defaults:amd64 4 amd64version compatibility baseline for Perl OpenSSL packages ii python3-openssl 19.0.0-1build1 all Python 3 wrapper around the OpenSSL library ii ssl-cert 1.0.39 all simple debconf wrapper for OpenSSL here is the result of ldd on tls.so: linux-vdso.so.1 (0x7ffd687d6000) libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x7f9feaf1c000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x7f9feaef9000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f9fead07000) libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x7f9feaa31000) /lib64/ld-linux-x86-64.so.2 (0x7f9feb071000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f9feaa2b000) thanks Filippo Il giorno mer 27 gen 2021 alle ore 13:11 Daniel-Constantin Mierla < mico...@gmail.com> ha scritto: > Hello, > > can you give more details about libssl on Ubuntu 20.04? The version (apt > show libssl, or apt search libssl, ...), eventually the ldd over the tls.so > kamailio module. > > Cheers, > Daniel > On 26.01.21 16:10, Filippo Graziola wrote: > > Hello, > > thanks for the fast reply, I just tried kamailio (5.4.3) from kamailio > repo on debian buster, self-signed certificates, same minimal > configuration. No error on start, so it seems specific for ubuntu. > > Il giorno mar 26 gen 2021 alle ore 15:39 Daniel-Constantin Mierla < > mico...@gmail.com> ha scritto: > >> Hello, >> >> would you be able to test on Debian 10 (maybe using docker or virtual >> machine/virtualbox) and see if you get the same issue? >> >> I do not have Ubuntu 20.04 at hand and I haven't encountered any issue >> lately with tls on Debian 10. In this way we can rule out if it is specific >> to Ubuntu version of the libraries or not. >> >> Cheers, >> Daniel >> On 26.01.21 15:06, Filippo Graziola wrote: >> >> Hi all, >> I have an issue related (my guess) to tls and http_async_client module >> that result in a segmentation fault and a not correct handle of tls >> connections. >> >> First with only tls module loaded, not forked: >> >> 0(1021) INFO: [core/tcp_main.c:4983]: init_tcp(): using epoll_lt >> as the io watch method (auto detected) >> 0(1021) INFO: rr [../outbound/api.h:52]: ob_load_api(): unable to import >> bind_ob - maybe module is not loaded >> 0(1021) INFO: rr [rr_mod.c:185]: mod_init(): outbound module not >> available >> 0(1021) INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support! >> 0(1021) INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman >> 0(1021) WARNING: tls [tls_init.c:784]: tls_h_mod_init_f(): openssl bug >> #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls >> operations will fail preemptively) with free memory thresholds 4718592 and >> 2359296 bytes >> 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): >> tls.low_mem_threshold1 has been changed to 4718592 >> 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): >> tls.low_mem_threshold2 has been changed to 2359296 >> 0(1021) INFO: [main.c:2833]: main(): processes (at least): 9 - >> shm size: 67108864 - pkg size: 67108864 >> 0(1021) INFO: [core/udp_server.c:154]: >> probe_max_receive_buffer(): SO_RCVBUF is initially 212992 >> 0(1021) INFO: [core/udp_server.c:206]: >> probe_max_receive_buffer(): SO_RCVBUF is finally 425984 >> 0(1021) INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): >> TLSs: tls_method=12 >> 0(1021) INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): >> TLSs: certificate='/etc/kamailio/fullchain.pem' >> 0(1021) INFO: tls
Re: [SR-Users] kamailio 5.4.3 ubuntu 20.04 tls - http_async_client
Hello, can you give more details about libssl on Ubuntu 20.04? The version (apt show libssl, or apt search libssl, ...), eventually the ldd over the tls.so kamailio module. Cheers, Daniel On 26.01.21 16:10, Filippo Graziola wrote: > Hello, > > thanks for the fast reply, I just tried kamailio (5.4.3) from kamailio > repo on debian buster, self-signed certificates, same minimal > configuration. No error on start, so it seems specific for ubuntu. > > Il giorno mar 26 gen 2021 alle ore 15:39 Daniel-Constantin Mierla > mailto:mico...@gmail.com>> ha scritto: > > Hello, > > would you be able to test on Debian 10 (maybe using docker or > virtual machine/virtualbox) and see if you get the same issue? > > I do not have Ubuntu 20.04 at hand and I haven't encountered any > issue lately with tls on Debian 10. In this way we can rule out if > it is specific to Ubuntu version of the libraries or not. > > Cheers, > Daniel > > On 26.01.21 15:06, Filippo Graziola wrote: >> Hi all, >> I have an issue related (my guess) to tls and http_async_client >> module that result in a segmentation fault and a not correct >> handle of tls connections. >> >> First with only tls module loaded, not forked: >> >> 0(1021) INFO: [core/tcp_main.c:4983]: init_tcp(): using >> epoll_lt as the io watch method (auto detected) >> 0(1021) INFO: rr [../outbound/api.h:52]: ob_load_api(): unable >> to import bind_ob - maybe module is not loaded >> 0(1021) INFO: rr [rr_mod.c:185]: mod_init(): outbound module not >> available >> 0(1021) INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support! >> 0(1021) INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman >> 0(1021) WARNING: tls [tls_init.c:784]: tls_h_mod_init_f(): >> openssl bug #1491 (crash/mem leaks on low memory) workaround >> enabled (on low memory tls operations will fail preemptively) >> with free memory thresholds 4718592 and 2359296 bytes >> 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): >> tls.low_mem_threshold1 has been changed to 4718592 >> 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): >> tls.low_mem_threshold2 has been changed to 2359296 >> 0(1021) INFO: [main.c:2833]: main(): processes (at >> least): 9 - shm size: 67108864 - pkg size: 67108864 >> 0(1021) INFO: [core/udp_server.c:154]: >> probe_max_receive_buffer(): SO_RCVBUF is initially 212992 >> 0(1021) INFO: [core/udp_server.c:206]: >> probe_max_receive_buffer(): SO_RCVBUF is finally 425984 >> 0(1021) INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): >> TLSs: tls_method=12 >> 0(1021) INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): >> TLSs: certificate='/etc/kamailio/fullchain.pem' >> 0(1021) INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): >> TLSs: ca_list='(null)' >> 0(1021) INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): >> TLSs: crl='(null)' >> 0(1021) INFO: tls [tls_domain.c:334]: ksr_tls_fill_missing(): >> TLSs: require_certificate=0 >> 0(1021) INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): >> TLSs: cipher_list='(null)' >> 0(1021) INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): >> TLSs: private_key='/etc/kamailio/privkey.pem' >> 0(1021) INFO: tls [tls_domain.c:352]: ksr_tls_fill_missing(): >> TLSs: verify_certificate=0 >> 0(1021) INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): >> TLSs: verify_depth=9 >> 0(1021) INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): >> TLSs: verify_client=0 >> 0(1021) NOTICE: tls [tls_domain.c:1105]: ksr_tls_fix_domain(): >> registered server_name callback handler for socket [:0], >> server_name='' ... >> 0(1021) INFO: tls [tls_domain.c:711]: set_verification(): >> TLSs: No client certificate required and no checks performed >> 0(1021) INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): >> TLSc: tls_method=20 >> 0(1021) INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): >> TLSc: certificate='(null)' >> 0(1021) INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): >> TLSc: ca_list='(null)' >> 0(1021) INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): >> TLSc: crl='(null)' >> 0(1021) INFO: tls [tls_domain.c:334]: ksr_tls_fill_missing(): >> TLSc: require_certificate=0 >> 0(1021) INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): >> TLSc: cipher_list='(null)' >> 0(1021) INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): >> TLSc: private_key='(null)' >> 0(1021) INFO: tls [tls_domain.c:352]: ksr_tls_fill_missing(): >> TLSc: verify_certificate=0 >> 0(1021) INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): >> TLSc: verify_depth=9 >> 0(1021) INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): >> TLSc: verify_client=0 >> 0(1021) INFO: tls [tls_domain.c:714]:
Re: [SR-Users] kamailio 5.4.3 ubuntu 20.04 tls - http_async_client
I think this may be related. https://github.com/kamailio/kamailio/issues/2599 Kamailio creates the core file when the process exiting. On Tue, Jan 26, 2021 at 6:13 PM Filippo Graziola wrote: > Hello, > > thanks for the fast reply, I just tried kamailio (5.4.3) from kamailio > repo on debian buster, self-signed certificates, same minimal > configuration. No error on start, so it seems specific for ubuntu. > > Il giorno mar 26 gen 2021 alle ore 15:39 Daniel-Constantin Mierla < > mico...@gmail.com> ha scritto: > >> Hello, >> >> would you be able to test on Debian 10 (maybe using docker or virtual >> machine/virtualbox) and see if you get the same issue? >> >> I do not have Ubuntu 20.04 at hand and I haven't encountered any issue >> lately with tls on Debian 10. In this way we can rule out if it is specific >> to Ubuntu version of the libraries or not. >> >> Cheers, >> Daniel >> On 26.01.21 15:06, Filippo Graziola wrote: >> >> Hi all, >> I have an issue related (my guess) to tls and http_async_client module >> that result in a segmentation fault and a not correct handle of tls >> connections. >> >> First with only tls module loaded, not forked: >> >> 0(1021) INFO: [core/tcp_main.c:4983]: init_tcp(): using epoll_lt >> as the io watch method (auto detected) >> 0(1021) INFO: rr [../outbound/api.h:52]: ob_load_api(): unable to import >> bind_ob - maybe module is not loaded >> 0(1021) INFO: rr [rr_mod.c:185]: mod_init(): outbound module not >> available >> 0(1021) INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support! >> 0(1021) INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman >> 0(1021) WARNING: tls [tls_init.c:784]: tls_h_mod_init_f(): openssl bug >> #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls >> operations will fail preemptively) with free memory thresholds 4718592 and >> 2359296 bytes >> 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): >> tls.low_mem_threshold1 has been changed to 4718592 >> 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): >> tls.low_mem_threshold2 has been changed to 2359296 >> 0(1021) INFO: [main.c:2833]: main(): processes (at least): 9 - >> shm size: 67108864 - pkg size: 67108864 >> 0(1021) INFO: [core/udp_server.c:154]: >> probe_max_receive_buffer(): SO_RCVBUF is initially 212992 >> 0(1021) INFO: [core/udp_server.c:206]: >> probe_max_receive_buffer(): SO_RCVBUF is finally 425984 >> 0(1021) INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): >> TLSs: tls_method=12 >> 0(1021) INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): >> TLSs: certificate='/etc/kamailio/fullchain.pem' >> 0(1021) INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): >> TLSs: ca_list='(null)' >> 0(1021) INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): >> TLSs: crl='(null)' >> 0(1021) INFO: tls [tls_domain.c:334]: ksr_tls_fill_missing(): >> TLSs: require_certificate=0 >> 0(1021) INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): >> TLSs: cipher_list='(null)' >> 0(1021) INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): >> TLSs: private_key='/etc/kamailio/privkey.pem' >> 0(1021) INFO: tls [tls_domain.c:352]: ksr_tls_fill_missing(): >> TLSs: verify_certificate=0 >> 0(1021) INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): >> TLSs: verify_depth=9 >> 0(1021) INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): >> TLSs: verify_client=0 >> 0(1021) NOTICE: tls [tls_domain.c:1105]: ksr_tls_fix_domain(): >> registered server_name callback handler for socket [:0], >> server_name='' ... >> 0(1021) INFO: tls [tls_domain.c:711]: set_verification(): TLSs: >> No client certificate required and no checks performed >> 0(1021) INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): >> TLSc: tls_method=20 >> 0(1021) INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): >> TLSc: certificate='(null)' >> 0(1021) INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): >> TLSc: ca_list='(null)' >> 0(1021) INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): >> TLSc: crl='(null)' >> 0(1021) INFO: tls [tls_domain.c:334]: ksr_tls_fill_missing(): >> TLSc: require_certificate=0 >> 0(1021) INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): >> TLSc: cipher_list='(null)' >> 0(1021) INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): >> TLSc: private_key='(null)' >> 0(1021) INFO: tls [tls_domain.c:352]: ksr_tls_fill_missing(): >> TLSc: verify_certificate=0 >> 0(1021) INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): >> TLSc: verify_depth=9 >> 0(1021) INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): >> TLSc: verify_client=0 >> 0(1021) INFO: tls [tls_domain.c:714]: set_verification(): TLSc: >> Server MAY present invalid certificate >> 6(1027) ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level >> error >> 6(1027) ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS >> accept:error:141FC044:SSL routines:tls_setup_handshake:internal error >> 6(1027) ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: >>
Re: [SR-Users] kamailio 5.4.3 ubuntu 20.04 tls - http_async_client
Hello, thanks for the fast reply, I just tried kamailio (5.4.3) from kamailio repo on debian buster, self-signed certificates, same minimal configuration. No error on start, so it seems specific for ubuntu. Il giorno mar 26 gen 2021 alle ore 15:39 Daniel-Constantin Mierla < mico...@gmail.com> ha scritto: > Hello, > > would you be able to test on Debian 10 (maybe using docker or virtual > machine/virtualbox) and see if you get the same issue? > > I do not have Ubuntu 20.04 at hand and I haven't encountered any issue > lately with tls on Debian 10. In this way we can rule out if it is specific > to Ubuntu version of the libraries or not. > > Cheers, > Daniel > On 26.01.21 15:06, Filippo Graziola wrote: > > Hi all, > I have an issue related (my guess) to tls and http_async_client module > that result in a segmentation fault and a not correct handle of tls > connections. > > First with only tls module loaded, not forked: > > 0(1021) INFO: [core/tcp_main.c:4983]: init_tcp(): using epoll_lt > as the io watch method (auto detected) > 0(1021) INFO: rr [../outbound/api.h:52]: ob_load_api(): unable to import > bind_ob - maybe module is not loaded > 0(1021) INFO: rr [rr_mod.c:185]: mod_init(): outbound module not available > 0(1021) INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support! > 0(1021) INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman > 0(1021) WARNING: tls [tls_init.c:784]: tls_h_mod_init_f(): openssl bug > #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls > operations will fail preemptively) with free memory thresholds 4718592 and > 2359296 bytes > 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): > tls.low_mem_threshold1 has been changed to 4718592 > 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): > tls.low_mem_threshold2 has been changed to 2359296 > 0(1021) INFO: [main.c:2833]: main(): processes (at least): 9 - shm > size: 67108864 - pkg size: 67108864 > 0(1021) INFO: [core/udp_server.c:154]: probe_max_receive_buffer(): > SO_RCVBUF is initially 212992 > 0(1021) INFO: [core/udp_server.c:206]: probe_max_receive_buffer(): > SO_RCVBUF is finally 425984 > 0(1021) INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): > TLSs: tls_method=12 > 0(1021) INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): > TLSs: certificate='/etc/kamailio/fullchain.pem' > 0(1021) INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): > TLSs: ca_list='(null)' > 0(1021) INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): > TLSs: crl='(null)' > 0(1021) INFO: tls [tls_domain.c:334]: ksr_tls_fill_missing(): > TLSs: require_certificate=0 > 0(1021) INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): > TLSs: cipher_list='(null)' > 0(1021) INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): > TLSs: private_key='/etc/kamailio/privkey.pem' > 0(1021) INFO: tls [tls_domain.c:352]: ksr_tls_fill_missing(): > TLSs: verify_certificate=0 > 0(1021) INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): > TLSs: verify_depth=9 > 0(1021) INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): > TLSs: verify_client=0 > 0(1021) NOTICE: tls [tls_domain.c:1105]: ksr_tls_fix_domain(): registered > server_name callback handler for socket [:0], server_name='' ... > 0(1021) INFO: tls [tls_domain.c:711]: set_verification(): TLSs: > No client certificate required and no checks performed > 0(1021) INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): > TLSc: tls_method=20 > 0(1021) INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): > TLSc: certificate='(null)' > 0(1021) INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): > TLSc: ca_list='(null)' > 0(1021) INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): > TLSc: crl='(null)' > 0(1021) INFO: tls [tls_domain.c:334]: ksr_tls_fill_missing(): > TLSc: require_certificate=0 > 0(1021) INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): > TLSc: cipher_list='(null)' > 0(1021) INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): > TLSc: private_key='(null)' > 0(1021) INFO: tls [tls_domain.c:352]: ksr_tls_fill_missing(): > TLSc: verify_certificate=0 > 0(1021) INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): > TLSc: verify_depth=9 > 0(1021) INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): > TLSc: verify_client=0 > 0(1021) INFO: tls [tls_domain.c:714]: set_verification(): TLSc: > Server MAY present invalid certificate > 6(1027) ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level > error > 6(1027) ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS > accept:error:141FC044:SSL routines:tls_setup_handshake:internal error > 6(1027) ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: > XXX > 6(1027) ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: > XX > 6(1027) ERROR: [core/tcp_read.c:1498]: tcp_read_req(): ERROR: > tcp_read_req: error reading - c: 0x7f2cbc1b3948 r: 0x7f2cbc1b3a70 (-1) > > so no segmentation fault but error in handling. > > Second one also
Re: [SR-Users] kamailio 5.4.3 ubuntu 20.04 tls - http_async_client
Hello, would you be able to test on Debian 10 (maybe using docker or virtual machine/virtualbox) and see if you get the same issue? I do not have Ubuntu 20.04 at hand and I haven't encountered any issue lately with tls on Debian 10. In this way we can rule out if it is specific to Ubuntu version of the libraries or not. Cheers, Daniel On 26.01.21 15:06, Filippo Graziola wrote: > Hi all, > I have an issue related (my guess) to tls and http_async_client module > that result in a segmentation fault and a not correct handle of tls > connections. > > First with only tls module loaded, not forked: > > 0(1021) INFO: [core/tcp_main.c:4983]: init_tcp(): using > epoll_lt as the io watch method (auto detected) > 0(1021) INFO: rr [../outbound/api.h:52]: ob_load_api(): unable to > import bind_ob - maybe module is not loaded > 0(1021) INFO: rr [rr_mod.c:185]: mod_init(): outbound module not > available > 0(1021) INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support! > 0(1021) INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman > 0(1021) WARNING: tls [tls_init.c:784]: tls_h_mod_init_f(): openssl > bug #1491 (crash/mem leaks on low memory) workaround enabled (on low > memory tls operations will fail preemptively) with free memory > thresholds 4718592 and 2359296 bytes > 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): > tls.low_mem_threshold1 has been changed to 4718592 > 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): > tls.low_mem_threshold2 has been changed to 2359296 > 0(1021) INFO: [main.c:2833]: main(): processes (at least): 9 - > shm size: 67108864 - pkg size: 67108864 > 0(1021) INFO: [core/udp_server.c:154]: > probe_max_receive_buffer(): SO_RCVBUF is initially 212992 > 0(1021) INFO: [core/udp_server.c:206]: > probe_max_receive_buffer(): SO_RCVBUF is finally 425984 > 0(1021) INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): > TLSs: tls_method=12 > 0(1021) INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): > TLSs: certificate='/etc/kamailio/fullchain.pem' > 0(1021) INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): > TLSs: ca_list='(null)' > 0(1021) INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): > TLSs: crl='(null)' > 0(1021) INFO: tls [tls_domain.c:334]: ksr_tls_fill_missing(): > TLSs: require_certificate=0 > 0(1021) INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): > TLSs: cipher_list='(null)' > 0(1021) INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): > TLSs: private_key='/etc/kamailio/privkey.pem' > 0(1021) INFO: tls [tls_domain.c:352]: ksr_tls_fill_missing(): > TLSs: verify_certificate=0 > 0(1021) INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): > TLSs: verify_depth=9 > 0(1021) INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): > TLSs: verify_client=0 > 0(1021) NOTICE: tls [tls_domain.c:1105]: ksr_tls_fix_domain(): > registered server_name callback handler for socket [:0], > server_name='' ... > 0(1021) INFO: tls [tls_domain.c:711]: set_verification(): > TLSs: No client certificate required and no checks performed > 0(1021) INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): > TLSc: tls_method=20 > 0(1021) INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): > TLSc: certificate='(null)' > 0(1021) INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): > TLSc: ca_list='(null)' > 0(1021) INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): > TLSc: crl='(null)' > 0(1021) INFO: tls [tls_domain.c:334]: ksr_tls_fill_missing(): > TLSc: require_certificate=0 > 0(1021) INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): > TLSc: cipher_list='(null)' > 0(1021) INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): > TLSc: private_key='(null)' > 0(1021) INFO: tls [tls_domain.c:352]: ksr_tls_fill_missing(): > TLSc: verify_certificate=0 > 0(1021) INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): > TLSc: verify_depth=9 > 0(1021) INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): > TLSc: verify_client=0 > 0(1021) INFO: tls [tls_domain.c:714]: set_verification(): > TLSc: Server MAY present invalid certificate > 6(1027) ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol > level error > 6(1027) ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS > accept:error:141FC044:SSL routines:tls_setup_handshake:internal error > 6(1027) ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: > XXX > 6(1027) ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination > IP: XX > 6(1027) ERROR: [core/tcp_read.c:1498]: tcp_read_req(): ERROR: > tcp_read_req: error reading - c: 0x7f2cbc1b3948 r: 0x7f2cbc1b3a70 (-1) > > so no segmentation fault but error in handling. > > Second one also with http_async_client loaded: > > 0(1059) INFO: [core/tcp_main.c:4983]: init_tcp(): using > epoll_lt as the io watch method (auto detected) > 0(1061) INFO: rr [../outbound/api.h:52]: ob_load_api(): unable to > import bind_ob - maybe module is not loaded > 0(1061) INFO: rr [rr_mod.c:185]: mod_init(): outbound module not >
[SR-Users] kamailio 5.4.3 ubuntu 20.04 tls - http_async_client
Hi all, I have an issue related (my guess) to tls and http_async_client module that result in a segmentation fault and a not correct handle of tls connections. First with only tls module loaded, not forked: 0(1021) INFO: [core/tcp_main.c:4983]: init_tcp(): using epoll_lt as the io watch method (auto detected) 0(1021) INFO: rr [../outbound/api.h:52]: ob_load_api(): unable to import bind_ob - maybe module is not loaded 0(1021) INFO: rr [rr_mod.c:185]: mod_init(): outbound module not available 0(1021) INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support! 0(1021) INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman 0(1021) WARNING: tls [tls_init.c:784]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls operations will fail preemptively) with free memory thresholds 4718592 and 2359296 bytes 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): tls.low_mem_threshold1 has been changed to 4718592 0(1021) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): tls.low_mem_threshold2 has been changed to 2359296 0(1021) INFO: [main.c:2833]: main(): processes (at least): 9 - shm size: 67108864 - pkg size: 67108864 0(1021) INFO: [core/udp_server.c:154]: probe_max_receive_buffer(): SO_RCVBUF is initially 212992 0(1021) INFO: [core/udp_server.c:206]: probe_max_receive_buffer(): SO_RCVBUF is finally 425984 0(1021) INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSs: tls_method=12 0(1021) INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSs: certificate='/etc/kamailio/fullchain.pem' 0(1021) INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSs: ca_list='(null)' 0(1021) INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSs: crl='(null)' 0(1021) INFO: tls [tls_domain.c:334]: ksr_tls_fill_missing(): TLSs: require_certificate=0 0(1021) INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSs: cipher_list='(null)' 0(1021) INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSs: private_key='/etc/kamailio/privkey.pem' 0(1021) INFO: tls [tls_domain.c:352]: ksr_tls_fill_missing(): TLSs: verify_certificate=0 0(1021) INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSs: verify_depth=9 0(1021) INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSs: verify_client=0 0(1021) NOTICE: tls [tls_domain.c:1105]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='' ... 0(1021) INFO: tls [tls_domain.c:711]: set_verification(): TLSs: No client certificate required and no checks performed 0(1021) INFO: tls [tls_domain.c:305]: ksr_tls_fill_missing(): TLSc: tls_method=20 0(1021) INFO: tls [tls_domain.c:317]: ksr_tls_fill_missing(): TLSc: certificate='(null)' 0(1021) INFO: tls [tls_domain.c:324]: ksr_tls_fill_missing(): TLSc: ca_list='(null)' 0(1021) INFO: tls [tls_domain.c:331]: ksr_tls_fill_missing(): TLSc: crl='(null)' 0(1021) INFO: tls [tls_domain.c:334]: ksr_tls_fill_missing(): TLSc: require_certificate=0 0(1021) INFO: tls [tls_domain.c:342]: ksr_tls_fill_missing(): TLSc: cipher_list='(null)' 0(1021) INFO: tls [tls_domain.c:349]: ksr_tls_fill_missing(): TLSc: private_key='(null)' 0(1021) INFO: tls [tls_domain.c:352]: ksr_tls_fill_missing(): TLSc: verify_certificate=0 0(1021) INFO: tls [tls_domain.c:356]: ksr_tls_fill_missing(): TLSc: verify_depth=9 0(1021) INFO: tls [tls_domain.c:359]: ksr_tls_fill_missing(): TLSc: verify_client=0 0(1021) INFO: tls [tls_domain.c:714]: set_verification(): TLSc: Server MAY present invalid certificate 6(1027) ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error 6(1027) ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:141FC044:SSL routines:tls_setup_handshake:internal error 6(1027) ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: XXX 6(1027) ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: XX 6(1027) ERROR: [core/tcp_read.c:1498]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f2cbc1b3948 r: 0x7f2cbc1b3a70 (-1) so no segmentation fault but error in handling. Second one also with http_async_client loaded: 0(1059) INFO: [core/tcp_main.c:4983]: init_tcp(): using epoll_lt as the io watch method (auto detected) 0(1061) INFO: rr [../outbound/api.h:52]: ob_load_api(): unable to import bind_ob - maybe module is not loaded 0(1061) INFO: rr [rr_mod.c:185]: mod_init(): outbound module not available 0(1061) INFO: tls [tls_mod.c:389]: mod_init(): With ECDH-Support! 0(1061) INFO: tls [tls_mod.c:392]: mod_init(): With Diffie Hellman 0(1061) INFO: http_async_client [http_async_client_mod.c:222]: mod_init(): Initializing Http Async module 0(1061) WARNING: tls [tls_init.c:784]: tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls operations will fail preemptively) with free memory thresholds 5242880 and 2621440 bytes 0(1061) INFO: [core/cfg/cfg_ctx.c:595]: cfg_set_now(): tls.low_mem_threshold1 has
