<!--
Kamailio Project uses GitHub Issues only for bugs in the code or feature
requests. Please use this template only for bug reports.
If you have questions about using Kamailio or related to its configuration
file, ask on sr-users mailing list:
*
https://lists.kamailio.org/mailman3/postorius/lists/sr-users.lists.kamailio.org/
If you have questions about developing extensions to Kamailio or its existing C
code, ask on sr-dev mailing list:
*
https://lists.kamailio.org/mailman3/postorius/lists/sr-dev.lists.kamailio.org/
Please try to fill this template as much as possible for any issue. It helps
the developers to troubleshoot the issue.
Note that an issue report may be closed automatically after about 2 months
if there is no interest from developers or community users on pursuing it, being
considered expired. In such case, it can be reopened by writing a comment that
includes
the token `/notexpired`. About two weeks before considered expired, the issue is
marked with the label `stale`, trying to notify the submitter and everyone else
that might be interested in it. To remove the label `stale`, write a comment
that
includes the token `/notstale`. Also, any comment postpone the `expire`
timeline,
being considered that there is interest in pursuing the issue.
If there is no content to be filled in a section, the entire section can be
removed.
You can delete the comments from the template sections when filling.
You can delete next line and everything above before submitting (it is a
comment).
-->
### Description
While trying latest kamailio 5.7 branch, when tls_threads_mode is set to 1, it
fails to load self signed certificates. Setting tls_threads_mode to 0 works as
expected. Certificates are self signed for a local test env, generated with
openssl 3.x.
### Troubleshooting
The issue is very similar to https://github.com/kamailio/kamailio/issues/3737
but in my case the openssl config seems correct, and happens only enabling the
tls_threads_mode
#### Reproduction
Certs have been generated with `openssl req -new -newkey rsa:4096 -x509 -sha256
-days 3650 -nodes -out server.pem -keyout server.key`
[server.pem.txt](https://github.com/kamailio/kamailio/files/14384611/server.pem.txt)
[server.key.txt](https://github.com/kamailio/kamailio/files/14384612/server.key.txt)
(these are self signed cert for testing, nothing that cannot be shared)
My tls.cfg is very simple:
```
[server:default]
method = TLSv1.2+
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/server.key
certificate = /etc/kamailio/server.pem
[client:default]
method = TLSv1.2+
verify_certificate = no
require_certificate = no
```
#### Log Messages
<!--
Check the syslog file and if there are relevant log messages printed by
Kamailio, add them next, or attach to issue, or provide a link to download them
(e.g., to a pastebin site).
-->
```
1(35) NOTICE: tls [tls_domain.c:1168]: ksr_tls_fix_domain(): registered
server_name callback handler for socket [:0], server_name='<default>' ...
1(35) ERROR: tls [tls_domain.c:590]: load_cert(): TLSs<default>: Unable to
load certificate file '/etc/kamailio/server.pem'
1(35) ERROR: tls [tls_util.h:49]: tls_err_ret():
load_cert:error:03000072:digital envelope routines::decode error (sni: unknown)
1(35) ERROR: tls [tls_util.h:49]: tls_err_ret(): load_cert:error:0A00018F:SSL
routines::ee key too small (sni: unknown)
1(35) ERROR: <core> [core/sr_module.c:913]: init_mod_child(): error while
initializing module tls (/usr/lib/x86_64-linux-gnu/kamailio/modules/tls.so)
```
### Possible Solutions
Don't use tls_threads_mode for now.
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.7.4 (x86_64/linux) a0dfb8
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE,
USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC,
F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT,
USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES,
TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024,
BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: a0dfb8
compiled with gcc 11.4.0
```
Actually this is built from 5.7 branch, on commit
a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd
* **Operating System**:
<!--
Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu
16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...;
Kernel details (output of `lsb_release -a` and `uname -a`)
-->
Containerized Ubunu jammy, updated as of today.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3764
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3...@github.com>
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
