Opensips 1.9.1 with TLS fails to start on Fedora 18

[jalung]

It exits with the following message:

Jul 20 00:08:08 sip opensips: ERROR:core:init_tls: unable to set the memory allocation functions
Jul 20 00:08:08 sip opensips: CRITICAL:core:main: could not initialize tls, exiting...

Searched the web to reveal this bit of info from another FC18 user:

I was'nt able to start Opensips with TLS because it seems that openssl was compiled in FIPS mode.

It seems that with FIPS openssl 1.0.1e disable malloc and free that opensips use.

I recompile openssl 1.0.1e without FIPS and replace the libraries in /lib but I got a strange message from opensips when I restart.

localhost opensips: WARNING:core:fm_free: free(0) called
localhost opensips: ERROR:core:init_tls: compiled agaist an openssl with no kerberos, but run with one with no kerberos
localhost opensips: CRITICAL:core:main: could not initialize tls, exiting...

I did check the code in "tls_init.c" in opensips and it seems a little bit messy at line 535...
Like it compare something that is fix but seems to print the message anyway with a dynamic variable that is get from openssl ciphers suites and the double inversions seems to get the output a little fuzzy...

In anycase, I try to compile openssl libraries without kerberos and it did'nt work, I retry to compile it with Kerberos MIT flavor and it work.

I just hope I will help someone else.

I don't know if it's possible to try to get a patch for opensips in Fedora 18 that could use openssl with FIPS.

[bogdan-iancu]

The CRITICAL message you get points to a mixture between the libraries and header files for OpenSSL (they do not belong to the same version).
OpenSIPS detects that the openSSL lib it compiles against supports KRB5 cipher, but the defines from the header files does not support it.
It may be because you have 2 versions of openSSL (the one from packages and the one you locally complied) and the the header files and the library file belongs to different versions.

Regards,
Bogdan

[jalung]

Actually, Opensips compiled on a new installation of FC18 does not start with tls enabled in the configuration file. There are no other SSL versions or headers. This same 1.9.1 compilation and configuration runs on older versions of FC.

My post incorporates information from someone else who attempted to fix it and apparently was successful. Your reply would be helpful in that regard for anyone trying to fix it, if going the same route.

It seems the issue concerns malloc and free being disabled in the FC18 openssl compilation with FIPS.

Side note: FC18 packages the 1.8.x version, this was not tested to know if that version works or not as the configuration file is for 1.9.1.

[apsaras]

Hello.

Same issue with Debian 7, 64bit, openssl 1.0.1e, opensips latest

version: opensips 2.1.2 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535

Feb 17 23:57:49 [4934] INFO:proto_tls:mod_init: initializing TLS protocol
Feb 17 23:57:49 [4934] ERROR:proto_tls:mod_init: unable to set the memory allocation functions
Feb 17 23:57:49 [4934] ERROR:core:init_mod: failed to initialize module proto_tls
Feb 17 23:57:49 [4934] ERROR:core:main: error while initializing modules

Regards