New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Opensips 1.9.1 with TLS fails to start on Fedora 18 #21
Comments
The CRITICAL message you get points to a mixture between the libraries and header files for OpenSSL (they do not belong to the same version). Regards, |
Actually, Opensips compiled on a new installation of FC18 does not start with tls enabled in the configuration file. There are no other SSL versions or headers. This same 1.9.1 compilation and configuration runs on older versions of FC. My post incorporates information from someone else who attempted to fix it and apparently was successful. Your reply would be helpful in that regard for anyone trying to fix it, if going the same route. It seems the issue concerns malloc and free being disabled in the FC18 openssl compilation with FIPS. Side note: FC18 packages the 1.8.x version, this was not tested to know if that version works or not as the configuration file is for 1.9.1. |
Hello. Same issue with Debian 7, 64bit, openssl 1.0.1e, opensips latest version: opensips 2.1.2 (x86_64/linux) Feb 17 23:57:49 [4934] INFO:proto_tls:mod_init: initializing TLS protocol Regards |
It exits with the following message:
Jul 20 00:08:08 sip opensips: ERROR:core:init_tls: unable to set the memory allocation functions
Jul 20 00:08:08 sip opensips: CRITICAL:core:main: could not initialize tls, exiting...
Searched the web to reveal this bit of info from another FC18 user:
I was'nt able to start Opensips with TLS because it seems that openssl was compiled in FIPS mode.
It seems that with FIPS openssl 1.0.1e disable malloc and free that opensips use.
I recompile openssl 1.0.1e without FIPS and replace the libraries in /lib but I got a strange message from opensips when I restart.
localhost opensips: WARNING:core:fm_free: free(0) called
localhost opensips: ERROR:core:init_tls: compiled agaist an openssl with no kerberos, but run with one with no kerberos
localhost opensips: CRITICAL:core:main: could not initialize tls, exiting...
I did check the code in "tls_init.c" in opensips and it seems a little bit messy at line 535...
Like it compare something that is fix but seems to print the message anyway with a dynamic variable that is get from openssl ciphers suites and the double inversions seems to get the output a little fuzzy...
In anycase, I try to compile openssl libraries without kerberos and it did'nt work, I retry to compile it with Kerberos MIT flavor and it work.
I just hope I will help someone else.
I don't know if it's possible to try to get a patch for opensips in Fedora 18 that could use openssl with FIPS.
The text was updated successfully, but these errors were encountered: