TLS module compiled with outdated OpenSSL version for Ubuntu bionic (#2)

[jkister]

Description

Much of this issue is repeated from #2018. Since it's closed and has no activity, I'm opening this issue.

Kamailio 5.3.3 won't start when using kamailio-tls-modules on Ubuntu/18.04.4 unless tls_force_run is set in kamailio.cfg

is there another problem with the build host ?

$ grep CRITICAL /var/log/kamailio/kamailio
Apr 14 17:18:39 kam-01 /usr/sbin/kamailio[22073]: CRITICAL: tls [tls_init.c:677]: init_tls_h(): installed openssl library version is too different from the library the kamailio tls module was compiled with: installed "OpenSSL 1.1.1  11 Sep 2018" (0x1010100f), compiled "OpenSSL 1.1.0g  2 Nov 2017" (0x1010007f).#012 Please make sure a compatible version is used (tls_force_run in kamailio.cfg will override this check)
Apr 14 17:18:39 kam-01 /usr/sbin/kamailio[22073]: CRITICAL: <core> [main.c:2768]: main(): could not initialize tls, exiting...

$ cat /etc/apt/sources.list.d/kamailio.list
deb     http://deb.kamailio.org/kamailio53 bionic main
deb-src http://deb.kamailio.org/kamailio53 bionic main
$
$ dpkg -l | awk '/kam/ { print $2 " " $3 }'
kamailio 5.3.3+bionic
kamailio-extra-modules:amd64 5.3.3+bionic
kamailio-mysql-modules:amd64 5.3.3+bionic
kamailio-snmpstats-modules:amd64 5.3.3+bionic
kamailio-tls-modules:amd64 5.3.3+bionic
kamailio-websocket-modules:amd64 5.3.3+bionic
$
$ /usr/sbin/kamailio -v
version: kamailio 5.3.3 (x86_64/linux) 
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown 
compiled with gcc 7.3.0
$
$ /usr/bin/openssl version
OpenSSL 1.1.1  11 Sep 2018

[linuxmaniac]

Yes, confirmed. There was a mistake with the internal Sipwise and Github repos and some commits were lost:

sipwise/kamailio-deb-jenkins@1e06bfc
sipwise/kamailio-deb-jenkins@1e40ff9
sipwise/kamailio-deb-jenkins@90da690

Those are not in master, I'm pushing the changes now.

It seems sipwise/kamailio-deb-jenkins@3fa1d77 was the one causing the mess ( committed on Jan 29 ) so any build after that was having this problem :-(

[linuxmaniac]

Triggered builds for kamailio-[dev|5.3|5.2|5.1]-nightly to get some debs using the security repositories included.

[linuxmaniac]

https://kamailio.sipwise.com/view/kam51/job/kamailiodev-nightly-binaries/architecture=amd64,distribution=bionic/1641/consoleText

Get: 30 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 openssl amd64 1.1.1-1ubuntu2.1~18.04.5 [613 kB]

Fixes in place and seems to work fine again. Thanks @jkister for reporting

[jkister]

The 53-nightly release does fix the issue.

However, related: is it intentional that apt-get upgrade doesn't show an available upgrade to the nightly release ?

$ apt-cache policy kamailio
kamailio:
  Installed: 5.3.3+bionic
  Candidate: 5.3.3+bionic
  Version table:
 *** 5.3.3+bionic 100
        100 /var/lib/dpkg/status
     5.3.3+0~20200417092406.72+bionic 500
        500 http://deb.kamailio.org/kamailio53-nightly bionic/main amd64 Packages

$ sudo apt-get upgrade kamailio
Reading package lists... Done
Building dependency tree       
Reading state information... Done
kamailio is already the newest version (5.3.3+bionic).
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

maybe it is because apt sees version 5.3.3+0~20200417092406.72+bionic lower than 5.3.3.

when I specify each package version, it does install and fixes the issue.

$ sudo apt-get -s install \
>  kamailio=5.3.3+0~20200417092406.72+bionic \
>  kamailio-extra-modules=5.3.3+0~20200417092406.72+bionic \
>  kamailio-mysql-modules=5.3.3+0~20200417092406.72+bionic \
>  kamailio-snmpstats-modules=5.3.3+0~20200417092406.72+bionic \
>  kamailio-tls-modules=5.3.3+0~20200417092406.72+bionic \
>  kamailio-websocket-modules=5.3.3+0~20200417092406.72+bionic
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  kamailio-berkeley-modules kamailio-cpl-modules kamailio-dbg kamailio-ldap-modules kamailio-lua-modules kamailio-perl-modules kamailio-postgres-modules kamailio-presence-modules
  kamailio-python-modules kamailio-radius-modules kamailio-unixodbc-modules kamailio-xml-modules kamailio-xmpp-modules
The following packages will be DOWNGRADED:
  kamailio kamailio-extra-modules kamailio-mysql-modules kamailio-snmpstats-modules kamailio-tls-modules kamailio-websocket-modules

[jkister]

@linuxmaniac ^

will this have to wait until 5.3.4 ? is there a schedule for that ?