-
Notifications
You must be signed in to change notification settings - Fork 909
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS certificate decode error / ee key to small with tls_threads_mode = 1 #3764
Comments
After further digging in my setup, as soon as I disabled the mqtt module everything works. So there's maybe someting in the mqtt module that's not yet adapted to the new tls setup? |
That's good info - can you put the mqtt config here - maybe it is using SSL. |
Yes, mqtt is using TLS, the config is pretty trivial
|
Does it make an immediate connection to the broker or does that only happen during operations - i.e., after startup but before handling traffic is there a connection to 8883? |
it makes an immediate connection to the broker on startup |
Can you run kamailio under gdb with tls_threads_mode=1 with the following script gdb --args /usr/local/sbin/kamailo ................ then use the following script: break CRYPTO_THREAD_set_local thread 1 ...then continue |
I'll try, since my setup is dockerized I'll need to play a bit with it. Will report as soon as I'm able to do it, should not be too hard. |
I can't reproduce any error with the config below.
I do see exactly one TCP connection from a worker
When I did a tcpdump on this connection it shows TLS - no errors in logs. |
I've tried and gdb stops at
|
well, I have various other modules loaded, but only disabling mqtt makes it work, that's why I pointed at it. |
Can you print the backtrace when it stops? After you type bt it should print out the call stack |
Yep, sorry
|
Not much information there... |
yes, that break reports only shutdown routines. Well actually a lot of modules:
|
Ok, further progress: my setup has |
while disabling TLS on mqtt (let it go in plain) and keeping enable_tls=yes works too |
further infos: launching with "strace -ff kamailio" which slows down things... it works. so seems a race condition? |
last for today: switching to |
Can you attach your config too |
@space88man seems that fixes in current 5.7 branch after #3765 makes it work, so I think this can be closed. |
Description
While trying latest kamailio 5.7 branch, when tls_threads_mode is set to 1, it fails to load self signed certificates. Setting tls_threads_mode to 0 works as expected. Certificates are self signed for a local test env, generated with openssl 3.x.
Troubleshooting
The issue is very similar to #3737 but in my case the openssl config seems correct, and happens only enabling the tls_threads_mode
Reproduction
Certs have been generated with
openssl req -new -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out server.pem -keyout server.key
server.pem.txt
server.key.txt
(these are self signed cert for testing, nothing that cannot be shared)
My tls.cfg is very simple:
Log Messages
Possible Solutions
Don't use tls_threads_mode for now.
Additional Information
kamailio -v
Actually this is built from 5.7 branch, on commit a0dfb8c
Containerized Ubunu jammy, updated as of today.
The text was updated successfully, but these errors were encountered: