hi everyone...
we are one step from having the system working directly from docker.
The last issue is related to TLS... my mind is a little rusty these days (too
many flights), and couldn't find time to finish this... but you Kamailio
experts will find this a piece of cake.
there seems to be an issue with the kamailio ssl config changes I did to the
kamailio-config repo here:
https://github.com/saycel/kamailio-config/commit/38f177b846eb16a784d18f56be99512b2ac3f610
I tried to move the config inside the kamailio.cfg file (so I could use the
substrdef in kamailio-local to parametrize it), but it seems it got broken.
This is the message I receive (using the ssl certs requested to LEtsEncrypt):
kamailio_1 | 0(162) INFO: tls [tls_init.c:716]: init_tls_h(): tls:
init_tls_h: installed openssl library version "OpenSSL 1.0.1t 3 May 2016"
(0x1000114f), kerberos sup
port: off, zlib compression: off
kamailio_1 | compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN
-DTERMIO -g -O2 -fstack-
protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
-Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_
BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
kamailio_1 | 0(162) WARNING: tls [tls_init.c:773]: init_tls_h(): tls:
openssl bug #1491 (crash/mem leaks on low memory) workaround enabled (on low
memory tls operations
will fail preemptively) with free memory thresholds 9961472 and 4980736 bytes
kamailio_1 | 0(162) INFO: <core> [core/cfg/cfg_ctx.c:608]:
cfg_set_now(): INFO: cfg_set_now(): tls.low_mem_threshold1 has been changed to
9961472
kamailio_1 | 0(162) INFO: <core> [core/cfg/cfg_ctx.c:608]:
cfg_set_now(): INFO: cfg_set_now(): tls.low_mem_threshold2 has been changed to
4980736
kamailio_1 | 0(162) INFO: <core> [core/udp_server.c:153]:
probe_max_receive_buffer(): SO_RCVBUF is initially 212992
kamailio_1 | 0(162) INFO: <core> [core/udp_server.c:203]:
probe_max_receive_buffer(): SO_RCVBUF is finally 425984
kamailio_1 | 0(162) INFO: tls [tls_domain.c:290]: fill_missing():
TLSs<default>: tls_method=12
kamailio_1 | 0(162) INFO: tls [tls_domain.c:302]: fill_missing():
TLSs<default>: certificate='/certificates/cert.crt'
kamailio_1 | 0(162) INFO: tls [tls_domain.c:309]: fill_missing():
TLSs<default>: ca_list='(null)'
kamailio_1 | 0(162) INFO: tls [tls_domain.c:316]: fill_missing():
TLSs<default>: crl='(null)'
kamailio_1 | 0(162) INFO: tls [tls_domain.c:320]: fill_missing():
TLSs<default>: require_certificate=0
kamailio_1 | 0(162) INFO: tls [tls_domain.c:327]: fill_missing():
TLSs<default>: cipher_list='(null)'
kamailio_1 | 0(162) INFO: tls [tls_domain.c:334]: fill_missing():
TLSs<default>: private_key='/certificates/cert.key'
kamailio_1 | 0(162) INFO: tls [tls_domain.c:338]: fill_missing():
TLSs<default>: verify_certificate=0
kamailio_1 | 0(162) INFO: tls [tls_domain.c:341]: fill_missing():
TLSs<default>: verify_depth=9
kamailio_1 | 0(162) INFO: tls [tls_domain.c:694]: set_verification():
TLSs<default>: No client certificate required and no checks performed
kamailio_1 | 0(162) INFO: tls [tls_domain.c:290]: fill_missing():
TLSc<default>: tls_method=12
kamailio_1 | 0(162) INFO: tls [tls_domain.c:302]: fill_missing():
TLSc<default>: certificate='/certificates/cert.crt'
kamailio_1 | 0(162) INFO: tls [tls_domain.c:309]: fill_missing():
TLSc<default>: ca_list='(null)'
kamailio_1 | 0(162) INFO: tls [tls_domain.c:316]: fill_missing():
TLSc<default>: crl='(null)'
kamailio_1 | 0(162) INFO: tls [tls_domain.c:320]: fill_missing():
TLSc<default>: require_certificate=0
kamailio_1 | 0(162) INFO: tls [tls_domain.c:327]: fill_missing():
TLSc<default>: cipher_list='(null)'
kamailio_1 | 0(162) INFO: tls [tls_domain.c:334]: fill_missing():
TLSc<default>: private_key='/certificates/cert.key'
kamailio_1 | 0(162) INFO: tls [tls_domain.c:338]: fill_missing():
TLSc<default>: verify_certificate=0
kamailio_1 | 0(162) INFO: tls [tls_domain.c:341]: fill_missing():
TLSc<default>: verify_depth=9
kamailio_1 | 0(162) INFO: tls [tls_domain.c:697]: set_verification():
TLSc<default>: Server MAY present invalid certificate
and this makes WSS not work.
Any ideas?
--
Enviado desde mi dispositivo Android con K-9 Mail. Por favor, disculpa mi
brevedad.