Browse code

tls: info log when libssl is linked static

Daniel-Constantin Mierla authored on 24/06/2021 12:24:06
Showing 1 changed files
... ...
@@ -589,6 +589,10 @@ int tls_pre_init(void)
589 589
 	void (*ff)(void *, const char *, int) = NULL;
590 590
 #endif
591 591
 
592
+#ifdef KSR_LIBSSL_STATIC
593
+	LM_INFO("libssl linked mode: static\n");
594
+#endif
595
+
592 596
 	/*
593 597
 	 * this has to be called before any function calling CRYPTO_malloc,
594 598
 	 * CRYPTO_malloc will set allow_customize in openssl to 0
Browse code

tls: debug messages with memory management functions

Daniel-Constantin Mierla authored on 24/06/2021 09:29:40
Showing 1 changed files
... ...
@@ -593,6 +593,12 @@ int tls_pre_init(void)
593 593
 	 * this has to be called before any function calling CRYPTO_malloc,
594 594
 	 * CRYPTO_malloc will set allow_customize in openssl to 0
595 595
 	 */
596
+	CRYPTO_get_mem_functions(&mf, &rf, &ff);
597
+	LM_DBG("initial memory functions - malloc: %p realloc: %p free: %p\n",
598
+			mf, rf, ff);
599
+	mf = NULL;
600
+	rf = NULL;
601
+	ff = NULL;
596 602
 #ifdef TLS_MALLOC_DBG
597 603
 	if (!CRYPTO_set_mem_ex_functions(ser_malloc, ser_realloc, ser_free)) {
598 604
 #else
... ...
@@ -602,10 +608,14 @@ int tls_pre_init(void)
602 608
 		CRYPTO_get_mem_functions(&mf, &rf, &ff);
603 609
 		LM_ERR("libssl current mem functions - m: %p r: %p f: %p\n",
604 610
 					mf, rf, ff);
611
+		LM_ERR("module mem functions - m: %p r: %p f: %p\n",
612
+					ser_malloc, ser_realloc, ser_free);
605 613
 		LM_ERR("Be sure tls module is loaded before any other module using"
606 614
 				" libssl (can be loaded first to be safe)\n");
607 615
 		return -1;
608 616
 	}
617
+	LM_DBG("updated memory functions - malloc: %p realloc: %p free: %p\n",
618
+			ser_malloc, ser_realloc, ser_free);
609 619
 #endif /* LIBRESSL_VERSION_NUMBER */
610 620
 
611 621
 	if (tls_init_locks()<0)
Browse code

tls: reintroduced use of OPENSSL_cleanup() on mod destroy

- by that avoid executing it on atexit() callback, when shm is gone

Daniel-Constantin Mierla authored on 05/10/2020 13:28:23
Showing 1 changed files
... ...
@@ -627,13 +627,14 @@ int tls_h_mod_pre_init_f(void)
627 627
 		return 0;
628 628
 	}
629 629
 	LM_DBG("preparing tls env for modules initialization\n");
630
-#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
630
+#if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
631
+	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
632
+	OPENSSL_init_ssl(0, NULL);
633
+#else
631 634
 	LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n");
632 635
 	SSL_library_init();
633
-	SSL_load_error_strings();
634
-#else
635
-	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
636 636
 #endif
637
+	SSL_load_error_strings();
637 638
 	tls_mod_preinitialized=1;
638 639
 	return 0;
639 640
 }
... ...
@@ -865,7 +866,6 @@ int tls_check_sockets(tls_domains_cfg_t* cfg)
865 866
 void tls_h_mod_destroy_f(void)
866 867
 {
867 868
 	LM_DBG("tls module final tls destroy\n");
868
-#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
869 869
 	if(tls_mod_preinitialized > 0)
870 870
 		ERR_free_strings();
871 871
 	/* TODO: free all the ctx'es */
... ...
@@ -878,5 +878,4 @@ void tls_h_mod_destroy_f(void)
878 878
 	LM_DBG("executing openssl v1.1+ cleanup\n");
879 879
 	OPENSSL_cleanup();
880 880
 #endif
881
-#endif
882 881
 }
Browse code

Revert "Revert "tls: added define condition on version functions""

This reverts commit bffd78f14921f67735a64caea2fb130393daa2bc.

Daniel-Constantin Mierla authored on 18/09/2020 12:12:17
Showing 1 changed files
... ...
@@ -645,6 +645,7 @@ int tls_h_mod_init_f(void)
645 645
 {
646 646
 	/*struct socket_info* si;*/
647 647
 	long ssl_version;
648
+	const char *ssl_version_txt;
648 649
 #if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
649 650
 	int lib_kerberos;
650 651
 	int lib_zlib;
... ...
@@ -667,7 +668,15 @@ int tls_h_mod_init_f(void)
667 668
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
668 669
 	LM_WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
669 670
 #endif
671
+
672
+#if OPENSSL_VERSION_NUMBER < 0x010100000L
673
+	ssl_version=SSLeay();
674
+	ssl_version_txt=SSLeay_version(SSLEAY_VERSION);
675
+#else
670 676
 	ssl_version=OpenSSL_version_num();
677
+	ssl_version_txt=OpenSSL_version(OPENSSL_VERSION);
678
+#endif
679
+
671 680
 	/* check if version have the same major minor and fix level
672 681
 	 * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
673 682
 	 * - values is represented as 0xMMNNFFPPS: major minor fix patch status
... ...
@@ -679,7 +688,7 @@ int tls_h_mod_init_f(void)
679 688
 				" compiled \"%s\" (0x%08lx).\n"
680 689
 				" Please make sure a compatible version is used"
681 690
 				" (tls_force_run in kamailio.cfg will override this check)\n",
682
-				OpenSSL_version(OPENSSL_VERSION), ssl_version,
691
+				ssl_version_txt, ssl_version,
683 692
 				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER);
684 693
 		if (cfg_get(tls, tls_cfg, force_run))
685 694
 			LM_WARN("tls_force_run turned on, ignoring "
Browse code

Revert "Revert "tls: support compilation without deprecated OpenSSL APIs""

This reverts commit 0a2fc0371430f19f868dc17f3a361e412ceb376f.

Daniel-Constantin Mierla authored on 18/09/2020 12:11:52
Showing 1 changed files
... ...
@@ -627,14 +627,13 @@ int tls_h_mod_pre_init_f(void)
627 627
 		return 0;
628 628
 	}
629 629
 	LM_DBG("preparing tls env for modules initialization\n");
630
-#if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
631
-	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
632
-	OPENSSL_init_ssl(0, NULL);
633
-#else
630
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
634 631
 	LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n");
635 632
 	SSL_library_init();
636
-#endif
637 633
 	SSL_load_error_strings();
634
+#else
635
+	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
636
+#endif
638 637
 	tls_mod_preinitialized=1;
639 638
 	return 0;
640 639
 }
... ...
@@ -668,7 +667,7 @@ int tls_h_mod_init_f(void)
668 667
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
669 668
 	LM_WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
670 669
 #endif
671
-	ssl_version=SSLeay();
670
+	ssl_version=OpenSSL_version_num();
672 671
 	/* check if version have the same major minor and fix level
673 672
 	 * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
674 673
 	 * - values is represented as 0xMMNNFFPPS: major minor fix patch status
... ...
@@ -680,7 +679,7 @@ int tls_h_mod_init_f(void)
680 679
 				" compiled \"%s\" (0x%08lx).\n"
681 680
 				" Please make sure a compatible version is used"
682 681
 				" (tls_force_run in kamailio.cfg will override this check)\n",
683
-				SSLeay_version(SSLEAY_VERSION), ssl_version,
682
+				OpenSSL_version(OPENSSL_VERSION), ssl_version,
684 683
 				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER);
685 684
 		if (cfg_get(tls, tls_cfg, force_run))
686 685
 			LM_WARN("tls_force_run turned on, ignoring "
... ...
@@ -857,6 +856,7 @@ int tls_check_sockets(tls_domains_cfg_t* cfg)
857 856
 void tls_h_mod_destroy_f(void)
858 857
 {
859 858
 	LM_DBG("tls module final tls destroy\n");
859
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
860 860
 	if(tls_mod_preinitialized > 0)
861 861
 		ERR_free_strings();
862 862
 	/* TODO: free all the ctx'es */
... ...
@@ -869,4 +869,5 @@ void tls_h_mod_destroy_f(void)
869 869
 	LM_DBG("executing openssl v1.1+ cleanup\n");
870 870
 	OPENSSL_cleanup();
871 871
 #endif
872
+#endif
872 873
 }
Browse code

Revert "tls: support compilation without deprecated OpenSSL APIs"

This reverts commit 234b02236b3ad13cdaf5624d11c727ad7d804747.

Victor Seva authored on 02/09/2020 12:27:26
Showing 1 changed files
... ...
@@ -627,13 +627,14 @@ int tls_h_mod_pre_init_f(void)
627 627
 		return 0;
628 628
 	}
629 629
 	LM_DBG("preparing tls env for modules initialization\n");
630
-#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
630
+#if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
631
+	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
632
+	OPENSSL_init_ssl(0, NULL);
633
+#else
631 634
 	LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n");
632 635
 	SSL_library_init();
633
-	SSL_load_error_strings();
634
-#else
635
-	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
636 636
 #endif
637
+	SSL_load_error_strings();
637 638
 	tls_mod_preinitialized=1;
638 639
 	return 0;
639 640
 }
... ...
@@ -667,7 +668,7 @@ int tls_h_mod_init_f(void)
667 668
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
668 669
 	LM_WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
669 670
 #endif
670
-	ssl_version=OpenSSL_version_num();
671
+	ssl_version=SSLeay();
671 672
 	/* check if version have the same major minor and fix level
672 673
 	 * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
673 674
 	 * - values is represented as 0xMMNNFFPPS: major minor fix patch status
... ...
@@ -679,7 +680,7 @@ int tls_h_mod_init_f(void)
679 680
 				" compiled \"%s\" (0x%08lx).\n"
680 681
 				" Please make sure a compatible version is used"
681 682
 				" (tls_force_run in kamailio.cfg will override this check)\n",
682
-				OpenSSL_version(OPENSSL_VERSION), ssl_version,
683
+				SSLeay_version(SSLEAY_VERSION), ssl_version,
683 684
 				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER);
684 685
 		if (cfg_get(tls, tls_cfg, force_run))
685 686
 			LM_WARN("tls_force_run turned on, ignoring "
... ...
@@ -856,7 +857,6 @@ int tls_check_sockets(tls_domains_cfg_t* cfg)
856 857
 void tls_h_mod_destroy_f(void)
857 858
 {
858 859
 	LM_DBG("tls module final tls destroy\n");
859
-#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
860 860
 	if(tls_mod_preinitialized > 0)
861 861
 		ERR_free_strings();
862 862
 	/* TODO: free all the ctx'es */
... ...
@@ -869,5 +869,4 @@ void tls_h_mod_destroy_f(void)
869 869
 	LM_DBG("executing openssl v1.1+ cleanup\n");
870 870
 	OPENSSL_cleanup();
871 871
 #endif
872
-#endif
873 872
 }
Browse code

Revert "tls: added define condition on version functions"

This reverts commit 99c6a68dea60ca745dfdfa33085bb6acbcee846a.

Victor Seva authored on 02/09/2020 12:27:24
Showing 1 changed files
... ...
@@ -645,7 +645,6 @@ int tls_h_mod_init_f(void)
645 645
 {
646 646
 	/*struct socket_info* si;*/
647 647
 	long ssl_version;
648
-	const char *ssl_version_txt;
649 648
 #if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
650 649
 	int lib_kerberos;
651 650
 	int lib_zlib;
... ...
@@ -668,15 +667,7 @@ int tls_h_mod_init_f(void)
668 667
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
669 668
 	LM_WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
670 669
 #endif
671
-
672
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
673
-	ssl_version=SSLeay();
674
-	ssl_version_txt=SSLeay_version(SSLEAY_VERSION);
675
-#else
676 670
 	ssl_version=OpenSSL_version_num();
677
-	ssl_version_txt=OpenSSL_version(OPENSSL_VERSION);
678
-#endif
679
-
680 671
 	/* check if version have the same major minor and fix level
681 672
 	 * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
682 673
 	 * - values is represented as 0xMMNNFFPPS: major minor fix patch status
... ...
@@ -688,7 +679,7 @@ int tls_h_mod_init_f(void)
688 679
 				" compiled \"%s\" (0x%08lx).\n"
689 680
 				" Please make sure a compatible version is used"
690 681
 				" (tls_force_run in kamailio.cfg will override this check)\n",
691
-				ssl_version_txt, ssl_version,
682
+				OpenSSL_version(OPENSSL_VERSION), ssl_version,
692 683
 				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER);
693 684
 		if (cfg_get(tls, tls_cfg, force_run))
694 685
 			LM_WARN("tls_force_run turned on, ignoring "
Browse code

tls: added define condition on version functions

- libssl 1.1 variants are not in 1.0
- following the changes by 234b02236b3ad13cdaf5624d11c727ad7d804747

Daniel-Constantin Mierla authored on 13/08/2020 05:19:28
Showing 1 changed files
... ...
@@ -645,6 +645,7 @@ int tls_h_mod_init_f(void)
645 645
 {
646 646
 	/*struct socket_info* si;*/
647 647
 	long ssl_version;
648
+	const char *ssl_version_txt;
648 649
 #if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
649 650
 	int lib_kerberos;
650 651
 	int lib_zlib;
... ...
@@ -667,7 +668,15 @@ int tls_h_mod_init_f(void)
667 668
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
668 669
 	LM_WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
669 670
 #endif
671
+
672
+#if OPENSSL_VERSION_NUMBER < 0x010100000L
673
+	ssl_version=SSLeay();
674
+	ssl_version_txt=SSLeay_version(SSLEAY_VERSION);
675
+#else
670 676
 	ssl_version=OpenSSL_version_num();
677
+	ssl_version_txt=OpenSSL_version(OPENSSL_VERSION);
678
+#endif
679
+
671 680
 	/* check if version have the same major minor and fix level
672 681
 	 * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
673 682
 	 * - values is represented as 0xMMNNFFPPS: major minor fix patch status
... ...
@@ -679,7 +688,7 @@ int tls_h_mod_init_f(void)
679 688
 				" compiled \"%s\" (0x%08lx).\n"
680 689
 				" Please make sure a compatible version is used"
681 690
 				" (tls_force_run in kamailio.cfg will override this check)\n",
682
-				OpenSSL_version(OPENSSL_VERSION), ssl_version,
691
+				ssl_version_txt, ssl_version,
683 692
 				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER);
684 693
 		if (cfg_get(tls, tls_cfg, force_run))
685 694
 			LM_WARN("tls_force_run turned on, ignoring "
Browse code

tls: support compilation without deprecated OpenSSL APIs

- GH #2428

Rosen Penev authored on 12/08/2020 14:37:13 • Daniel-Constantin Mierla committed on 12/08/2020 14:37:13
Showing 1 changed files
... ...
@@ -627,14 +627,13 @@ int tls_h_mod_pre_init_f(void)
627 627
 		return 0;
628 628
 	}
629 629
 	LM_DBG("preparing tls env for modules initialization\n");
630
-#if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
631
-	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
632
-	OPENSSL_init_ssl(0, NULL);
633
-#else
630
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
634 631
 	LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n");
635 632
 	SSL_library_init();
636
-#endif
637 633
 	SSL_load_error_strings();
634
+#else
635
+	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
636
+#endif
638 637
 	tls_mod_preinitialized=1;
639 638
 	return 0;
640 639
 }
... ...
@@ -668,7 +667,7 @@ int tls_h_mod_init_f(void)
668 667
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
669 668
 	LM_WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
670 669
 #endif
671
-	ssl_version=SSLeay();
670
+	ssl_version=OpenSSL_version_num();
672 671
 	/* check if version have the same major minor and fix level
673 672
 	 * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
674 673
 	 * - values is represented as 0xMMNNFFPPS: major minor fix patch status
... ...
@@ -680,7 +679,7 @@ int tls_h_mod_init_f(void)
680 679
 				" compiled \"%s\" (0x%08lx).\n"
681 680
 				" Please make sure a compatible version is used"
682 681
 				" (tls_force_run in kamailio.cfg will override this check)\n",
683
-				SSLeay_version(SSLEAY_VERSION), ssl_version,
682
+				OpenSSL_version(OPENSSL_VERSION), ssl_version,
684 683
 				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER);
685 684
 		if (cfg_get(tls, tls_cfg, force_run))
686 685
 			LM_WARN("tls_force_run turned on, ignoring "
... ...
@@ -857,6 +856,7 @@ int tls_check_sockets(tls_domains_cfg_t* cfg)
857 856
 void tls_h_mod_destroy_f(void)
858 857
 {
859 858
 	LM_DBG("tls module final tls destroy\n");
859
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
860 860
 	if(tls_mod_preinitialized > 0)
861 861
 		ERR_free_strings();
862 862
 	/* TODO: free all the ctx'es */
... ...
@@ -869,4 +869,5 @@ void tls_h_mod_destroy_f(void)
869 869
 	LM_DBG("executing openssl v1.1+ cleanup\n");
870 870
 	OPENSSL_cleanup();
871 871
 #endif
872
+#endif
872 873
 }
Browse code

tls: renamed tls hooks callbacks to highlight their purpose

Daniel-Constantin Mierla authored on 17/04/2020 10:57:26
Showing 1 changed files
... ...
@@ -330,7 +330,7 @@ static void ser_free(void *ptr, const char *fname, int fline)
330 330
 /*
331 331
  * Initialize TLS socket
332 332
  */
333
-int tls_h_init_si(struct socket_info *si)
333
+int tls_h_init_si_f(struct socket_info *si)
334 334
 {
335 335
 	int ret;
336 336
 	/*
... ...
@@ -620,7 +620,7 @@ int tls_pre_init(void)
620 620
  * tls mod pre-init function
621 621
  * - executed before any mod_init()
622 622
  */
623
-int tls_mod_pre_init_h(void)
623
+int tls_h_mod_pre_init_f(void)
624 624
 {
625 625
 	if(tls_mod_preinitialized==1) {
626 626
 		LM_DBG("already mod pre-initialized\n");
... ...
@@ -642,7 +642,7 @@ int tls_mod_pre_init_h(void)
642 642
 /*
643 643
  * First step of TLS initialization
644 644
  */
645
-int init_tls_h(void)
645
+int tls_h_mod_init_f(void)
646 646
 {
647 647
 	/*struct socket_info* si;*/
648 648
 	long ssl_version;
... ...
@@ -852,9 +852,9 @@ int tls_check_sockets(tls_domains_cfg_t* cfg)
852 852
 
853 853
 
854 854
 /*
855
- * TLS cleanup when SER exits
855
+ * TLS cleanup when application exits
856 856
  */
857
-void destroy_tls_h(void)
857
+void tls_h_mod_destroy_f(void)
858 858
 {
859 859
 	LM_DBG("tls module final tls destroy\n");
860 860
 	if(tls_mod_preinitialized > 0)
Browse code

tls: use OPENSSL_init_ssl() for libssl 1.1

Daniel-Constantin Mierla authored on 26/03/2019 21:15:56
Showing 1 changed files
... ...
@@ -627,7 +627,13 @@ int tls_mod_pre_init_h(void)
627 627
 		return 0;
628 628
 	}
629 629
 	LM_DBG("preparing tls env for modules initialization\n");
630
+#if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
631
+	LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
632
+	OPENSSL_init_ssl(0, NULL);
633
+#else
634
+	LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n");
630 635
 	SSL_library_init();
636
+#endif
631 637
 	SSL_load_error_strings();
632 638
 	tls_mod_preinitialized=1;
633 639
 	return 0;
Browse code

tls: Minor spelling fix in workaround message

Sean Bright authored on 27/02/2019 20:35:31 • Henning Westerholt committed on 27/02/2019 21:43:50
Showing 1 changed files
... ...
@@ -773,7 +773,7 @@ int init_tls_h(void)
773 773
 		low_mem_threshold2*=1024; /* KB */
774 774
 	if ((low_mem_threshold1==0) || (low_mem_threshold2==0))
775 775
 	 LM_WARN("tls: openssl bug #1491 (crash/mem leaks on low memory)"
776
-				" workarround disabled\n");
776
+				" workaround disabled\n");
777 777
 	else
778 778
 		LM_WARN("openssl bug #1491 (crash/mem leaks on low memory)"
779 779
 				" workaround enabled (on low memory tls operations will fail"
Browse code

tls: Fixed build tls module on Alpine dist

Sergey Safarov authored on 21/05/2018 21:43:31 • Henning Westerholt committed on 22/05/2018 18:56:42
Showing 1 changed files
... ...
@@ -857,7 +857,7 @@ void destroy_tls_h(void)
857 857
 	tls_destroy_cfg();
858 858
 	tls_destroy_locks();
859 859
 	tls_ct_wq_destroy();
860
-#if OPENSSL_VERSION_NUMBER >= 0x010100000L
860
+#if OPENSSL_VERSION_NUMBER >= 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
861 861
 	/* explicit execution of libssl cleanup to avoid being executed again
862 862
 	 * by atexit(), when shm is gone */
863 863
 	LM_DBG("executing openssl v1.1+ cleanup\n");
Browse code

tls: fixed initialization when LibreSSL is used

- port from OpenBSD

Sergey Safarov authored on 20/09/2017 11:21:44 • Daniel-Constantin Mierla committed on 20/09/2017 11:21:44
Showing 1 changed files
... ...
@@ -144,6 +144,7 @@ sr_tls_methods_t sr_tls_methods[TLS_METHOD_MAX];
144 144
 
145 145
 
146 146
 
147
+#ifndef LIBRESSL_VERSION_NUMBER
147 148
 inline static char* buf_append(char* buf, char* end, char* str, int str_len)
148 149
 {
149 150
 	if ( (buf+str_len)<end){
... ...
@@ -269,9 +270,12 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line)
269 270
 #endif
270 271
 	return p;
271 272
 }
273
+#endif /* LIBRESSL_VERSION_NUMBER */
272 274
 
273 275
 #else /*TLS_MALLOC_DBG */
274 276
 
277
+#ifndef LIBRESSL_VERSION_NUMBER
278
+
275 279
 #if OPENSSL_VERSION_NUMBER < 0x010100000L
276 280
 static void* ser_malloc(size_t size)
277 281
 {
... ...
@@ -321,6 +325,7 @@ static void ser_free(void *ptr, const char *fname, int fline)
321 325
 }
322 326
 #endif
323 327
 
328
+#endif /* LIBRESSL_VERSION_NUMBER */
324 329
 
325 330
 /*
326 331
  * Initialize TLS socket
... ...
@@ -366,7 +371,7 @@ static void init_ssl_methods(void)
366 371
 	ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
367 372
 
368 373
 	/* only specific SSL or TLS version */
369
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
374
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
370 375
 #ifndef OPENSSL_NO_SSL2
371 376
 	ssl_methods[TLS_USE_SSLv2_cli - 1] = SSLv2_client_method();
372 377
 	ssl_methods[TLS_USE_SSLv2_srv - 1] = SSLv2_server_method();
... ...
@@ -384,13 +389,13 @@ static void init_ssl_methods(void)
384 389
 	ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method();
385 390
 	ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method();
386 391
 
387
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
392
+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
388 393
 	ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method();
389 394
 	ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method();
390 395
 	ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method();
391 396
 #endif
392 397
 
393
-#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
398
+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
394 399
 	ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method();
395 400
 	ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method();
396 401
 	ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method();
... ...
@@ -399,11 +404,11 @@ static void init_ssl_methods(void)
399 404
 	/* ranges of TLS versions (require a minimum TLS version) */
400 405
 	ssl_methods[TLS_USE_TLSv1_PLUS - 1] = (void*)TLS_OP_TLSv1_PLUS;
401 406
 
402
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
407
+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
403 408
 	ssl_methods[TLS_USE_TLSv1_1_PLUS - 1] = (void*)TLS_OP_TLSv1_1_PLUS;
404 409
 #endif
405 410
 
406
-#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
411
+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
407 412
 	ssl_methods[TLS_USE_TLSv1_2_PLUS - 1] = (void*)TLS_OP_TLSv1_2_PLUS;
408 413
 #endif
409 414
 
... ...
@@ -477,6 +482,7 @@ static void init_ssl_methods(void)
477 482
  */
478 483
 static int init_tls_compression(void)
479 484
 {
485
+#ifndef LIBRESSL_VERSION_NUMBER
480 486
 #if OPENSSL_VERSION_NUMBER < 0x010100000L
481 487
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
482 488
 	int n, r;
... ...
@@ -561,6 +567,7 @@ static int init_tls_compression(void)
561 567
 end:
562 568
 #endif /* OPENSSL_VERSION_NUMBER >= 0.9.8 */
563 569
 #endif /* OPENSSL_VERSION_NUMBER < 1.1.0 */
570
+#endif /* LIBRESSL_VERSION_NUMBER */
564 571
 	return 0;
565 572
 }
566 573
 
... ...
@@ -571,6 +578,7 @@ end:
571 578
  */
572 579
 int tls_pre_init(void)
573 580
 {
581
+#ifndef LIBRESSL_VERSION_NUMBER
574 582
 #if OPENSSL_VERSION_NUMBER < 0x010100000L
575 583
 	void *(*mf)(size_t) = NULL;
576 584
 	void *(*rf)(void *, size_t) = NULL;
... ...
@@ -598,6 +606,7 @@ int tls_pre_init(void)
598 606
 				" libssl (can be loaded first to be safe)\n");
599 607
 		return -1;
600 608
 	}
609
+#endif /* LIBRESSL_VERSION_NUMBER */
601 610
 
602 611
 	if (tls_init_locks()<0)
603 612
 		return -1;
... ...
@@ -631,7 +640,7 @@ int init_tls_h(void)
631 640
 {
632 641
 	/*struct socket_info* si;*/
633 642
 	long ssl_version;
634
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
643
+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
635 644
 	int lib_kerberos;
636 645
 	int lib_zlib;
637 646
 	int kerberos_support;
... ...
@@ -675,7 +684,7 @@ int init_tls_h(void)
675 684
 	}
676 685
 
677 686
 	/* check kerberos support using compile flags only for version < 1.1.0 */
678
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
687
+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
679 688
 
680 689
 #ifdef TLS_KERBEROS_SUPPORT
681 690
 	kerberos_support=1;
Browse code

tls: fix sanitization of log macros commit a8b30d340f9d

Victor Seva authored on 29/08/2017 10:58:41
Showing 1 changed files
... ...
@@ -763,7 +763,6 @@ int init_tls_h(void)
763 763
 	}else
764 764
 		low_mem_threshold2*=1024; /* KB */
765 765
 	if ((low_mem_threshold1==0) || (low_mem_threshold2==0))
766
-	:w
767 766
 	 LM_WARN("tls: openssl bug #1491 (crash/mem leaks on low memory)"
768 767
 				" workarround disabled\n");
769 768
 	else
Browse code

tls: sanitization of log macros

Daniel-Constantin Mierla authored on 29/08/2017 10:03:50
Showing 1 changed files
... ...
@@ -77,7 +77,7 @@ static int tls_mod_initialized = 0;
77 77
  * (the openssl zlib compression uses the wrong malloc, see
78 78
  *  openssl #1468): 0.9.8-dev < version  <0.9.8e-beta1 */
79 79
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L  /* 0.9.8-dev */ && \
80
-		OPENSSL_VERSION_NUMBER <  0x00908051L  /* 0.9.8.e-beta1 */
80
+							  OPENSSL_VERSION_NUMBER <  0x00908051L  /* 0.9.8.e-beta1 */
81 81
 #    ifndef OPENSSL_NO_COMP
82 82
 #        warning "openssl zlib compression bug workaround enabled"
83 83
 #    endif
... ...
@@ -88,10 +88,10 @@ static int tls_mod_initialized = 0;
88 88
 #ifdef TLS_KSSL_WORKARROUND
89 89
 #if OPENSSL_VERSION_NUMBER < 0x00908050L
90 90
 #	warning "openssl lib compiled with kerberos support which introduces a bug\
91
- (wrong malloc/free used in kssl.c) -- attempting workaround"
91
+	(wrong malloc/free used in kssl.c) -- attempting workaround"
92 92
 #	warning "NOTE: if you don't link libssl staticaly don't try running the \
93
-compiled code on a system with a differently compiled openssl (it's safer \
94
-to compile on the  _target_ system)"
93
+	compiled code on a system with a differently compiled openssl (it's safer \
94
+			to compile on the  _target_ system)"
95 95
 #endif /* OPENSSL_VERSION_NUMBER */
96 96
 #endif /* TLS_KSSL_WORKARROUND */
97 97
 
... ...
@@ -216,8 +216,8 @@ static void* ser_malloc(size_t size, const char* file, int line)
216 216
 		/* ugly hack: keep the bt inside the alloc'ed fragment */
217 217
 		p=_shm_malloc(size+s, file, "via ser_malloc", line);
218 218
 		if (p==0){
219
-			LOG(L_CRIT, "tsl: ser_malloc(%d)[%s:%d]==null, bt: %s\n",
220
-						size, file, line, bt_buf);
219
+			LM_CRIT("tls - ser_malloc(%d)[%s:%d]==null, bt: %s\n",
220
+					size, file, line, bt_buf);
221 221
 		}else{
222 222
 			memcpy(p+size, bt_buf, s);
223 223
 			((struct qm_frag*)((char*)p-sizeof(struct qm_frag)))->func=
... ...
@@ -227,8 +227,7 @@ static void* ser_malloc(size_t size, const char* file, int line)
227 227
 	}else{
228 228
 		p=0;
229 229
 		backtrace2str(bt_buf, sizeof(bt_buf));
230
-		LOG(L_CRIT, "tsl: random ser_malloc(%d)[%s:%d]"
231
-				" returning null - bt: %s\n",
230
+		LM_CRIT("tls - random ser_malloc(%d)[%s:%d] returning null - bt: %s\n",
232 231
 				size, file, line, bt_buf);
233 232
 	}
234 233
 #endif
... ...
@@ -252,7 +251,7 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line)
252 251
 		s=backtrace2str(bt_buf, sizeof(bt_buf));
253 252
 		p=_shm_realloc(ptr, size+s, file, "via ser_realloc", line);
254 253
 		if (p==0){
255
-			LOG(L_CRIT, "tsl: ser_realloc(%p, %d)[%s:%d]==null, bt: %s\n",
254
+			LM_CRIT("tls - ser_realloc(%p, %d)[%s:%d]==null, bt: %s\n",
256 255
 					ptr, size, file, line, bt_buf);
257 256
 		}else{
258 257
 			memcpy(p+size, bt_buf, s);
... ...
@@ -263,9 +262,9 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line)
263 262
 	}else{
264 263
 		p=0;
265 264
 		backtrace2str(bt_buf, sizeof(bt_buf));
266
-		LOG(L_CRIT, "tsl: random ser_realloc(%p, %d)[%s:%d]"
267
-					" returning null - bt: %s\n", ptr, size, file, line,
268
-					bt_buf);
265
+		LM_CRIT("tls - random ser_realloc(%p, %d)[%s:%d]"
266
+				" returning null - bt: %s\n", ptr, size, file, line,
267
+				bt_buf);
269 268
 	}
270 269
 #endif
271 270
 	return p;
... ...
@@ -282,7 +281,7 @@ static void* ser_malloc(size_t size)
282 281
 
283 282
 static void* ser_realloc(void *ptr, size_t size)
284 283
 {
285
-		return shm_realloc(ptr, size);
284
+	return shm_realloc(ptr, size);
286 285
 }
287 286
 #else
288 287
 static void* ser_malloc(size_t size, const char *fname, int fline)
... ...
@@ -293,7 +292,7 @@ static void* ser_malloc(size_t size, const char *fname, int fline)
293 292
 
294 293
 static void* ser_realloc(void *ptr, size_t size, const char *fname, int fline)
295 294
 {
296
-		return shm_realloc(ptr, size);
295
+	return shm_realloc(ptr, size);
297 296
 }
298 297
 #endif
299 298
 
... ...
@@ -304,7 +303,8 @@ static void ser_free(void *ptr)
304 303
 {
305 304
 	/* The memory functions provided to openssl needs to behave like standard
306 305
 	 * memory functions, i.e. free(). Therefore, ser_free must accept NULL
307
-	 * pointers, see: http://openssl.6102.n7.nabble.com/Custom-free-routine-is-invoked-with-NULL-argument-in-openssl-1-0-1-td25937.html
306
+	 * pointers, see:
307
+	 * http://openssl.6102.n7.nabble.com/Custom-free-routine-is-invoked-with-NULL-argument-in-openssl-1-0-1-td25937.html
308 308
 	 * As shm_free() aborts on null pointers, we have to check for null pointer
309 309
 	 * here in the wrapper function.
310 310
 	 */
... ...
@@ -333,8 +333,8 @@ int tls_h_init_si(struct socket_info *si)
333 333
 	 */
334 334
 	ret = tcp_init(si);
335 335
 	if (ret != 0) {
336
-		ERR("Error while initializing TCP part of TLS socket %.*s:%d\n",
337
-			si->address_str.len, si->address_str.s, si->port_no);
336
+		LM_ERR("Error while initializing TCP part of TLS socket %.*s:%d\n",
337
+				si->address_str.len, si->address_str.s, si->port_no);
338 338
 		goto error;
339 339
 	}
340 340
 
... ...
@@ -490,11 +490,11 @@ static int init_tls_compression(void)
490 490
 #	endif
491 491
 	comp_methods = SSL_COMP_get_compression_methods();
492 492
 	if (comp_methods == 0) {
493
-		LOG(L_INFO, "tls: init_tls: compression support disabled in the"
494
-					" openssl lib\n");
493
+		LM_INFO("compression support disabled in the"
494
+				" openssl lib\n");
495 495
 		goto end; /* nothing to do, exit */
496 496
 	} else if (cfg_get(tls, tls_cfg, disable_compression)){
497
-		LOG(L_INFO, "tls: init_tls: disabling compression...\n");
497
+		LM_INFO("disabling compression...\n");
498 498
 		sk_SSL_COMP_zero(comp_methods);
499 499
 	}else{
500 500
 		ssl_version=SSLeay();
... ...
@@ -510,10 +510,10 @@ static int init_tls_compression(void)
510 510
 			zlib_comp = 0;
511 511
 			for (r = 0; r < n; r++) {
512 512
 				zlib_comp = sk_SSL_COMP_value(comp_methods, r);
513
-				DBG("tls: init_tls: found compression method %p id %d\n",
513
+				LM_DBG("found compression method %p id %d\n",
514 514
 						zlib_comp, zlib_comp->id);
515 515
 				if (zlib_comp->id == SSL_COMP_ZLIB_IDX) {
516
-					DBG("tls: init_tls: found zlib compression (%d)\n",
516
+					LM_DBG("found zlib compression (%d)\n",
517 517
 							SSL_COMP_ZLIB_IDX);
518 518
 					break /* found */;
519 519
 				} else {
... ...
@@ -521,16 +521,15 @@ static int init_tls_compression(void)
521 521
 				}
522 522
 			}
523 523
 			if (zlib_comp == 0) {
524
-				LOG(L_INFO, "tls: init_tls: no openssl zlib compression "
525
-							"found\n");
524
+				LM_INFO("no openssl zlib compression found\n");
526 525
 			}else{
527
-				LOG(L_WARN, "tls: init_tls: detected openssl lib with "
528
-							"known zlib compression bug: \"%s\" (0x%08lx)\n",
529
-							SSLeay_version(SSLEAY_VERSION), ssl_version);
526
+				LM_WARN("detected openssl lib with "
527
+						"known zlib compression bug: \"%s\" (0x%08lx)\n",
528
+						SSLeay_version(SSLEAY_VERSION), ssl_version);
530 529
 #	ifdef TLS_FIX_ZLIB_COMPRESSION
531
-				LOG(L_WARN, "tls: init_tls: enabling openssl zlib compression "
532
-							"bug workaround (replacing zlib COMP method with "
533
-							"our own version)\n");
530
+				LM_WARN("enabling openssl zlib compression "
531
+						"bug workaround (replacing zlib COMP method with "
532
+						"our own version)\n");
534 533
 				/* hack: make sure that the CRYPTO_EX_INDEX_COMP class is empty
535 534
 				 * and it does not contain any free_ex_data from the
536 535
 				 * built-in zlib. This can happen if the current openssl
... ...
@@ -543,7 +542,7 @@ static int init_tls_compression(void)
543 542
 				CRYPTO_cleanup_all_ex_data();
544 543
 
545 544
 				if (fixed_c_zlib_init() != 0) {
546
-					LOG(L_CRIT, "tls: init_tls: BUG: failed to initialize zlib"
545
+					LM_CRIT("BUG: failed to initialize zlib"
547 546
 							" compression fix, disabling compression...\n");
548 547
 					sk_SSL_COMP_zero(comp_methods); /* delete compression */
549 548
 					goto end;
... ...
@@ -551,8 +550,7 @@ static int init_tls_compression(void)
551 550
 				/* "fix" it */
552 551
 				zlib_comp->method = &zlib_method;
553 552
 #	else
554
-				LOG(L_WARN, "tls: init_tls: disabling openssl zlib "
555
-							"compression \n");
553
+				LM_WARN("disabling openssl zlib compression \n");
556 554
 				zlib_comp=sk_SSL_COMP_delete(comp_methods, r);
557 555
 				if (zlib_comp)
558 556
 					OPENSSL_free(zlib_comp);
... ...
@@ -592,11 +590,12 @@ int tls_pre_init(void)
592 590
 #else
593 591
 	if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
594 592
 #endif
595
-		ERR("Unable to set the memory allocation functions\n");
593
+		LM_ERR("Unable to set the memory allocation functions\n");
596 594
 		CRYPTO_get_mem_functions(&mf, &rf, &ff);
597
-		ERR("libssl current mem functions - m: %p r: %p f: %p\n", mf, rf, ff);
598
-		ERR("Be sure tls module is loaded before any other module using libssl"
599
-				" (can be loaded first to be safe)\n");
595
+		LM_ERR("libssl current mem functions - m: %p r: %p f: %p\n",
596
+					mf, rf, ff);
597
+		LM_ERR("Be sure tls module is loaded before any other module using"
598
+				" libssl (can be loaded first to be safe)\n");
600 599
 		return -1;
601 600
 	}
602 601
 
... ...
@@ -618,7 +617,7 @@ int tls_mod_pre_init_h(void)
618 617
 		LM_DBG("already mod pre-initialized\n");
619 618
 		return 0;
620 619
 	}
621
-	DBG("preparing tls env for modules initialization\n");
620
+	LM_DBG("preparing tls env for modules initialization\n");
622 621
 	SSL_library_init();
623 622
 	SSL_load_error_strings();
624 623
 	tls_mod_preinitialized=1;
... ...
@@ -649,10 +648,10 @@ int init_tls_h(void)
649 648
 		LM_DBG("already initialized\n");
650 649
 		return 0;
651 650
 	}
652
-	DBG("initializing tls system\n");
651
+	LM_DBG("initializing tls system\n");
653 652
 
654 653
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
655
-	WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
654
+	LM_WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
656 655
 #endif
657 656
 	ssl_version=SSLeay();
658 657
 	/* check if version have the same major minor and fix level
... ...
@@ -660,22 +659,22 @@ int init_tls_h(void)
660 659
 	 * - values is represented as 0xMMNNFFPPS: major minor fix patch status
661 660
 	 *   0x00090705f == 0.9.7e release */
662 661
 	if ((ssl_version>>12)!=(OPENSSL_VERSION_NUMBER>>12)){
663
-		LOG(L_CRIT, "ERROR: tls: init_tls_h: installed openssl library "
664
-				"version is too different from the library the Kamailio tls module "
665
-				"was compiled with: installed \"%s\" (0x%08lx), compiled "
666
-				"\"%s\" (0x%08lx).\n"
662
+		LM_CRIT("installed openssl library"
663
+				" version is too different from the library the " NAME " tls"
664
+				" module was compiled with: installed \"%s\" (0x%08lx),"
665
+				" compiled \"%s\" (0x%08lx).\n"
667 666
 				" Please make sure a compatible version is used"
668 667
 				" (tls_force_run in kamailio.cfg will override this check)\n",
669 668
 				SSLeay_version(SSLEAY_VERSION), ssl_version,
670 669
 				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER);
671 670
 		if (cfg_get(tls, tls_cfg, force_run))
672
-			LOG(L_WARN, "tls: init_tls_h: tls_force_run turned on, ignoring "
673
-						" openssl version mismatch\n");
671
+			LM_WARN("tls_force_run turned on, ignoring "
672
+					" openssl version mismatch\n");
674 673
 		else
675 674
 			return -1; /* safer to exit */
676 675
 	}
677 676
 
678
-/* check kerberos support using compile flags only for version < 1.1.0 */
677
+	/* check kerberos support using compile flags only for version < 1.1.0 */
679 678
 #if OPENSSL_VERSION_NUMBER < 0x010100000L
680 679
 
681 680
 #ifdef TLS_KERBEROS_SUPPORT
... ...
@@ -702,51 +701,51 @@ int init_tls_h(void)
702 701
 		if (strstr(lib_cflags, "-DKRB5_"))
703 702
 			lib_kerberos=1;
704 703
 	}
705
-	LOG(L_INFO, "tls: _init_tls_h:  compiled  with  openssl  version "
706
-				"\"%s\" (0x%08lx), kerberos support: %s, compression: %s\n",
707
-				OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER,
708
-				kerberos_support?"on":"off", comp_support?"on":"off");
709
-	LOG(L_INFO, "tls: init_tls_h: installed openssl library version "
710
-				"\"%s\" (0x%08lx), kerberos support: %s, "
711
-				" zlib compression: %s"
712
-				"\n %s\n",
713
-				SSLeay_version(SSLEAY_VERSION), ssl_version,
714
-				(lib_kerberos==1)?"on":(lib_kerberos==0)?"off":"unknown",
715
-				(lib_zlib==1)?"on":(lib_zlib==0)?"off":"unknown",
716
-				SSLeay_version(SSLEAY_CFLAGS));
704
+	LM_INFO("compiled  with  openssl  version "
705
+			"\"%s\" (0x%08lx), kerberos support: %s, compression: %s\n",
706
+			OPENSSL_VERSION_TEXT, (long)OPENSSL_VERSION_NUMBER,
707
+			kerberos_support?"on":"off", comp_support?"on":"off");
708
+	LM_INFO("installed openssl library version "
709
+			"\"%s\" (0x%08lx), kerberos support: %s, "
710
+			" zlib compression: %s"
711
+			"\n %s\n",
712
+			SSLeay_version(SSLEAY_VERSION), ssl_version,
713
+			(lib_kerberos==1)?"on":(lib_kerberos==0)?"off":"unknown",
714
+			(lib_zlib==1)?"on":(lib_zlib==0)?"off":"unknown",
715
+			SSLeay_version(SSLEAY_CFLAGS));
717 716
 	if (lib_kerberos!=kerberos_support){
718 717
 		if (lib_kerberos!=-1){
719
-			LOG(L_CRIT, "ERROR: tls: init_tls_h: openssl compile options"
720
-						" mismatch: library has kerberos support"
721
-						" %s and Kamailio tls %s (unstable configuration)\n"
722
-						" (tls_force_run in kamailio.cfg will override this"
723
-						" check)\n",
724
-						lib_kerberos?"enabled":"disabled",
725
-						kerberos_support?"enabled":"disabled"
726
-				);
718
+			LM_CRIT("openssl compile options"
719
+					" mismatch: library has kerberos support"
720
+					" %s and Kamailio tls %s (unstable configuration)\n"
721
+					" (tls_force_run in " NAME ".cfg will override this"
722
+					" check)\n",
723
+					lib_kerberos?"enabled":"disabled",
724
+					kerberos_support?"enabled":"disabled"
725
+			   );
727 726
 			if (cfg_get(tls, tls_cfg, force_run))
728
-				LOG(L_WARN, "tls: init_tls_h: tls_force_run turned on, "
727
+				LM_WARN("tls_force_run turned on, "
729 728
 						"ignoring kerberos support mismatch\n");
730 729
 			else
731 730
 				return -1; /* exit, is safer */
732 731
 		}else{
733
-			LOG(L_WARN, "WARNING: tls: init_tls_h: openssl  compile options"
734
-						" missing -- cannot detect if kerberos support is"
735
-						" enabled. Possible unstable configuration\n");
732
+			LM_WARN("openssl  compile options"
733
+					" missing -- cannot detect if kerberos support is"
734
+					" enabled. Possible unstable configuration\n");
736 735
 		}
737 736
 	}
738 737
 
739
-	#ifdef TLS_KSSL_WORKARROUND
738
+#ifdef TLS_KSSL_WORKARROUND
740 739
 	/* if openssl compiled with kerberos support, and openssl < 0.9.8e-dev
741 740
 	 * or openssl between 0.9.9-dev and 0.9.9-beta1 apply workaround for
742 741
 	 * openssl bug #1467 */
743 742
 	if (ssl_version < 0x00908050L ||
744 743
 			(ssl_version >= 0x00909000L && ssl_version < 0x00909001L)){
745 744
 		openssl_kssl_malloc_bug=1;
746
-		LOG(L_WARN, "tls: init_tls_h: openssl kerberos malloc bug detected, "
747
-			" kerberos support will be disabled...\n");
745
+		LM_WARN("openssl kerberos malloc bug detected, "
746
+				" kerberos support will be disabled...\n");
748 747
 	}
749
-	#endif
748
+#endif
750 749
 
751 750
 #endif /* libssl version < 1.1.0 (OPENSSL_VERSION_NUMBER < 0x010100000L) */
752 751
 
... ...
@@ -764,16 +763,17 @@ int init_tls_h(void)
764 763
 	}else
765 764
 		low_mem_threshold2*=1024; /* KB */
766 765
 	if ((low_mem_threshold1==0) || (low_mem_threshold2==0))
767
-		LOG(L_WARN, "tls: openssl bug #1491 (crash/mem leaks on low memory)"
768
-					" workarround disabled\n");
766
+	:w
767
+	 LM_WARN("tls: openssl bug #1491 (crash/mem leaks on low memory)"
768
+				" workarround disabled\n");
769 769
 	else
770
-		LOG(L_WARN, "tls: openssl bug #1491 (crash/mem leaks on low memory)"
770
+		LM_WARN("openssl bug #1491 (crash/mem leaks on low memory)"
771 771
 				" workaround enabled (on low memory tls operations will fail"
772 772
 				" preemptively) with free memory thresholds %d and %d bytes\n",
773 773
 				low_mem_threshold1, low_mem_threshold2);
774 774
 
775 775
 	if (shm_available()==(unsigned long)(-1)){
776
-		LOG(L_WARN, "tls: Kamailio is compiled without MALLOC_STATS support:"
776
+		LM_WARN(NAME " is compiled without MALLOC_STATS support:"
777 777
 				" the workaround for low mem. openssl bugs will _not_ "
778 778
 				"work\n");
779 779
 		low_mem_threshold1=0;
... ...
@@ -781,10 +781,10 @@ int init_tls_h(void)
781 781
 	}
782 782
 	if ((low_mem_threshold1 != cfg_get(tls, tls_cfg, low_mem_threshold1))
783 783
 			|| (low_mem_threshold2
784
-					!= cfg_get(tls, tls_cfg, low_mem_threshold2))) {
784
+				!= cfg_get(tls, tls_cfg, low_mem_threshold2))) {
785 785
 		/* ugly hack to set the initial values for the mem tresholds */
786 786
 		if (cfg_register_ctx(&cfg_ctx, 0)) {
787
-			ERR("failed to register cfg context\n");
787
+			LM_ERR("failed to register cfg context\n");
788 788
 			return -1;
789 789
 		}
790 790
 		tls_grp.s = "tls";
... ...
@@ -792,16 +792,18 @@ int init_tls_h(void)
792 792
 		s.s = "low_mem_threshold1";
793 793
 		s.len = strlen(s.s);
794 794
 		if (low_mem_threshold1 != cfg_get(tls, tls_cfg, low_mem_threshold1) &&
795
-				cfg_set_now_int(cfg_ctx, &tls_grp, NULL /* group id */, &s, low_mem_threshold1)) {
796
-			ERR("failed to set tls.low_mem_threshold1 to %d\n",
795
+				cfg_set_now_int(cfg_ctx, &tls_grp, NULL /* group id */, &s,
796
+					low_mem_threshold1)) {
797
+			LM_ERR("failed to set tls.low_mem_threshold1 to %d\n",
797 798
 					low_mem_threshold1);
798 799
 			return -1;
799 800
 		}
800 801
 		s.s = "low_mem_threshold2";
801 802
 		s.len = strlen(s.s);
802 803
 		if (low_mem_threshold2 != cfg_get(tls, tls_cfg, low_mem_threshold2) &&
803
-				cfg_set_now_int(cfg_ctx, &tls_grp, NULL /* group id */, &s, low_mem_threshold2)) {
804
-			ERR("failed to set tls.low_mem_threshold1 to %d\n",
804
+				cfg_set_now_int(cfg_ctx, &tls_grp, NULL /* group id */, &s,
805
+					low_mem_threshold2)) {
806
+			LM_ERR("failed to set tls.low_mem_threshold1 to %d\n",
805 807
 					low_mem_threshold2);
806 808
 			return -1;
807 809