I was'nt able to start Opensips with TLS because it seems that openssl was compiled in FIPS mode.
It seems that with FIPS openssl 1.0.1e disable malloc and free that opensips use.
I recompile openssl 1.0.1e without FIPS and replace the libraries in /lib but I got a strange message from opensips when I restart.
localhost opensips: WARNING:core:fm_free: free(0) called
localhost opensips: ERROR:core:init_tls: compiled agaist an openssl with no kerberos, but run with one with no kerberos
localhost opensips: CRITICAL:core:main: could not initialize tls, exiting...
I did check the code in "tls_init.c" in opensips and it seems a little bit messy at line 535...
Like it compare something that is fix but seems to print the message anyway with a dynamic variable that is get from openssl ciphers suites and the double inversions seems to get the output a little fuzzy...
In anycase, I try to compile openssl libraries without kerberos and it did'nt work, I retry to compile it with Kerberos MIT flavor and it work.
I just hope I will help someone else.
I don't know if it's possible to try to get a patch for opensips in Fedora 18 that could use openssl with FIPS.
David Bergeron
It seems that with FIPS openssl 1.0.1e disable malloc and free that opensips use.
I recompile openssl 1.0.1e without FIPS and replace the libraries in /lib but I got a strange message from opensips when I restart.
localhost opensips: WARNING:core:fm_free: free(0) called
localhost opensips: ERROR:core:init_tls: compiled agaist an openssl with no kerberos, but run with one with no kerberos
localhost opensips: CRITICAL:core:main: could not initialize tls, exiting...
I did check the code in "tls_init.c" in opensips and it seems a little bit messy at line 535...
Like it compare something that is fix but seems to print the message anyway with a dynamic variable that is get from openssl ciphers suites and the double inversions seems to get the output a little fuzzy...
In anycase, I try to compile openssl libraries without kerberos and it did'nt work, I retry to compile it with Kerberos MIT flavor and it work.
I just hope I will help someone else.
I don't know if it's possible to try to get a patch for opensips in Fedora 18 that could use openssl with FIPS.
David Bergeron