Hi,
(X-posted to sr-dev as this is getting into the nitty gritty)
As a short-term workaround for this, I've been playing with the preloaded library approach to hijack the pthread mutex calls and force them to provide process-shared mutexes. AFAICT this seems to be working and only has the minuscule performance impact of using slower process-shared mutexes in all instances, even when they aren't required.
The code for the preloaded library itself is very short and simple: https://gist.github.com/rfuchs/1bb7348b6acbe37e557d94c2f69a1498
As a more complete patch that integrates it into the build system (probably badly): https://gist.github.com/rfuchs/b240ffe87938a45e6f2a4cf53fe29f17
Finally it requires adding it to the startup script, for example in a systemd service file as:
Environment='LD_PRELOAD=/usr/lib/x86_64-linux-gnu/kamailio/openssl_mutex_shared/openssl_mutex_shared.so'
(that's with a hard coded path which isn't optimal of course).
I don't consider this a proper fix, but only a hacky workaround, but it might be a solution for the very near future. Throwing it out there in case other people have been working on similar approaches, and/or maybe have some comments about this.
Cheers
On 01/04/2019 04.52, Daniel-Constantin Mierla wrote:
Hello,
an update on this issue -- I spent a bit of time looking at libssl/libcrypto library and the problem can be the type of mutexes they use now internally starting with v1.1, respectively the pthread mutex. They are not process shared and kamailio is a multi-process application, working with the same tls connection from multiple processes.
Today I wrote to openssl mailing list, waiting now to see if I get any hints from there.
Cheers, Daniel
On 01.04.19 10:33, Kristijan Vrban wrote:
Hi Andrew,
yes, with openssl 1.0.2 Kamailio is now up and running since five days. Looks good so far.
Kristijan
Am Do., 28. März 2019 um 11:09 Uhr schrieb Andrew Pogrebennyk apogrebennyk@sipwise.com:
On 3/26/19 3:52 PM, Kristijan Vrban wrote:
Just curious, did you get to compile with OpenSSL 1.0 and test?
Just compiled with OpenSSL 1.0 . Gone test now.
Kristijan, any new occurrences since you have recompiled kamailio with openssl 1.0?
Regards, Andrew
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users