[sr-dev] git:5.7:73b19da1: tls: restore early init for other modules that use TLS

Module: kamailio Branch: 5.7 Commit: 73b19da1e0dd512f9eb77ca0606092c545e8fb99 URL: https://github.com/kamailio/kamailio/commit/73b19da1e0dd512f9eb77ca0606092c… Author: S-P Chan &lt;shihping.chan(a)gmail.com&gt; Committer: S-P Chan &lt;shihping.chan(a)gmail.com&gt; Date: 2024-02-25T11:04:27+08:00 tls: restore early init for other modules that use TLS Client modules (e.g. dispatcher) that require outbound TLS may race if tls init is too late. Restore tls init to PROC_INIT with a thread executor. Addresses GH #3765 Cherry-pick from 706d7b7ff3 --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/73b19da1e0dd512f9eb77ca0606092c… Patch: https://github.com/kamailio/kamailio/commit/73b19da1e0dd512f9eb77ca0606092c… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 0d8ea3df4c5..6058592aa01 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -42,6 +42,10 @@ #include "../../core/dprint.h" #include "../../core/mod_fix.h" #include "../../core/kemi.h" + +#define KSR_RTHREAD_SKIP_P +#define KSR_RTHREAD_NEED_4PP +#include "../../core/rthreads.h" #include "tls_init.h" #include "tls_server.h" #include "tls_domain.h" @@ -443,6 +447,22 @@ int tls_fix_engine_keys(tls_domains_cfg_t *, tls_domain_t *, tls_domain_t *); * * EC operations do not use pthread_self(), so could use shared SSL_CTX */ +static int mod_child_hook(int *rank, void *dummy) +{ + LM_DBG("Loading SSL_CTX in process_no=%d rank=%d " + "ksr_tls_threads_mode=%d\n", + process_no, *rank, ksr_tls_threads_mode); + if(cfg_get(tls, tls_cfg, config_file).s) { + if(tls_fix_domains_cfg(*tls_domains_cfg, &srv_defaults, &cli_defaults) + < 0) + return -1; + } else { + if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params, &mod_params) < 0) + return -1; + } + return 0; +} + static int mod_child(int rank) { if(tls_disable || (tls_domains_cfg == 0)) @@ -450,29 +470,17 @@ static int mod_child(int rank) #if OPENSSL_VERSION_NUMBER >= 0x010101000L /* - * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in worker to avoid init of - * libssl in rank 0(thread#1). Requires tls_threads_mode = 1 config. - */ - if((rank == PROC_SIPINIT && ksr_tls_threads_mode) - || (rank == PROC_INIT && !ksr_tls_threads_mode)) { + * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor + * to avoid init of libssl in thread#1 + */ + if(rank == PROC_INIT && ksr_tls_threads_mode != 0) { + return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank, NULL); + } #else if(rank == PROC_INIT) { -#endif - LM_DBG("Loading SSL_CTX in process_no=%d rank=%d " - "ksr_tls_threads_mode=%d\n", - process_no, rank, ksr_tls_threads_mode); - if(cfg_get(tls, tls_cfg, config_file).s) { - if(tls_fix_domains_cfg( - *tls_domains_cfg, &srv_defaults, &cli_defaults) - < 0) - return -1; - } else { - if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params, &mod_params) - < 0) - return -1; - } - return 0; + return mod_child_hook(&rank, NULL); } +#endif /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ENGINE /*