Re: [sr-dev] [kamailio/kamailio] tls: add support for OpenSSL engine and private keys in HSM (#1484)

@henningw I need your advice on one point: the OpenSSL memory allocation functions are set to ser_* (wrappers around shm*). This means when I allocate private keys in the worker process, they are actually overwriting the private keys from the other children. (The SSL_CTX arrays d->ctx[i] are the same for all workers). One engine I tested, amazingly could use the private keys overwritten by another mod_chiild(). Further testing with other engines, shows this usually won't work. For such tls domains the engine might need per-worker SSL_CTX array in the domain structure. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1484#issuecomment-375118612