[sr-dev] [kamailio/kamailio] tls: build does not apply TLS_PTHREAD_MUTEX_SHARED on systems with libssl 1.1+ and without pkg-config (Issue #3384)

### Description On systems running libssl 1.1+, the compile flag `TLS_PTHREAD_MUTEX_SHARED` is set to avoid an issue with deadlocks. However, if the system does not have `pkg-config` installed, the build completes successfully without setting this compile flag. As such, users with this particular configuration are at risk of TLS-related deadlocks. ### Troubleshooting This scenario arose for me when I experienced suspected TLS-related deadlocks in Kamailio 5.4.1. Particularly, in a simple configuration, multiple UDP workers were using t_relay to near-simultaneously connect to the same TLS host. After some time, the UDP workers stopped responding while executing this simple route block. I cannot definitively conclude this issue was the same deadlock bug. The compile flag `TLS_PTHREAD_MUTEX_SHARED` was not set and `pkg-config` was not installed. I found [this mailing list thread](https://lists.kamailio.org/pipermail/sr-users/2019-December/107759.… discussing TLS deadlocks and the build process and the user was running Kamailio 5.3.1, libssl 1.1 but did not have `TLS_PTHREAD_MUTEX_SHARED` set. This issue may explain how this user ended up in that situation. #### Reproduction Tested against Kamailio 5.4.1 and latest master. On a system with libssl 1.1+, build (including the `tls` module) with `pkg-config` installed and run `kamailio -I`. `TLS_PTHREAD_MUTEX_SHARED` flag is set. ``` Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e Default config: /usr/local/etc/kamailio/kamailio.cfg Default paths to modules: /usr/local/lib64/kamailio/modules Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ``` Uninstall `pkg-config` and rebuild. `TLS_PTHREAD_MUTEX_SHARED` flag is not set. ``` Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e Default config: /usr/local/etc/kamailio/kamailio.cfg Default paths to modules: /usr/local/lib64/kamailio/modules Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES ``` When `pkg-config` is not installed, the build also outputs the following log lines, however the build does not fail. ``` /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found ``` ### Possible Solutions Some thoughts about options: 1. It looks like effort has been applied in other areas to support the absence of `pkg-config`, so potentially support libssl 1.1+ detection without `pkg-config`. 2. Require `pkg-config` on build and fail without it. 3. Enable `TLS_PTHREAD_MUTEX_SHARED` by default as I assume most people are running libssl 1.1+ these days, and disable it if libssl < 1.1 detected. Personally I have installed `pkg-config` and rebuilt, however I think for the safety of others building from source that the compile flag should be correctly set or the build should fail. ### Operating System ``` Distributor ID: Debian Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster Linux debian-kamailio 4.19.0-20-amd64 #1 SMP Debian 4.19.235-1 (2022-03-17) x86_64 GNU/Linux ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3384 You are receiving this because you are subscribed to this thread. Message ID: &lt;kamailio/kamailio/issues/3384(a)github.com&gt;