23 Mar
2024
23 Mar
'24
6:01 p.m.
Hello,
you should not backport TLS libssl3 changes in 5.6 branch. The patches
were very intrusive even for 5.7, it had to be done because of some
distros shipping libssl3 only. Otherwise we do not backport new features
in older branches and if one of the stables has support for it, who
needs it has to upgrade.
Cheers,
Daniel
On 23.03.24 14:39, S-P Chan via sr-dev wrote:
Module: kamailio
Branch: 5.6
Commit: a08562b2e56c89900220b7ed15c9ccd12655d9a6
URL:
https://github.com/kamailio/kamailio/commit/a08562b2e56c89900220b7ed15c9ccd…
Author: S-P Chan <shihping.chan(a)gmail.com>
Committer: S-P Chan <shihping.chan(a)gmail.com>
Date: 2024-03-23T21:38:18+08:00
tls: force thread-locals clean-up for libssl3
- minimal thread-locals patch as 5.6.x is packaged for distros
that use libssl3 GH#3791
- simplified version of tls rework in 5.8.x
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/a08562b2e56c89900220b7ed15c9ccd…
Patch:
https://github.com/kamailio/kamailio/commit/a08562b2e56c89900220b7ed15c9ccd…
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 499a9a77aea..3805accf70a 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -306,6 +306,17 @@ static tls_domains_cfg_t* tls_use_modparams(void)
}
#endif
+/* unconditionally perform thread-local clean-up
+ * especially needed with libssl3 uses
+ * (bookworm/jammy/noble/el9)
+ */
+static void fork_child(void)
+{
+ for(int k = 0; k < 16; k++) {
+ if(pthread_getspecific(k) != 0)
+ pthread_setspecific(k, 0x0);
+ }
+}
static int mod_init(void)
{
@@ -407,6 +418,9 @@ static int mod_init(void)
if(sr_tls_event_callback.s == NULL || sr_tls_event_callback.len <= 0) {
tls_lookup_event_routes();
}
+ /* minimal fix for libssl 1.1.1/3.x uses
+ */
+ pthread_atfork(NULL, NULL, &fork_child);
return 0;
error:
tls_h_mod_destroy_f();
@@ -635,11 +649,6 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2)
register_tls_hooks(&tls_h);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- LM_DBG("setting cryptorand random engine\n");
- RAND_set_rand_method(RAND_ksr_cryptorand_method());
-#endif
-
sr_kemi_modules_add(sr_kemi_tls_exports);
return 0;
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-leave(a)lists.kamailio.org
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
Kamailio World Conference, April 18-19, 2024, Berlin -- kamailioworld.com