[sr-dev] git:master:cb424135: tls: new option for init_mode to use openssl api for fork prepare

Module: kamailio Branch: master Commit: cb424135c4164be10dd3c12086b548b8fec0d830 URL: https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2023-01-25T08:19:52+01:00 tls: new option for init_mode to use openssl api for fork prepare - flag 2 (value 2) has to be set --- Modified: src/modules/tls/tls_init.h Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b… Patch: https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b… --- diff --git a/src/modules/tls/tls_init.h b/src/modules/tls/tls_init.h index c0fecc6b17..c3fe829f00 100644 --- a/src/modules/tls/tls_init.h +++ b/src/modules/tls/tls_init.h @@ -57,6 +57,7 @@ extern sr_tls_methods_t sr_tls_methods[]; #endif #define TLS_MODE_PTHREAD_LOCK_SHM (1) +#define TLS_MODE_FORK_PREPARE (1<<1) /* * just once, pre-initialize the tls subsystem diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index e41c7d7d0f..466e2fcdbb 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -412,6 +412,15 @@ static int mod_init(void) if(sr_tls_event_callback.s==NULL || sr_tls_event_callback.len<=0) { tls_lookup_event_routes(); } +#if OPENSSL_VERSION_NUMBER >= 0x010101000L + /* + * register the need to be called post-fork of all children + * with the special rank PROC_POSTCHILDINIT + */ + if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) { + ksr_module_set_flag(KSRMOD_FLAG_POSTCHILDINIT); + } +#endif return 0; error: tls_h_mod_destroy_f(); @@ -423,6 +432,7 @@ static int mod_init(void) static int tls_engine_init(); int tls_fix_engine_keys(tls_domains_cfg_t*, tls_domain_t*, tls_domain_t*); #endif + static int mod_child(int rank) { if (tls_disable || (tls_domains_cfg==0)) @@ -440,7 +450,29 @@ static int mod_child(int rank) &mod_params, &mod_params) < 0) return -1; } +#if OPENSSL_VERSION_NUMBER >= 0x010101000L + if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) { + OPENSSL_fork_prepare(); + } +#endif + return 0; + } + +#if OPENSSL_VERSION_NUMBER >= 0x010101000L + if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) { + if(rank==PROC_POSTCHILDINIT) { + /* + * this is called after forking of all child processes + */ + OPENSSL_fork_parent(); + return 0; + } + if (!_ksr_is_main) { + OPENSSL_fork_child(); + } } +#endif + #ifndef OPENSSL_NO_ENGINE /* * after the child is fork()ed we go through the TLS domains