Module: kamailio Branch: master Commit: f71243410d5e051def1a47cc73adb6caeeadd1cd URL: https://github.com/kamailio/kamailio/commit/f71243410d5e051def1a47cc73adb6c… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2015-01-25T10:59:07+01:00 tls: implemented tls hook for pre-mod init execution - do openssl init at this callback --- Modified: modules/tls/tls_init.c Modified: modules/tls/tls_init.h Modified: modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/f71243410d5e051def1a47cc73adb6c… Patch: https://github.com/kamailio/kamailio/commit/f71243410d5e051def1a47cc73adb6c… --- diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c index 6812f42..58684d8 100644 --- a/modules/tls/tls_init.c +++ b/modules/tls/tls_init.c @@ -61,6 +61,7 @@ #include "tls_cfg.h" /* will be set to 1 when the TLS env is initialized to make destroy safe */ +static int tls_mod_preinitialized = 0; static int tls_mod_initialized = 0; #if OPENSSL_VERSION_NUMBER < 0x00907000L @@ -469,6 +470,7 @@ static int init_tls_compression(void) /** * tls pre-init function + * - executed when module is loaded */ int tls_pre_init(void) { @@ -493,6 +495,23 @@ int tls_pre_init(void) return 0; } +/** + * tls mod pre-init function + * - executed before any mod_init() + */ +int tls_mod_pre_init_h(void) +{ + if(tls_mod_preinitialized==1) { + LM_DBG("already mod pre-initialized\n"); + return 0; + } + DBG("============= :preparing tls env for modules initialization\n"); + SSL_library_init(); + SSL_load_error_strings(); + tls_mod_preinitialized=1; + return 0; +} + /* * First step of TLS initialization */ @@ -511,6 +530,12 @@ int init_tls_h(void) str s; cfg_ctx_t* cfg_ctx; + if(tls_mod_initialized == 1) { + LM_DBG("already initialized\n"); + return 0; + } + DBG("initializing tls system\n"); + #if OPENSSL_VERSION_NUMBER < 0x00907000L WARN("You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n"); #endif @@ -657,8 +682,6 @@ int init_tls_h(void) } } - SSL_library_init(); - SSL_load_error_strings(); init_ssl_methods(); tls_mod_initialized = 1; return 0; @@ -693,7 +716,7 @@ int tls_check_sockets(tls_domains_cfg_t* cfg) void destroy_tls_h(void) { DBG("tls module final tls destroy\n"); - if(tls_mod_initialized > 0) + if(tls_mod_preinitialized > 0) ERR_free_strings(); /* TODO: free all the ctx'es */ tls_destroy_cfg(); diff --git a/modules/tls/tls_init.h b/modules/tls/tls_init.h index 412fa49..eb28398 100644 --- a/modules/tls/tls_init.h +++ b/modules/tls/tls_init.h @@ -53,8 +53,13 @@ extern const SSL_METHOD* ssl_methods[]; */ int tls_pre_init(void); +/** + * just once, prepare for init of all modules + */ +int tls_mod_pre_init_h(void); + /* - * just once, initialize the tls subsystem + * just once, initialize the tls subsystem after all mod inits */ int init_tls_h(void); diff --git a/modules/tls/tls_mod.c b/modules/tls/tls_mod.c index 356b494..b02e1a1 100644 --- a/modules/tls/tls_mod.c +++ b/modules/tls/tls_mod.c @@ -231,7 +231,8 @@ static struct tls_hooks tls_h = { tls_h_close, tls_h_init_si, init_tls_h, - destroy_tls_h + destroy_tls_h, + tls_mod_pre_init_h, }; @@ -253,12 +254,21 @@ static tls_domains_cfg_t* tls_use_modparams(void) int mod_register(char *path, int *dlflags, void *p1, void *p2) { + if (tls_disable) { + LOG(L_WARN, "tls support is disabled " + "(set enable_tls=1 in the config to enable it)\n"); + return 0; + } + /* shm is used, be sure it is initialized */ if(!shm_initialized() && init_shm()<0) return -1; if(tls_pre_init()<0) return -1; + + register_tls_hooks(&tls_h); + return 0; } @@ -267,7 +277,7 @@ static int mod_init(void) int method; if (tls_disable){ - LOG(L_WARN, "WARNING: tls: mod_init: tls support is disabled " + LOG(L_WARN, "tls support is disabled " "(set enable_tls=1 in the config to enable it)\n"); return 0; } @@ -306,7 +316,6 @@ static int mod_init(void) } *tls_domains_cfg = NULL; - register_tls_hooks(&tls_h); register_select_table(tls_sel); /* register the rpc interface */ if (rpc_register_array(tls_rpc)!=0) {