20 Jun
2023
20 Jun
'23
12:51 p.m.
Module: kamailio
Branch: master
Commit: 9d6bfb96528c49e6aaa39aa47be877ca528c3537
URL: https://github.com/kamailio/kamailio/commit/9d6bfb96528c49e6aaa39aa47be877c…
Author: Victor Seva <linuxmaniac(a)torreviejawireless.org>
Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org>
Date: 2023-06-20T12:51:16+02:00
tls: OPENSSL_fork_[prepare|parent|child] deprecated at openssl 3.0
From https://www.openssl.org/docs/man3.0/man3/OPENSSL_fork_prepare.html:
OPENSSL_fork_prepare, OPENSSL_fork_parent,
OPENSSL_fork_child have been
deprecated since OpenSSL 3.0.
These methods are currently unused, and as such, no replacement methods
are required or planned.
OpenSSL has state that should be reset when a process forks. For
example, the entropy pool used to generate random numbers (and therefore
encryption keys) should not be shared across multiple programs. The
OPENSSL_fork_prepare(), OPENSSL_fork_parent(), and OPENSSL_fork_child()
functions are used to reset this internal state.
OPENSSL_init_crypto(3) will register these functions with the
appropriate handler, when the OPENSSL_INIT_ATFORK flag is used
---
Modified: src/modules/tls/tls_init.c
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/9d6bfb96528c49e6aaa39aa47be877c…
Patch:
https://github.com/kamailio/kamailio/commit/9d6bfb96528c49e6aaa39aa47be877c…
---
diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
index 0a2f13a77b2..cb035ee24fa 100644
--- a/src/modules/tls/tls_init.c
+++ b/src/modules/tls/tls_init.c
@@ -745,7 +745,7 @@ int tls_h_mod_pre_init_f(void)
LM_DBG("preparing tls env for modules initialization\n");
#if OPENSSL_VERSION_NUMBER >= 0x010100000L &&
!defined(LIBRESSL_VERSION_NUMBER)
LM_DBG("preparing tls env for modules initialization (libssl >=1.1)\n");
- OPENSSL_init_ssl(0, NULL);
+ OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL);
#else
LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n");
SSL_library_init();
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 3f42073b175..156eff81c76 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -452,7 +452,8 @@ static int mod_child(int rank)
< 0)
return -1;
}
-#if OPENSSL_VERSION_NUMBER >= 0x010101000L
+#if OPENSSL_VERSION_NUMBER >= 0x010101000L \
+ && OPENSSL_VERSION_NUMBER < 0x030000000L
if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) {
OPENSSL_fork_prepare();
}
@@ -460,7 +461,8 @@ static int mod_child(int rank)
return 0;
}
-#if OPENSSL_VERSION_NUMBER >= 0x010101000L
+#if OPENSSL_VERSION_NUMBER >= 0x010101000L \
+ && OPENSSL_VERSION_NUMBER < 0x030000000L
if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) {
if(rank == PROC_POSTCHILDINIT) {
/*
530
days inactive
530
days old
0 comments
1 participants
participants (1)
-
Victor Seva