git:master:cb424135: tls: new option for init_mode to use openssl api for fork prepare - sr-dev

25 Jan 2023

Module: kamailio
Branch: master
Commit: cb424135c4164be10dd3c12086b548b8fec0d830
URL: https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b8...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2023-01-25T08:19:52+01:00
tls: new option for init_mode to use openssl api for fork prepare
- flag 2 (value 2) has to be set
---
Modified: src/modules/tls/tls_init.h
Modified: src/modules/tls/tls_mod.c
---
Diff:  https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b8...
Patch: https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b8...
---

diff --git a/src/modules/tls/tls_init.h b/src/modules/tls/tls_init.h
index c0fecc6b17..c3fe829f00 100644
--- a/src/modules/tls/tls_init.h
+++ b/src/modules/tls/tls_init.h
@@ -57,6 +57,7 @@ extern sr_tls_methods_t sr_tls_methods[];
 #endif
#define TLS_MODE_PTHREAD_LOCK_SHM (1)
+#define TLS_MODE_FORK_PREPARE (1<<1)
/*
  * just once, pre-initialize the tls subsystem
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index e41c7d7d0f..466e2fcdbb 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -412,6 +412,15 @@ static int mod_init(void)
    if(sr_tls_event_callback.s==NULL || sr_tls_event_callback.len<=0) {
    	tls_lookup_event_routes();
    }
+#if OPENSSL_VERSION_NUMBER >= 0x010101000L
+	/*
+	 * register the need to be called post-fork of all children
+	 * with the special rank PROC_POSTCHILDINIT
+	 */
+	if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) {
+		ksr_module_set_flag(KSRMOD_FLAG_POSTCHILDINIT);
+	}
+#endif
    return 0;
 error:
    tls_h_mod_destroy_f();
@@ -423,6 +432,7 @@ static int mod_init(void)
 static int tls_engine_init();
 int tls_fix_engine_keys(tls_domains_cfg_t*, tls_domain_t*, tls_domain_t*);
 #endif
+
 static int mod_child(int rank)
 {
    if (tls_disable || (tls_domains_cfg==0))
@@ -440,7 +450,29 @@ static int mod_child(int rank)
    								&mod_params, &mod_params) < 0)
    			return -1;
    	}
+#if OPENSSL_VERSION_NUMBER >= 0x010101000L
+		if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) {
+			OPENSSL_fork_prepare();
+		}
+#endif
+		return 0;
+	}
+
+#if OPENSSL_VERSION_NUMBER >= 0x010101000L
+	if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) {
+		if(rank==PROC_POSTCHILDINIT) {
+			/*
+			 * this is called after forking of all child processes
+			 */
+			OPENSSL_fork_parent();
+			return 0;
+		}
+		if (!_ksr_is_main) {
+			OPENSSL_fork_child();
+		}
    }
+#endif
+
 #ifndef OPENSSL_NO_ENGINE
    /*
     * after the child is fork()ed we go through the TLS domains

    