<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello,</p>
<p>for deadlock issue with libssl 1.1 an workaround with a preloaded
library was made available quite some time ago:</p>
<p><a
href="https://github.com/kamailio/kamailio/tree/master/src/modules/tls/utils/openssl_mutex_shared">https://github.com/kamailio/kamailio/tree/master/src/modules/tls/utils/openssl_mutex_shared</a></p>
<div class="moz-cite-prefix">Recently that code was integrated in
the core, so the preloaded library is not needed if you run 5.1.9
or latest branch 5.2 (to be released as 5.2.5, probably soon) as
well as branch 5.3 or master.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">However, few days ago was reported a
crash inside the pseudo-random number generator (prng) of libssl
1.1, which seems to be caused by the changes in libssl 1.1 to have
only-thread-safety approach. A patch was pushed two days ago,
which seemed to fix it, see:</div>
<div class="moz-cite-prefix"> <br>
</div>
<div class="moz-cite-prefix"><a
href="https://github.com/kamailio/kamailio/issues/2077">https://github.com/kamailio/kamailio/issues/2077</a></div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">More work is expected there in the next
few days to play with variants of prng.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Cheers,<br>
Daniel</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 03.10.19 10:29, Jurijs Ivolga wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAOrA2Ubn3Kyd29vDwBDs-JAtBdrLzFvhN52Mocbkzav=gcoyZA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Hi Daniel,</div>
<div><br>
</div>
<div>I hope you are well. Do you have any updates on this issue?
Did you get any response on openssl mailing list? Thank you!</div>
<div><br>
</div>
<div>With kind regards,<br>
</div>
<div><br>
</div>
<div>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">Jurijs<br>
</div>
</div>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Apr 1, 2019 at 11:55
AM Daniel-Constantin Mierla <<a
href="mailto:miconda@gmail.com" moz-do-not-send="true">miconda@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
an update on this issue -- I spent a bit of time looking at<br>
libssl/libcrypto library and the problem can be the type of
mutexes they<br>
use now internally starting with v1.1, respectively the
pthread mutex.<br>
They are not process shared and kamailio is a multi-process
application,<br>
working with the same tls connection from multiple processes.<br>
<br>
Today I wrote to openssl mailing list, waiting now to see if I
get any<br>
hints from there.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
On 01.04.19 10:33, Kristijan Vrban wrote:<br>
> Hi Andrew,<br>
><br>
> yes, with openssl 1.0.2 Kamailio is now up and running
since five<br>
> days. Looks good so far.<br>
><br>
> Kristijan<br>
><br>
> Am Do., 28. März 2019 um 11:09 Uhr schrieb Andrew
Pogrebennyk<br>
> <<a href="mailto:apogrebennyk@sipwise.com"
target="_blank" moz-do-not-send="true">apogrebennyk@sipwise.com</a>>:<br>
>> On 3/26/19 3:52 PM, Kristijan Vrban wrote:<br>
>>>> Just curious, did you get to compile with
OpenSSL 1.0 and test?<br>
>>> Just compiled with OpenSSL 1.0 . Gone test now.<br>
>> Kristijan,<br>
>> any new occurrences since you have recompiled
kamailio with openssl 1.0?<br>
>><br>
>> Regards,<br>
>> Andrew<br>
> _______________________________________________<br>
> Kamailio (SER) - Users Mailing List<br>
> <a href="mailto:sr-users@lists.kamailio.org"
target="_blank" moz-do-not-send="true">sr-users@lists.kamailio.org</a><br>
> <a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br>
-- <br>
Daniel-Constantin Mierla -- <a href="http://www.asipto.com"
rel="noreferrer" target="_blank" moz-do-not-send="true">www.asipto.com</a><br>
<a href="http://www.twitter.com/miconda" rel="noreferrer"
target="_blank" moz-do-not-send="true">www.twitter.com/miconda</a>
-- <a href="http://www.linkedin.com/in/miconda"
rel="noreferrer" target="_blank" moz-do-not-send="true">www.linkedin.com/in/miconda</a><br>
Kamailio World Conference - May 6-8, 2019 -- <a
href="http://www.kamailioworld.com" rel="noreferrer"
target="_blank" moz-do-not-send="true">www.kamailioworld.com</a><br>
<br>
<br>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank"
moz-do-not-send="true">sr-users@lists.kamailio.org</a><br>
<a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- <a class="moz-txt-link-freetext" href="https://asipto.com/u/kat">https://asipto.com/u/kat</a></pre>
</body>
</html>