Module: kamailio
Branch: 5.7
Commit: c5ed0e65b2530443b1367986dac2b3da111c0701
URL: https://github.com/kamailio/kamailio/commit/c5ed0e65b2530443b1367986dac2b3d…
Author: S-P Chan <shihping.chan(a)gmail.com>
Committer: S-P Chan <shihping.chan(a)gmail.com>
Date: 2024-01-11T08:04:58+08:00
tls: historical code comment on repeating SSL_CTX per worker
(cherry-pick from 29007ada5bc9e07ede3cdbce285f04d1298c0612)
---
Modified: src/modules/tls/tls_mod.c
---
Diff: https://github.com/kamailio/kamailio/commit/c5ed0e65b2530443b1367986dac2b3d…
Patch: https://github.com/kamailio/kamailio/commit/c5ed0e65b2530443b1367986dac2b3d…
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 7cad1b046e4..beaf1b7b70b 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -433,6 +433,16 @@ static int tls_engine_init();
int tls_fix_engine_keys(tls_domains_cfg_t *, tls_domain_t *, tls_domain_t *);
#endif
+/*
+ * OpenSSL 1.1.1+: SSL_CTX is repeated in each worker
+ *
+ * OpenSSL RSA blinding works in single-process multi-threaded mode
+ * and depends on pthread_self() to separate threads. In Kamailio multi-process workers
+ * pthread_self() will not necessarily be unique, this will result in incorrect BN
+ * operations���hence we create a separate SSL_CTX for each worker
+ *
+ * EC operations do not use pthread_self(), so could use shared SSL_CTX
+ */
static int mod_child(int rank)
{
if(tls_disable || (tls_domains_cfg == 0))
Module: kamailio
Branch: master
Commit: 29007ada5bc9e07ede3cdbce285f04d1298c0612
URL: https://github.com/kamailio/kamailio/commit/29007ada5bc9e07ede3cdbce285f04d…
Author: S-P Chan <shihping.chan(a)gmail.com>
Committer: S-P Chan <shihping.chan(a)gmail.com>
Date: 2024-01-11T08:03:07+08:00
tls: historical code comment on repeating SSL_CTX per worker
---
Modified: src/modules/tls/tls_mod.c
---
Diff: https://github.com/kamailio/kamailio/commit/29007ada5bc9e07ede3cdbce285f04d…
Patch: https://github.com/kamailio/kamailio/commit/29007ada5bc9e07ede3cdbce285f04d…
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 7cad1b046e4..beaf1b7b70b 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -433,6 +433,16 @@ static int tls_engine_init();
int tls_fix_engine_keys(tls_domains_cfg_t *, tls_domain_t *, tls_domain_t *);
#endif
+/*
+ * OpenSSL 1.1.1+: SSL_CTX is repeated in each worker
+ *
+ * OpenSSL RSA blinding works in single-process multi-threaded mode
+ * and depends on pthread_self() to separate threads. In Kamailio multi-process workers
+ * pthread_self() will not necessarily be unique, this will result in incorrect BN
+ * operations���hence we create a separate SSL_CTX for each worker
+ *
+ * EC operations do not use pthread_self(), so could use shared SSL_CTX
+ */
static int mod_child(int rank)
{
if(tls_disable || (tls_domains_cfg == 0))
Module: kamailio
Branch: master
Commit: bbb81e5f6ef5744cc9b74302e8ecee6687199872
URL: https://github.com/kamailio/kamailio/commit/bbb81e5f6ef5744cc9b74302e8ecee6…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2024-01-10T13:20:34+01:00
usrloc: docs for ka_randomize parameter
---
Modified: src/modules/usrloc/doc/usrloc_admin.xml
---
Diff: https://github.com/kamailio/kamailio/commit/bbb81e5f6ef5744cc9b74302e8ecee6…
Patch: https://github.com/kamailio/kamailio/commit/bbb81e5f6ef5744cc9b74302e8ecee6…
---
diff --git a/src/modules/usrloc/doc/usrloc_admin.xml b/src/modules/usrloc/doc/usrloc_admin.xml
index 77b18989b4b..d7d78ae7b00 100644
--- a/src/modules/usrloc/doc/usrloc_admin.xml
+++ b/src/modules/usrloc/doc/usrloc_admin.xml
@@ -1481,6 +1481,31 @@ modparam("usrloc", "ka_interval", 30)
</example>
</section>
+ <section id="usrloc.p.ka_randomize">
+ <title><varname>ka_randomize</varname> (int)</title>
+ <para>
+ The parameter sets the the upper limit to the range of random seconds
+ to be added to ka_interval before checking if a new keepalive request
+ has to be sent. It should help to distribute better the sending of
+ keepalive requests. The keepalive for a location record is going to be
+ sent in a random fashion between (ka_interval + 0) and
+ (ka_interval + ka_randomize).
+ </para>
+ <para>
+ <emphasis>
+ Default value is <quote>20</quote>.
+ </emphasis>
+ </para>
+ <example>
+ <title>Set <varname>ka_randomize</varname> parameter</title>
+ <programlisting format="linespecific">
+...
+modparam("usrloc", "ka_interval", 30)
+...
+</programlisting>
+ </example>
+ </section>
+
<section id="usrloc.p.ka_loglevel">
<title><varname>ka_loglevel</varname> (int)</title>
<para>