The code is in `tls_domain.c` where `d->ctx` is an **array of SSL_CTX** instead of a single SSL_CTX. Each worker has a personal copy of the SSL_CTX and uses `d->ctx[process_no]` .
In theory for each domain we could use a single SSL_CTX instead of duplicating it max_procs times, so this issue answers the question : Why is `d->ctx` an array of the same SSL_CTX instead of a single copy of an SSL_CTX?
The roots of this go back 1.1.1 where OpenSSL removed the ability of `CRYPTO_set_id_callback` (from 1.0.2). Then a process could generate a unique ID and "pretend" to be a different thread.
In OpenSSL 1.1.1+ the id is reported using `pthread_self()` - while this is unique within a process it is not unique across multiple workers.
Do you refer to the next code block?
* https://github.com/kamailio/kamailio/blob/master/src/modules/tls/tls_mod.c#L451-L471If yes, as I can see it, the `tls_fix_domains_cfg()` is executed for `rank == PROC_SIPINIT` when libssl is >=1.1.x, which means it is done only for the first SIP worker process (with the rank 1).