tls_init.c calls OPENSSL_init_ssl(); this initializes the
global engine linked-list and this cannot be reset in the child.

To avoid linked-list corruption we manually instantiate
the engine object required for loading private keys instead of
relying on CONF_modules_load_file().

Updates to doc/.

Addresses #2839

Pre-Submission Checklist

Commit message has the format required by CONTRIBUTING guide
Commits are split per component (core, individual modules, libs, utils, ...)
Each component has a single commit (if not, squash them into one commit)
No commits to README files for modules (changes must be done to docbook files
in doc/ subfolder, the README file is autogenerated)

Type Of Change

Small bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds new functionality)
Breaking change (fix or feature that would change existing functionality)

Checklist:

PR should be backported to stable branches
Tested changes locally
Related to issue #2839

Description

The call to OPENSSL_init_ssl() in tls_init.c results in the creation of the engine linked-list in the parent.

This affects per-child engine private keys as there is no api to reinitialize the engine linked-list in the child.

This PR removes the call to CONF_modules_load_file() which causes linked-list corruption and replaces
the initialization of engine private keys in the child with with other api calls which do not manipulate global
objects.

You can view, comment on, or merge this pull request online at:

https://github.com/kamailio/kamailio/pull/2840

Commit Summary

tls: fix OpenSSL engine in child processes

File Changes

M src/modules/tls/doc/hsm_howto.xml (15)
M src/modules/tls/tls_mod.c (93)

Patch Links:

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.