[sr-dev] Re: [kamailio/kamailio] TLS related crash in Kamailio 5.7.2 (double free) (Issue #3635)

Observation: most of these faults are in `tls_accept()` even before the `SSL *` object is shared and used by multiple workers (in the steady state) — this is strange as we normally associate OpenSSL “problems” with using `SSL *` in multiple processes. It seems to be related to (1) error handling and/or (2) handshaking with asymmetric keys. If anyone is in a position to try with PSK it would be an interesting data point (not sure if kamailio's `tls.so` can be used with PSK though...). I have reproduced similar crashes with OpenSSL 3.0.x and most of them occur in `tls_accept()` in various places with both RSA/ECDSA keys. For workarounds: you can try `tls_wolfssl` (disclaimer: I am the contributor of this module) or `tlsa/OpenSSL 1.1.1`. I don't recommend `tlsa/OpenSSL 3.x.x` as I can reproduce such crashes in that scenario. For 5.7.2/3 you would have to build these modules yourself. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3635#issuecomment-1831111699 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3635/1831111699(a)github.com>