Hello,
you should not backport TLS libssl3 changes in 5.6 branch. The patches were very intrusive even for 5.7, it had to be done because of some distros shipping libssl3 only. Otherwise we do not backport new features in older branches and if one of the stables has support for it, who needs it has to upgrade.
Cheers, Daniel
On 23.03.24 14:39, S-P Chan via sr-dev wrote:
Module: kamailio Branch: 5.6 Commit: a08562b2e56c89900220b7ed15c9ccd12655d9a6 URL: https://github.com/kamailio/kamailio/commit/a08562b2e56c89900220b7ed15c9ccd1...
Author: S-P Chan shihping.chan@gmail.com Committer: S-P Chan shihping.chan@gmail.com Date: 2024-03-23T21:38:18+08:00
tls: force thread-locals clean-up for libssl3
- minimal thread-locals patch as 5.6.x is packaged for distros that use libssl3 GH#3791
- simplified version of tls rework in 5.8.x
Modified: src/modules/tls/tls_mod.c
Diff: https://github.com/kamailio/kamailio/commit/a08562b2e56c89900220b7ed15c9ccd1... Patch: https://github.com/kamailio/kamailio/commit/a08562b2e56c89900220b7ed15c9ccd1...
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 499a9a77aea..3805accf70a 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -306,6 +306,17 @@ static tls_domains_cfg_t* tls_use_modparams(void) } #endif
+/* unconditionally perform thread-local clean-up
- especially needed with libssl3 uses
- (bookworm/jammy/noble/el9)
- */
+static void fork_child(void) +{
- for(int k = 0; k < 16; k++) {
if(pthread_getspecific(k) != 0)pthread_setspecific(k, 0x0);- }
+}
static int mod_init(void) { @@ -407,6 +418,9 @@ static int mod_init(void) if(sr_tls_event_callback.s == NULL || sr_tls_event_callback.len <= 0) { tls_lookup_event_routes(); }
/* minimal fix for libssl 1.1.1/3.x uses*/pthread_atfork(NULL, NULL, &fork_child);error: tls_h_mod_destroy_f(); @@ -635,11 +649,6 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2)
register_tls_hooks(&tls_h);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- LM_DBG("setting cryptorand random engine\n");
- RAND_set_rand_method(RAND_ksr_cryptorand_method());
-#endif
sr_kemi_modules_add(sr_kemi_tls_exports);
return 0;
Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-leave@lists.kamailio.org