Observation: most of these faults are in
`tls_accept()` even before the `SSL *` object is shared and used by multiple workers (in
the steady state) — this is strange as we normally associate OpenSSL “problems” with using
`SSL *` in multiple processes.
It seems to be related to (1) error handling and/or (2) handshaking with asymmetric
keys.
If anyone is in a position to try with PSK it would be an interesting data point (not
sure if kamailio's `tls.so` can be used with PSK though...).
I have reproduced similar crashes with OpenSSL 3.0.x and most of them occur in
`tls_accept()` in various places with both RSA/ECDSA keys.
For workarounds: you can try `tls_wolfssl` (disclaimer: I am the contributor of this
module) or `tlsa/OpenSSL 1.1.1`. I don't recommend `tlsa/OpenSSL 3.x.x` as I can
reproduce such crashes in that scenario. For 5.7.2/3 you would have to build these modules
yourself.
We are currently facing this issue aswell and what I can tell is that it happens with
OpenSSL 1.1.1 too. Not tried tls_wolfssl.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3635#issuecomment-1847123249
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3635/1847123249(a)github.com>