Module: kamailio Branch: master Commit: 7b531cfe038fae5e3414ac74c4e076c10e32b86c URL: https://github.com/kamailio/kamailio/commit/7b531cfe038fae5e3414ac74c4e076c… Author: S-P Chan &lt;shihping.chan(a)gmail.com&gt; Committer: S-P Chan &lt;shihping.chan(a)gmail.com&gt; Date: 2024-01-04T22:24:16+08:00 tls: OpenSSL 1.1.1 thread-local, init libssl in thread - no need for RAND workaround; default is OpenSSL 1.1.1 RAND - linux/pthreads will handle forking --- Modified: src/modules/tls/tls_init.c Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/7b531cfe038fae5e3414ac74c4e076c… Patch: https://github.com/kamailio/kamailio/commit/7b531cfe038fae5e3414ac74c4e076c… --- diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c index acf1c1456f8..8da6dfb07f1 100644 --- a/src/modules/tls/tls_init.c +++ b/src/modules/tls/tls_init.c @@ -827,7 +827,8 @@ int tls_h_mod_pre_init_f(void) #if OPENSSL_VERSION_NUMBER >= 0x030000000L // skip init for 3.x #elif OPENSSL_VERSION_NUMBER >= 0x010101000L - OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL); + //not needed on Linux + //OPENSSL_init_ssl(OPENSSL_INIT_ATFORK, NULL); #else OPENSSL_init_ssl(0, NULL); #endif @@ -835,7 +836,7 @@ int tls_h_mod_pre_init_f(void) LM_DBG("preparing tls env for modules initialization (libssl <=1.0)\n"); SSL_library_init(); #endif -#if OPENSSL_VERSION_NUMBER < 0x030000000L +#if OPENSSL_VERSION_NUMBER < 0x010101000L SSL_load_error_strings(); #endif diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 1e74ba0e309..03874edabba 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -440,8 +440,16 @@ static int mod_child(int rank) /* fix tls config only from the main proc/PROC_INIT., when we know * the exact process number and before any other process starts*/ + if(rank == PROC_INIT) { +#if OPENSSL_VERSION_NUMBER >= 0x010101000L \ + && OPENSSL_VERSION_NUMBER < 0x030000000L + if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) { + // not needed on Linux: OPENSSL_fork_prepare(); + } +#endif + } -#if OPENSSL_VERSION_NUMBER >= 0x030000000L +#if OPENSSL_VERSION_NUMBER >= 0x010101000L /* * OpenSSL 3.x: create shared SSL_CTX* in worker to avoid init of * libssl in rank 0(thread#1) @@ -460,12 +468,6 @@ static int mod_child(int rank) < 0) return -1; } -#if OPENSSL_VERSION_NUMBER >= 0x010101000L \ - && OPENSSL_VERSION_NUMBER < 0x030000000L - if(ksr_tls_init_mode & TLS_MODE_FORK_PREPARE) { - OPENSSL_fork_prepare(); - } -#endif return 0; } @@ -476,11 +478,11 @@ static int mod_child(int rank) /* * this is called after forking of all child processes */ - OPENSSL_fork_parent(); + // not needed on Linux: OPENSSL_fork_parent(); return 0; } if(!_ksr_is_main) { - OPENSSL_fork_child(); + // not needed on Linux: OPENSSL_fork_child(); } } #endif @@ -691,7 +693,7 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) #if OPENSSL_VERSION_NUMBER >= 0x10100000L \ && OPENSSL_VERSION_NUMBER < 0x030000000L LM_DBG("setting cryptorand random engine\n"); - RAND_set_rand_method(RAND_ksr_cryptorand_method()); + // RAND_set_rand_method(RAND_ksr_cryptorand_method()); #endif sr_kemi_modules_add(sr_kemi_tls_exports);