Hello,

for deadlock issue with libssl 1.1 an workaround with a preloaded library was made available quite some time ago:

https://github.com/kamailio/kamailio/tree/master/src/modules/tls/utils/openssl_mutex_shared

Recently that code was integrated in the core, so the preloaded library is not needed if you run 5.1.9 or latest branch 5.2 (to be released as 5.2.5, probably soon) as well as branch 5.3 or master.

However, few days ago was reported a crash inside the pseudo-random number generator (prng) of libssl 1.1, which seems to be caused by the changes in libssl 1.1 to have only-thread-safety approach. A patch was pushed two days ago, which seemed to fix it, see:

https://github.com/kamailio/kamailio/issues/2077

More work is expected there in the next few days to play with variants of prng.

Cheers,
Daniel

On 03.10.19 10:29, Jurijs Ivolga wrote:

Hi Daniel,

I hope you are well. Do you have any updates on this issue? Did you get any response on openssl mailing list? Thank you!

With kind regards,

Jurijs

On Mon, Apr 1, 2019 at 11:55 AM Daniel-Constantin Mierla <miconda@gmail.com> wrote:

Hello,

an update on this issue -- I spent a bit of time looking at
libssl/libcrypto library and the problem can be the type of mutexes they
use now internally starting with v1.1, respectively the pthread mutex.
They are not process shared and kamailio is a multi-process application,
working with the same tls connection from multiple processes.

Today I wrote to openssl mailing list, waiting now to see if I get any
hints from there.

Cheers,
Daniel

On 01.04.19 10:33, Kristijan Vrban wrote:
> Hi Andrew,
>
> yes, with openssl 1.0.2 Kamailio is now up and running since five
> days. Looks good so far.
>
> Kristijan
>
> Am Do., 28. März 2019 um 11:09 Uhr schrieb Andrew Pogrebennyk
> <apogrebennyk@sipwise.com>:
>> On 3/26/19 3:52 PM, Kristijan Vrban wrote:
>>>> Just curious, did you get to compile with OpenSSL 1.0 and test?
>>> Just compiled with OpenSSL 1.0 . Gone test now.
>> Kristijan,
>> any new occurrences since you have recompiled kamailio with openssl 1.0?
>>
>> Regards,
>> Andrew
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- https://asipto.com/u/kat