Hello,
thanks for contributing to the project!
On 17.06.22 10:53, Richard Chan wrote:
Hello Kamailio users,
[...]
As a result Kamailio contains some tricky code
* a pthread polyfill in core
* duplicated SSL_CTX per worker
* atexit workaround
Just some clarifications: the atexit is not libssl specific, it is from
the libc, just that libssl makes use of it. It can happen with other
libraries that do not need anything for multi-process.
Also, the duplicated context might be something that is needed because
of the multi-process design, not necessary the specific to libssl. We
have for example a connection to database per process as well.
The pthread locks init is indeed sort of workaround, although might
worth trying to push a patch to the libssl to make the flags optional
for setting them, it is just some initialization value (ie, to set
PTHREAD_PROCESS_SHARED attribute).
But those do not reduce in anyway the value of having an alternative
like tls_wolfssl.
How to test?
The code is currently in master and can be built in the usual way.
Debian has 5.2.0 libwolfssl-dev needed;
For the moment just adding that Ubuntu 20.04 has libwolfssl-dev 4.30, so
the module does not compile there.
Cheers,
Daniel
for some RPM distros (el8, el9,
fc36) I have created a Copr repository
https://copr.fedorainfracloud.org/coprs/beaveryoga/wolfSSL/
Known limitations
The current state can be considered as identical to tls+OpenSSL
1.1.1/3.0.x.
Old TLS protocols < 1.2 and cipher list configuration don’t work,
i.e., only
TLS 1.2 and 1.3 work with the default cipher list.
In your configuration just replace
loadmodule “tls.so”
with
loadmodule “tls_wolfssl.so”
The rest of the TLS configuration can remain unchanged unless
you are using a funky protocol version/cipher list combination.
Thanks!
S-P
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
*
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla --
www.asipto.com
www.twitter.com/miconda --
www.linkedin.com/in/miconda
Kamailio Advanced Training - Online: June 20-23, 2022
*
https://www.asipto.com/sw/kamailio-advanced-training-online/