[sr-dev] [kamailio/kamailio] [WIP] tls: add support for OpenSSL engine and private keys in HSM (#1484)

[Daniel-Constantin Mierla]

Just to confirm I haven't missed something -- the private keys stored in worker-local memory refer to keeping them in the map structure you introduced with the new files tls_map.{c,h}. They are not referenced from old structures of the tls module, right?

I see that the define conditions are on `#ifndef OPENSSL_NO_ENGINE`, understanding that  `OPENSSL_NO_ENGINE` is defined if libssl is compiled without this engine feature. But is this feature depending on some version, or is in libssl for very long time and makes no sense to check for a version that doesn't have support for it at all?

The files tls_map.{c,h} seems to be imported from external source, being under MIT license. tls module seems to be under BSD, anyone knows if there is any conflict between the two or something needs to be mentioned in the README of the tls module?

Some cosmetic things I would like to have for a safety future:

  * define guards inside tls_map.h should rely on the name of the file, like in the other cases. right now is `MAP_H`, exposing a risk of a conflict in the future someone adds a map.h somewhere in kamailio code that will be included in the same file with tls_map.h
  * the global variable `engine` has a rather common name, should be renamed like `ksr_tls_engine`, to make it more specific for kamailio context -- this should avoid unexpected behaviour if one opens the shared objects with RTLD_GLOBAL when there will be an overlap with such common name

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1484#issuecomment-378523224
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20180404/9a7df16f/attachment.html>