[sr-dev] [kamailio/kamailio] tls: add support for OpenSSL engine and private keys in HSM (#1484)
aalba6675
notifications at github.com
Wed Mar 21 23:36:57 CET 2018
@henningw I need your advice on one point: the OpenSSL memory allocation functions are set to ser_* (wrappers around shm*). This means when I allocate private keys in the worker process, they are actually overwriting the private keys from the other children. (The SSL_CTX arrays d->ctx[i] are the same for all workers).
One engine I tested, amazingly could use the private keys overwritten by another mod_chiild().
Further testing with other engines, shows this usually won't work. For such tls domains the engine might need per-worker SSL_CTX array in the domain structure.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1484#issuecomment-375118612
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20180321/e61e0ef0/attachment.html>
More information about the sr-dev
mailing list