[sr-dev] [SR-Users] Info: initialization of libssl 1.1.+ with PTHREAD_PROCESS_SHARED attribute for pthread mutex and rwlock

[Daniel-Constantin Mierla]

Hello,

thanks for coming back with the clarifications!

Before the changes related to PRNG, the reporter was doing stress
testing and it was crashing occasionally, after the changes, he
continued to stress test for several days without any issues --
therefore I thought in your case it could be something else, a matter of
a specific use case. But it is better now knowing it was an older
version and now no issue was showing up.

Cheers,
Daniel

On 23.10.19 14:52, Vitalii Aleksandrov wrote:
> Hi,
>
> My bad, I most probably used a container with a bit outdated version
> of master branch.
>
> Got new sources, tested them and had no problems with TLS. It works
> fine with libssl 1.1.1d-0+deb10u2.
> I suppose those fixes with using alternative random number generator
> or wrapping up the standard one with lock have helped.
>
>
>> Hello,
>>
>> can you provide the full backtrace from gdb?
>>
>> Also, give the output for "kamailio -I" and the exact version for
>> libssl.
>>
>> Cheers,
>> Daniel
>>
>> On 20.10.19 22:35, Vitalii Aleksandrov wrote:
>>> Hi.
>>>
>>> I'm going to jump into this thread with a bit different but related
>>> problem. I've tried kamailio master branch with the mentioned
>>> workaround and it still crashes almost immediately in my load tests
>>> when kamailio is linked to
>>> libssl-1.1.1.
>>> Haven't followed kamailio recently since had to switch to opensips for
>>> my current project but the root of the problem is the same - the
>>> multiprocess nature of a proxy and new behavior of libssl that uses
>>> pthread functions directly. This workaround with pthread_mutex_init()
>>> overriding really helps with deadlocks found with libssl1.1.0, but
>>> after switching to libssl1.1.1 it started to crash again. That lib
>>> version also uses thread local storage what most probably creates new
>>> problems since ssl contex IIRC might be moved between tcp main and
>>> workers.
>>>
>>> Has anyone tested kamailio master on debian 10 with libssl-1.1.1 and
>>> many concurrent tls connections?
>>>
>>>> I understood it happened on a load test session, which typically is
>>>> not done in production, but some test/staging system.
>>>>
>>>> Cheers,
>>>> Daniel
>>>>
>>> _______________________________________________
>>> Kamailio (SER) - Development Mailing List
>>> sr-dev at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
>
> _______________________________________________
> Kamailio (SER) - Development Mailing List
> sr-dev at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- https://asipto.com/u/kat