[SR-Users] Kamailio stop to process incoming SIP traffic via TCP.

Daniel-Constantin Mierla miconda at gmail.com
Thu Oct 3 10:50:54 CEST 2019


Hello,

for deadlock issue with libssl 1.1 an workaround with a preloaded
library was made available quite some time ago:

https://github.com/kamailio/kamailio/tree/master/src/modules/tls/utils/openssl_mutex_shared

Recently that code was integrated in the core, so the preloaded library
is not needed if you run 5.1.9 or latest branch 5.2 (to be released as
5.2.5, probably soon) as well as branch 5.3 or master.

However, few days ago was reported a crash inside the pseudo-random
number generator (prng) of libssl 1.1, which seems to be caused by the
changes in libssl 1.1 to have only-thread-safety approach. A patch was
pushed two days ago, which seemed to fix it, see:
 
https://github.com/kamailio/kamailio/issues/2077

More work is expected there in the next few days to play with variants
of prng.

Cheers,
Daniel

On 03.10.19 10:29, Jurijs Ivolga wrote:
> Hi Daniel,
>
> I hope you are well. Do you have any updates on this issue? Did you
> get any response on openssl mailing list? Thank you!
>
> With kind regards,
>
> Jurijs
>
>
> On Mon, Apr 1, 2019 at 11:55 AM Daniel-Constantin Mierla
> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>
>     Hello,
>
>     an update on this issue -- I spent a bit of time looking at
>     libssl/libcrypto library and the problem can be the type of
>     mutexes they
>     use now internally starting with v1.1, respectively the pthread mutex.
>     They are not process shared and kamailio is a multi-process
>     application,
>     working with the same tls connection from multiple processes.
>
>     Today I wrote to openssl mailing list, waiting now to see if I get any
>     hints from there.
>
>     Cheers,
>     Daniel
>
>     On 01.04.19 10:33, Kristijan Vrban wrote:
>     > Hi Andrew,
>     >
>     > yes, with openssl 1.0.2 Kamailio is now up and running since five
>     > days. Looks good so far.
>     >
>     > Kristijan
>     >
>     > Am Do., 28. März 2019 um 11:09 Uhr schrieb Andrew Pogrebennyk
>     > <apogrebennyk at sipwise.com <mailto:apogrebennyk at sipwise.com>>:
>     >> On 3/26/19 3:52 PM, Kristijan Vrban wrote:
>     >>>> Just curious, did you get to compile with OpenSSL 1.0 and test?
>     >>> Just compiled with OpenSSL 1.0 . Gone test now.
>     >> Kristijan,
>     >> any new occurrences since you have recompiled kamailio with
>     openssl 1.0?
>     >>
>     >> Regards,
>     >> Andrew
>     > _______________________________________________
>     > Kamailio (SER) - Users Mailing List
>     > sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>     > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>     -- 
>     Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com>
>     www.twitter.com/miconda <http://www.twitter.com/miconda> --
>     www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>     Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com
>     <http://www.kamailioworld.com>
>
>
>     _______________________________________________
>     Kamailio (SER) - Users Mailing List
>     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- https://asipto.com/u/kat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191003/ab4962d6/attachment.html>


More information about the sr-users mailing list