[SR-Users] Testers wanted for new TLS transport based on wolfSSL
Daniel-Constantin Mierla
miconda at gmail.com
Fri Jun 17 12:52:41 CEST 2022
Hello,
thanks for contributing to the project!
On 17.06.22 10:53, Richard Chan wrote:
> Hello Kamailio users,
>
> [...]
> As a result Kamailio contains some tricky code
> * a pthread polyfill in core
> * duplicated SSL_CTX per worker
> * atexit workaround
Just some clarifications: the atexit is not libssl specific, it is from
the libc, just that libssl makes use of it. It can happen with other
libraries that do not need anything for multi-process.
Also, the duplicated context might be something that is needed because
of the multi-process design, not necessary the specific to libssl. We
have for example a connection to database per process as well.
The pthread locks init is indeed sort of workaround, although might
worth trying to push a patch to the libssl to make the flags optional
for setting them, it is just some initialization value (ie, to set
PTHREAD_PROCESS_SHARED attribute).
But those do not reduce in anyway the value of having an alternative
like tls_wolfssl.
>
> How to test?
>
> The code is currently in master and can be built in the usual way.
> Debian has 5.2.0 libwolfssl-dev needed;
For the moment just adding that Ubuntu 20.04 has libwolfssl-dev 4.30, so
the module does not compile there.
Cheers,
Daniel
> for some RPM distros (el8, el9,
> fc36) I have created a Copr repository
> https://copr.fedorainfracloud.org/coprs/beaveryoga/wolfSSL/
>
> Known limitations
> The current state can be considered as identical to tls+OpenSSL
> 1.1.1/3.0.x.
>
> Old TLS protocols < 1.2 and cipher list configuration don’t work,
> i.e., only
> TLS 1.2 and 1.3 work with the default cipher list.
>
> In your configuration just replace
> loadmodule “tls.so”
> with
> loadmodule “tls_wolfssl.so”
>
> The rest of the TLS configuration can remain unchanged unless
> you are using a funky protocol version/cipher list combination.
>
> Thanks!
>
> S-P
>
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to the sender!
> Edit mailing list options or unsubscribe:
> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - Online: June 20-23, 2022
* https://www.asipto.com/sw/kamailio-advanced-training-online/
More information about the sr-users
mailing list