[sr-dev] git:master:5d400241: cmake: remove redundant default optimization level
Module: kamailio Branch: master Commit: 5d4002415fd8377c5384beee387acf5ba9e2dfd3 URL: https://github.com/kamailio/kamailio/commit/5d4002415fd8377c5384beee387acf5ba9e2dfd3 Author: S-P Chan Committer: S-P Chan Date: 2024-12-24T06:50:08+08:00 cmake: remove redundant default optimization level - user can prepend compiler options with CFLAGS="-g -O2" cmake ... --- Modified: cmake/compiler-specific.cmake --- Diff: https://github.com/kamailio/kamailio/commit/5d4002415fd8377c5384beee387acf5ba9e2dfd3.diff Patch: https://github.com/kamailio/kamailio/commit/5d4002415fd8377c5384beee387acf5ba9e2dfd3.patch --- diff --git a/cmake/compiler-specific.cmake b/cmake/compiler-specific.cmake index f6bd54c2655..e0d15601bf5 100644 --- a/cmake/compiler-specific.cmake +++ b/cmake/compiler-specific.cmake @@ -13,11 +13,6 @@ if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64") if(CMAKE_C_COMPILER_ID STREQUAL "GNU") target_compile_definitions(common INTERFACE CC_GCC_LIKE_ASM) -target_compile_options( - common INTERFACE -O0 - # <$<$:-pg> -) - target_compile_options( common INTERFACE -Wall -funroll-loops -Wcast-align ___ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
[sr-dev] git:master:b5cb581b: tls: warn if tls_threads_mode=1 and force value to 2
Module: kamailio
Branch: master
Commit: b5cb581bd8f529dab8f4bcc6173e0cf1ad936550
URL:
https://github.com/kamailio/kamailio/commit/b5cb581bd8f529dab8f4bcc6173e0cf1ad936550
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-20T20:56:09+08:00
tls: warn if tls_threads_mode=1 and force value to 2
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/b5cb581bd8f529dab8f4bcc6173e0cf1ad936550.diff
Patch:
https://github.com/kamailio/kamailio/commit/b5cb581bd8f529dab8f4bcc6173e0cf1ad936550.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 1d7169b27e6..8a0b781831e 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -408,6 +408,12 @@ static int mod_init(void)
"tls.so must be the first module
loaded\n");
}
}
+
+ if(ksr_tls_threads_mode == KSR_TLS_THREADS_MTEMP) {
+ LM_WARN("tls_threads_mode=1 is invalid on kamailio version >=
6; "
+ "forcing tls_threads_mode=2\n");
+ ksr_tls_threads_mode = KSR_TLS_THREADS_MFORK;
+ }
#endif /* OPENSSL_VERSION_NUMBER*/
if(tls_disable) {
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
[sr-dev] git:master:2df6fd2b: tls: warn if thread-locals are initialized before this module
Module: kamailio
Branch: master
Commit: 2df6fd2b92c95791fa299500680a31814f95291c
URL:
https://github.com/kamailio/kamailio/commit/2df6fd2b92c95791fa299500680a31814f95291c
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-20T17:01:03+08:00
tls: warn if thread-locals are initialized before this module
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/2df6fd2b92c95791fa299500680a31814f95291c.diff
Patch:
https://github.com/kamailio/kamailio/commit/2df6fd2b92c95791fa299500680a31814f95291c.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 1cc8a9540da..1d7169b27e6 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -401,6 +401,14 @@ static int mod_init(void)
return -1;
}
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+ for(k = 0; k < 32; k++) {
+ if(pthread_getspecific(k) != 0) {
+ LM_WARN("detected initialized thread-locals created
before tls.so; "
+ "tls.so must be the first module
loaded\n");
+ }
+ }
+#endif /* OPENSSL_VERSION_NUMBER*/
if(tls_disable) {
LM_WARN("tls support is disabled "
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
[sr-dev] git:master:8cc21a5a: tls: fix compiler warning of unused variable
Module: kamailio
Branch: master
Commit: 8cc21a5af0846ddd657b20363895e220658816ea
URL:
https://github.com/kamailio/kamailio/commit/8cc21a5af0846ddd657b20363895e220658816ea
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-20T16:36:12+08:00
tls: fix compiler warning of unused variable
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/8cc21a5af0846ddd657b20363895e220658816ea.diff
Patch:
https://github.com/kamailio/kamailio/commit/8cc21a5af0846ddd657b20363895e220658816ea.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 5d7c74f9249..1cc8a9540da 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -588,8 +588,6 @@ static OSSL_LIB_CTX *new_ctx;
#endif
static int mod_child(int rank)
{
- int k;
-
if(tls_disable || (tls_domains_cfg == 0))
return 0;
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
[sr-dev] git:master:398e647b: tls: revert tls_threads_mode=1
Module: kamailio
Branch: master
Commit: 398e647b0667f5609d30ccb9f4cedbb659dca3ab
URL:
https://github.com/kamailio/kamailio/commit/398e647b0667f5609d30ccb9f4cedbb659dca3ab
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-20T16:27:07+08:00
tls: revert tls_threads_mode=1
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/398e647b0667f5609d30ccb9f4cedbb659dca3ab.diff
Patch:
https://github.com/kamailio/kamailio/commit/398e647b0667f5609d30ccb9f4cedbb659dca3ab.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 5a63beaf5ce..5d7c74f9249 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -45,9 +45,6 @@
#include "../../core/counters.h"
#include "../../core/tcp_info.h"
-#define KSR_RTHREAD_SKIP_P
-#define KSR_RTHREAD_NEED_4PP
-#include "../../core/rthreads.h"
#include "tls_init.h"
#include "tls_server.h"
#include "tls_domain.h"
@@ -596,20 +593,8 @@ static int mod_child(int rank)
if(tls_disable || (tls_domains_cfg == 0))
return 0;
- /*
-* OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor
-* to avoid init of libssl in thread#1:
-* - ksr_tls_threads_mode = 1 (KSR_TLS_THREADS_MTEMP)
-*/
if(rank == PROC_INIT) {
- return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
- }
-
- if(ksr_tls_threads_mode == KSR_TLS_THREADS_MTEMP && rank
- && rank != PROC_INIT && rank != PROC_POSTCHILDINIT) {
- for(k = 0; k < tls_pthreads_key_mark; k++)
- pthread_setspecific(k, 0x0);
- LM_WARN("clean-up of thread-locals key < %d\n",
tls_pthreads_key_mark);
+ return mod_child_hook(&rank, NULL);
}
#ifdef KSR_SSL_COMMON
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
[sr-dev] git:master:ca87db75: core: revert tls_threads_mode=1
Module: kamailio Branch: master Commit: ca87db75102504eb29e802a0047cf22730dfc30e URL: https://github.com/kamailio/kamailio/commit/ca87db75102504eb29e802a0047cf22730dfc30e Author: S-P Chan Committer: S-P Chan Date: 2024-12-20T16:27:07+08:00 core: revert tls_threads_mode=1 --- Modified: src/core/globals.h Removed: src/core/rthreads.h --- Diff: https://github.com/kamailio/kamailio/commit/ca87db75102504eb29e802a0047cf22730dfc30e.diff Patch: https://github.com/kamailio/kamailio/commit/ca87db75102504eb29e802a0047cf22730dfc30e.patch ___ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
[sr-dev] git:master:92f17d2e: xcap_client: revert tls_threads_mode=1
Module: kamailio
Branch: master
Commit: 92f17d2e7945858cdfe40ab498fb7b046e02955a
URL:
https://github.com/kamailio/kamailio/commit/92f17d2e7945858cdfe40ab498fb7b046e02955a
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-20T16:27:07+08:00
xcap_client: revert tls_threads_mode=1
---
Modified: src/modules/xcap_client/xcap_client.c
---
Diff:
https://github.com/kamailio/kamailio/commit/92f17d2e7945858cdfe40ab498fb7b046e02955a.diff
Patch:
https://github.com/kamailio/kamailio/commit/92f17d2e7945858cdfe40ab498fb7b046e02955a.patch
---
diff --git a/src/modules/xcap_client/xcap_client.c
b/src/modules/xcap_client/xcap_client.c
index ce54162249e..602d74cea5e 100644
--- a/src/modules/xcap_client/xcap_client.c
+++ b/src/modules/xcap_client/xcap_client.c
@@ -43,9 +43,6 @@
#include "../../core/mem/shm_mem.h"
#include "../../core/rpc.h"
#include "../../core/rpc_lookup.h"
-#define KSR_RTHREAD_NEED_4L
-#define KSR_RTHREAD_SKIP_P
-#include "../../core/rthreads.h"
#include "../presence/utils_func.h"
#include "xcap_functions.h"
#include "xcap_client.h"
@@ -151,7 +148,7 @@ static int mod_init(void)
xcap_dbf.close(xcap_db);
xcap_db = NULL;
- run_thread4L((_thread_proto4L)curl_global_init, CURL_GLOBAL_ALL);
+ curl_global_init(CURL_GLOBAL_ALL);
if(periodical_query) {
register_timer(query_xcap_update, 0, query_period);
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
[sr-dev] git:master:ab6d46e6: outbound: revert tls_threads_mode=1
Module: kamailio
Branch: master
Commit: ab6d46e6ab08066021419154045da5c3f2721377
URL:
https://github.com/kamailio/kamailio/commit/ab6d46e6ab08066021419154045da5c3f2721377
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-20T16:27:07+08:00
outbound: revert tls_threads_mode=1
---
Modified: src/modules/outbound/outbound_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/ab6d46e6ab08066021419154045da5c3f2721377.diff
Patch:
https://github.com/kamailio/kamailio/commit/ab6d46e6ab08066021419154045da5c3f2721377.patch
---
diff --git a/src/modules/outbound/outbound_mod.c
b/src/modules/outbound/outbound_mod.c
index f64e2dfbe28..f3c80f18c15 100644
--- a/src/modules/outbound/outbound_mod.c
+++ b/src/modules/outbound/outbound_mod.c
@@ -42,10 +42,6 @@
#include "../../core/parser/parse_uri.h"
#include "../../core/parser/parse_supported.h"
-#define KSR_RTHREAD_SKIP_P
-#define KSR_RTHREAD_NEED_V
-#include "../../core/rthreads.h"
-
#include "api.h"
#include "config.h"
@@ -127,11 +123,7 @@ static int mod_init(void)
}
ob_key.len = OB_KEY_LEN;
-#if OPENSSL_VERSION_NUMBER < 0x010101000L
mod_init_openssl();
-#else
- run_threadV(mod_init_openssl);
-#endif
if(cfg_declare("outbound", outbound_cfg_def, &default_outbound_cfg,
cfg_sizeof(outbound), &outbound_cfg)) {
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
[sr-dev] git:master:a8c23061: db_unixodbc: revert tls_threads_mode=1
Module: kamailio
Branch: master
Commit: a8c23061bf2b9ce2240cd52e554b440cb996bc9e
URL:
https://github.com/kamailio/kamailio/commit/a8c23061bf2b9ce2240cd52e554b440cb996bc9e
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-20T16:27:07+08:00
db_unixodbc: revert tls_threads_mode=1
---
Modified: src/modules/db_unixodbc/dbase.c
---
Diff:
https://github.com/kamailio/kamailio/commit/a8c23061bf2b9ce2240cd52e554b440cb996bc9e.diff
Patch:
https://github.com/kamailio/kamailio/commit/a8c23061bf2b9ce2240cd52e554b440cb996bc9e.patch
---
diff --git a/src/modules/db_unixodbc/dbase.c b/src/modules/db_unixodbc/dbase.c
index 0637a1f6afd..11724a28b23 100644
--- a/src/modules/db_unixodbc/dbase.c
+++ b/src/modules/db_unixodbc/dbase.c
@@ -27,10 +27,6 @@
#include "../../core/mem/mem.h"
#include "../../core/dprint.h"
#include "../../core/async_task.h"
-#define KSR_RTHREAD_NEED_4PP
-#define KSR_RTHREAD_NEED_4P5I2P2
-#define KSR_RTHREAD_NEED_0P
-#include "../../core/rthreads.h"
#include "../../lib/srdb1/db_query.h"
#include "val.h"
#include "connection.h"
@@ -86,7 +82,7 @@ static int reconnect(const db1_con_t *_h)
/*
* Send an SQL query to the server
*/
-static int db_unixodbc_submit_query_impl(const db1_con_t *_h, const str *_s)
+static int db_unixodbc_submit_query(const db1_con_t *_h, const str *_s)
{
int ret = 0;
SQLCHAR sqlstate[7];
@@ -160,11 +156,6 @@ static int db_unixodbc_submit_query_impl(const db1_con_t
*_h, const str *_s)
return ret;
}
-static int db_unixodbc_submit_query(const db1_con_t *_h, const str *_s)
-{
- return run_thread4PP((_thread_proto4PP)db_unixodbc_submit_query_impl,
- (void *)_h, (void *)_s);
-}
/**
*
*/
@@ -238,9 +229,8 @@ extern char *db_unixodbc_tquote;
* Initialize database module
* No function should be called before this
*
- * Init libssl in a thread
- */
-static db1_con_t *db_unixodbc_init0(const str *_url)
+ */
+db1_con_t *db_unixodbc_init(const str *_url)
{
db1_con_t *c;
c = db_do_init(_url, (void *)db_unixodbc_new_connection);
@@ -249,23 +239,13 @@ static db1_con_t *db_unixodbc_init0(const str *_url)
return c;
}
-db1_con_t *db_unixodbc_init(const str *_url)
-{
- return run_threadP((_thread_proto)&db_unixodbc_init0, (void *)_url);
-}
-
/*
* Shut down database module
* No function should be called after this
*/
-static void db_unixodbc_close_impl(db1_con_t *_h)
-{
- return db_do_close(_h, db_unixodbc_free_connection);
-}
-
void db_unixodbc_close(db1_con_t *_h)
{
- run_thread0P((_thread_proto0P)db_unixodbc_close_impl, _h);
+ return db_do_close(_h, db_unixodbc_free_connection);
}
/*
@@ -308,7 +288,7 @@ static int db_unixodbc_store_result(const db1_con_t *_h,
db1_res_t **_r)
/*
* Release a result set from memory
*/
-static int db_unixodbc_free_result_impl(db1_con_t *_h, db1_res_t *_r)
+int db_unixodbc_free_result(db1_con_t *_h, db1_res_t *_r)
{
if((!_h) || (!_r)) {
LM_ERR("invalid parameter value\n");
@@ -324,12 +304,6 @@ static int db_unixodbc_free_result_impl(db1_con_t *_h,
db1_res_t *_r)
return 0;
}
-int db_unixodbc_free_result(db1_con_t *_h, db1_res_t *_r)
-{
- return run_thread4PP(
- (_thread_proto4PP)db_unixodbc_free_result_impl, _h, _r);
-}
-
/*
* Query table for specified rows
* _h: structure representing database connection
@@ -341,7 +315,7 @@ int db_unixodbc_free_result(db1_con_t *_h, db1_res_t *_r)
* _nc: number of columns to return
* _o: order by the specified column
*/
-static int db_unixodbc_query_impl(const db1_con_t *_h, const db_key_t *_k,
+int db_unixodbc_query(const db1_con_t *_h, const db_key_t *_k,
const db_op_t *_op, const db_val_t *_v, const db_key_t *_c,
const int _n, const int _nc, const db_key_t _o, db1_res_t **_r)
{
@@ -350,15 +324,6 @@ static int db_unixodbc_query_impl(const db1_con_t *_h,
const db_key_t *_k,
db_unixodbc_store_result);
}
-int db_unixodbc_query(const db1_con_t *_h, const db_key_t *_k,
- const db_op_t *_op, const db_val_t *_v, const db_key_t *_c,
- const int _n, const int _nc, const db_key_t _o, db1_res_t **_r)
-{
- return run_thread4P5I2P2((_thread_proto4P5I2P2)db_unixodbc_query_impl,
- (void *)_h, (void *)_k, (void *)_op, (void *)_v, (void
*)_c, _n,
- _nc, (void *)_o, (void *)_r);
-}
-
/*!
* \brief Gets a partial result set, fetch rows from a result
*
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
[sr-dev] git:master:de84212c: http_client: revert tls_threads_mode=1
Module: kamailio
Branch: master
Commit: de84212c4a43402ea094f1b38aed9ca09b0c89a5
URL:
https://github.com/kamailio/kamailio/commit/de84212c4a43402ea094f1b38aed9ca09b0c89a5
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-20T16:27:07+08:00
http_client: revert tls_threads_mode=1
---
Modified: src/modules/http_client/http_client.c
---
Diff:
https://github.com/kamailio/kamailio/commit/de84212c4a43402ea094f1b38aed9ca09b0c89a5.diff
Patch:
https://github.com/kamailio/kamailio/commit/de84212c4a43402ea094f1b38aed9ca09b0c89a5.patch
---
diff --git a/src/modules/http_client/http_client.c
b/src/modules/http_client/http_client.c
index a7de8ea51bd..6f2d54c94b5 100644
--- a/src/modules/http_client/http_client.c
+++ b/src/modules/http_client/http_client.c
@@ -64,9 +64,6 @@
#include "../../core/lvalue.h"
#include "../../core/pt.h" /* Process table */
#include "../../core/kemi.h"
-#define KSR_RTHREAD_NEED_4L
-#define KSR_RTHREAD_SKIP_P
-#include "../../core/rthreads.h"
#include "functions.h"
#include "curlcon.h"
@@ -305,7 +302,7 @@ static int mod_init(void)
LM_DBG("init curl module\n");
/* Initialize curl */
- if(run_thread4L((_thread_proto4L)&curl_global_init, CURL_GLOBAL_ALL)) {
+ if(curl_global_init(CURL_GLOBAL_ALL)) {
LM_ERR("curl_global_init failed\n");
return -1;
}
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
[sr-dev] git:master:7f33c48c: http_async_client: revert tls_threads_mode=1
Module: kamailio
Branch: master
Commit: 7f33c48cc788d4caea0b1e06748bae0e6a6e90fb
URL:
https://github.com/kamailio/kamailio/commit/7f33c48cc788d4caea0b1e06748bae0e6a6e90fb
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-20T16:27:07+08:00
http_async_client: revert tls_threads_mode=1
---
Modified: src/modules/http_async_client/http_async_client_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/7f33c48cc788d4caea0b1e06748bae0e6a6e90fb.diff
Patch:
https://github.com/kamailio/kamailio/commit/7f33c48cc788d4caea0b1e06748bae0e6a6e90fb.patch
---
diff --git a/src/modules/http_async_client/http_async_client_mod.c
b/src/modules/http_async_client/http_async_client_mod.c
index 0a9cbb0fbfb..b707cddb4a3 100644
--- a/src/modules/http_async_client/http_async_client_mod.c
+++ b/src/modules/http_async_client/http_async_client_mod.c
@@ -50,9 +50,6 @@
#include "../../core/cfg/cfg_struct.h"
#include "../../core/fmsg.h"
#include "../../core/kemi.h"
-#define KSR_RTHREAD_NEED_V
-#define KSR_RTHREAD_SKIP_P
-#include "../../core/rthreads.h"
#include "../../modules/tm/tm_load.h"
#include "../../modules/pv/pv_api.h"
@@ -294,7 +291,7 @@ static int mod_init(void)
return -1;
}
- run_threadV((_thread_protoV)&set_curl_mem_callbacks);
+ set_curl_mem_callbacks();
/* init faked sip msg */
if(faked_msg_init() < 0) {
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
[sr-dev] git:master:b7694edb: db_postgres: revert tls_threads_mode=1
Module: kamailio
Branch: master
Commit: b7694edb65db852ee5a935fbbfe6f9d8c05fa508
URL:
https://github.com/kamailio/kamailio/commit/b7694edb65db852ee5a935fbbfe6f9d8c05fa508
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-20T16:27:07+08:00
db_postgres: revert tls_threads_mode=1
---
Modified: src/modules/db_postgres/km_dbase.c
---
Diff:
https://github.com/kamailio/kamailio/commit/b7694edb65db852ee5a935fbbfe6f9d8c05fa508.diff
Patch:
https://github.com/kamailio/kamailio/commit/b7694edb65db852ee5a935fbbfe6f9d8c05fa508.patch
---
diff --git a/src/modules/db_postgres/km_dbase.c
b/src/modules/db_postgres/km_dbase.c
index b816599096a..8cb92a1d1e5 100644
--- a/src/modules/db_postgres/km_dbase.c
+++ b/src/modules/db_postgres/km_dbase.c
@@ -45,10 +45,6 @@
#include "../../core/locking.h"
#include "../../core/hashes.h"
#include "../../core/clist.h"
-#define KSR_RTHREAD_NEED_PI
-#define KSR_RTHREAD_NEED_4PP
-#define KSR_RTHREAD_NEED_0P
-#include "../../core/rthreads.h"
#include "km_dbase.h"
#include "km_pg_con.h"
#include "km_val.h"
@@ -115,17 +111,12 @@ static void db_postgres_free_query(const db1_con_t *_con);
* \return database connection on success, NULL on error
* \note this function must be called prior to any database functions
*
- * Init libssl in a thread
*/
-static db1_con_t *db_postgres_init0(const str *_url)
+db1_con_t *db_postgres_init(const str *_url)
{
return db_do_init(_url, (void *)db_postgres_new_connection);
}
-db1_con_t *db_postgres_init(const str *_url)
-{
- return run_threadP((_thread_proto)db_postgres_init0, (void *)_url);
-}
/*!
* \brief Initialize database for future queries, specify pooling
* \param _url URL of the database that should be opened
@@ -135,39 +126,28 @@ db1_con_t *db_postgres_init(const str *_url)
*
* Init libssl in thread
*/
-static db1_con_t *db_postgres_init2_impl(const str *_url, db_pooling_t pooling)
+db1_con_t *db_postgres_init2(const str *_url, db_pooling_t pooling)
{
return db_do_init2(_url, (void *)db_postgres_new_connection, pooling);
}
-db1_con_t *db_postgres_init2(const str *_url, db_pooling_t pooling)
-{
- return run_threadPI(
- (_thread_protoPI)db_postgres_init2_impl, (void *)_url,
pooling);
-}
/*!
* \brief Close database when the database is no longer needed
* \param _h closed connection, as returned from db_postgres_init
* \note free all memory and resources
*/
-static void db_postgres_close_impl(db1_con_t *_h)
-{
- db_do_close(_h, db_postgres_free_connection);
-}
-
void db_postgres_close(db1_con_t *_h)
{
- run_thread0P((_thread_proto0P)db_postgres_close_impl, _h);
+ db_do_close(_h, db_postgres_free_connection);
}
-
/*!
* \brief Submit_query, run a query
* \param _con database connection
* \param _s query string
* \return 0 on success, negative on failure
*/
-static int db_postgres_submit_query_impl(const db1_con_t *_con, const str *_s)
+static int db_postgres_submit_query(const db1_con_t *_con, const str *_s)
{
char *s = NULL;
int i, retries;
@@ -295,12 +275,6 @@ static int db_postgres_submit_query_impl(const db1_con_t
*_con, const str *_s)
return -1;
}
-static int db_postgres_submit_query(const db1_con_t *_con, const str *_s)
-{
- return run_thread4PP((_thread_proto4PP)db_postgres_submit_query_impl,
- (void *)_con, (void *)_s);
-}
-
void db_postgres_async_exec_task(void *param)
{
str *p;
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
[sr-dev] git:master:50042a4a: db_mysql: revert tls_threads_mode=1
Module: kamailio
Branch: master
Commit: 50042a4a21318f9b89cd1b5d35c04800ef2cbec5
URL:
https://github.com/kamailio/kamailio/commit/50042a4a21318f9b89cd1b5d35c04800ef2cbec5
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-20T16:27:07+08:00
db_mysql: revert tls_threads_mode=1
---
Modified: src/modules/db_mysql/km_dbase.c
---
Diff:
https://github.com/kamailio/kamailio/commit/50042a4a21318f9b89cd1b5d35c04800ef2cbec5.diff
Patch:
https://github.com/kamailio/kamailio/commit/50042a4a21318f9b89cd1b5d35c04800ef2cbec5.patch
---
diff --git a/src/modules/db_mysql/km_dbase.c b/src/modules/db_mysql/km_dbase.c
index b97f0f2cd4b..6e034b689f1 100644
--- a/src/modules/db_mysql/km_dbase.c
+++ b/src/modules/db_mysql/km_dbase.c
@@ -41,10 +41,6 @@
#include "../../core/dprint.h"
#include "../../core/async_task.h"
-#define KSR_RTHREAD_NEED_4PP
-#define KSR_RTHREAD_NEED_0P
-#define KSR_RTHREAD_NEED_4P5I2P2
-#include "../../core/rthreads.h"
#include "../../lib/srdb1/db_query.h"
#include "../../lib/srdb1/db_ut.h"
#include "db_mysql.h"
@@ -73,7 +69,7 @@ static char *mysql_sql_buf;
* \param _s executed query
* \return zero on success, negative value on failure
*/
-static int db_mysql_submit_query_impl(const db1_con_t *_h, const str *_s)
+static int db_mysql_submit_query(const db1_con_t *_h, const str *_s)
{
time_t t;
int i, code;
@@ -133,12 +129,6 @@ static int db_mysql_submit_query_impl(const db1_con_t *_h,
const str *_s)
return -2;
}
-
-static int db_mysql_submit_query(const db1_con_t *_h, const str *_s)
-{
- return run_thread4PP((_thread_proto4PP)db_mysql_submit_query_impl,
- (void *)_h, (void *)_s);
-}
/**
*
*/
@@ -210,9 +200,8 @@ static char *db_mysql_tquote = "`";
* \param _url URL used for initialization
* \return zero on success, negative value on failure
*
- * Init libssl in a thread
*/
-static db1_con_t *db_mysql_init0(const str *_url)
+db1_con_t *db_mysql_init(const str *_url)
{
db1_con_t *c;
c = db_do_init(_url, (void *)db_mysql_new_connection);
@@ -221,28 +210,17 @@ static db1_con_t *db_mysql_init0(const str *_url)
return c;
}
-
-db1_con_t *db_mysql_init(const str *_url)
-{
- return run_threadP((_thread_proto)db_mysql_init0, (void *)_url);
-}
/**
* Shut down the database module.
* No function should be called after this
* \param _h handle to the closed connection
* \return zero on success, negative value on failure
*/
-static void db_mysql_close_impl(db1_con_t *_h)
-{
- db_do_close(_h, db_mysql_free_connection);
-}
-
void db_mysql_close(db1_con_t *_h)
{
- run_thread0P((_thread_proto0P)db_mysql_close_impl, _h);
+ db_do_close(_h, db_mysql_free_connection);
}
-
/**
* Retrieve a result set
* \param _h handle to the database
@@ -290,7 +268,7 @@ static int db_mysql_store_result(const db1_con_t *_h,
db1_res_t **_r)
* and *_r */
db_mysql_free_result(_h, *_r);
*_r = 0;
-#if(MYSQL_VERSION_ID >= 40100)
+#if (MYSQL_VERSION_ID >= 40100)
while(mysql_more_results(CON_CONNECTION(_h))
&& mysql_next_result(CON_CONNECTION(_h)) == 0) {
MYSQL_RES *res = mysql_store_result(CON_CONNECTION(_h));
@@ -301,7 +279,7 @@ static int db_mysql_store_result(const db1_con_t *_h,
db1_res_t **_r)
}
done:
-#if(MYSQL_VERSION_ID >= 40100)
+#if (MYSQL_VERSION_ID >= 40100)
while(mysql_more_results(CON_CONNECTION(_h))
&& mysql_next_result(CON_CONNECTION(_h)) == 0) {
MYSQL_RES *res = mysql_store_result(CON_CONNECTION(_h));
@@ -356,7 +334,7 @@ int db_mysql_free_result(const db1_con_t *_h, db1_res_t *_r)
* this function observed to invoke SSL_read() under libmysqlclient.so.21
* but not libmariadb.so.3; apply libssl guard
*/
-static int db_mysql_query_impl(const db1_con_t *_h, const db_key_t *_k,
+int db_mysql_query(const db1_con_t *_h, const db_key_t *_k,
const db_op_t *_op, const db_val_t *_v, const db_key_t *_c,
const int _n, const int _nc, const db_key_t _o, db1_res_t **_r)
{
@@ -364,15 +342,6 @@ static int db_mysql_query_impl(const db1_con_t *_h, const
db_key_t *_k,
db_mysql_submit_query, db_mysql_store_result);
}
-int db_mysql_query(const db1_con_t *_h, const db_key_t *_k, const db_op_t *_op,
- const db_val_t *_v, const db_key_t *_c, const int _n, const int
_nc,
- const db_key_t _o, db1_res_t **_r)
-{
- return run_thread4P5I2P2((_thread_proto4P5I2P2)&db_mysql_query_impl,
- (void *)_h, (void *)_k, (void *)_op, (void *)_v, (void
*)_c, _n,
- _nc, (void *)_o, (void *)_r);
-}
-
/**
* \brief Gets a partial result set, fetch rows from a result
*
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe se
[sr-dev] git:5.8:1e6738e7: tls_wolfssl: update internal submodule to v5.7.4-stable tag
Module: kamailio Branch: 5.8 Commit: 1e6738e7f2c554ffa16e11125673c7ea4e092935 URL: https://github.com/kamailio/kamailio/commit/1e6738e7f2c554ffa16e11125673c7ea4e092935 Author: S-P Chan Committer: S-P Chan Date: 2024-12-20T09:02:49+08:00 tls_wolfssl: update internal submodule to v5.7.4-stable tag --- Modified: misc/external/wolfssl/wolfssl --- Diff: https://github.com/kamailio/kamailio/commit/1e6738e7f2c554ffa16e11125673c7ea4e092935.diff Patch: https://github.com/kamailio/kamailio/commit/1e6738e7f2c554ffa16e11125673c7ea4e092935.patch --- diff --git a/misc/external/wolfssl/wolfssl b/misc/external/wolfssl/wolfssl index 66596ad9e1d..bdd62314f00 16 --- a/misc/external/wolfssl/wolfssl +++ b/misc/external/wolfssl/wolfssl @@ -1 +1 @@ -Subproject commit 66596ad9e1d7efa8479656872cf09c9c1870a02e +Subproject commit bdd62314f00fca0e216bf8c963c8eeff6327e0cb ___ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
[sr-dev] git:master:aa41dd85: tls_wolfssl: update internal submodule to v5.7.4-stable tag
Module: kamailio Branch: master Commit: aa41dd85ed5420f1fff3c6870eb1e5c3b8810f11 URL: https://github.com/kamailio/kamailio/commit/aa41dd85ed5420f1fff3c6870eb1e5c3b8810f11 Author: S-P Chan Committer: S-P Chan Date: 2024-12-17T23:44:45+08:00 tls_wolfssl: update internal submodule to v5.7.4-stable tag --- Modified: misc/external/wolfssl/wolfssl --- Diff: https://github.com/kamailio/kamailio/commit/aa41dd85ed5420f1fff3c6870eb1e5c3b8810f11.diff Patch: https://github.com/kamailio/kamailio/commit/aa41dd85ed5420f1fff3c6870eb1e5c3b8810f11.patch --- diff --git a/misc/external/wolfssl/wolfssl b/misc/external/wolfssl/wolfssl index 00e42151ca0..bdd62314f00 16 --- a/misc/external/wolfssl/wolfssl +++ b/misc/external/wolfssl/wolfssl @@ -1 +1 @@ -Subproject commit 00e42151ca061463ba6a95adb2290f678cbca472 +Subproject commit bdd62314f00fca0e216bf8c963c8eeff6327e0cb ___ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
[sr-dev] git:master:684533d0: tls: update docs about thread-locals
Module: kamailio
Branch: master
Commit: 684533d099d304091082fd8a130619a4c5550a80
URL:
https://github.com/kamailio/kamailio/commit/684533d099d304091082fd8a130619a4c5550a80
Author: S-P Chan
Committer: S-P Chan
Date: 2024-12-05T09:28:07+08:00
tls: update docs about thread-locals
---
Modified: src/modules/tls/OpenSSL3-README.md
---
Diff:
https://github.com/kamailio/kamailio/commit/684533d099d304091082fd8a130619a4c5550a80.diff
Patch:
https://github.com/kamailio/kamailio/commit/684533d099d304091082fd8a130619a4c5550a80.patch
---
diff --git a/src/modules/tls/OpenSSL3-README.md
b/src/modules/tls/OpenSSL3-README.md
index 6b6a7814129..ccc59957869 100644
--- a/src/modules/tls/OpenSSL3-README.md
+++ b/src/modules/tls/OpenSSL3-README.md
@@ -52,4 +52,99 @@ It is assumed that all `pthread_key_t` values at the
high-water mark or greater
by non-OpenSSL libraries. During fork, tls.so will clear all thread-locals up
to the high-water
mark.
-
+## Update
+@meengu(github) has an alternate solution from this
[issue](https://github.com/OpenSIPS/opensips/issues/3388)
+The diff is included here for future reference. It may prove useful if the
current
+solution fails in later versions of OpenSSL.
+
+From 84b4df66853506ce8d4853ec0fbcb25545a67a54 Mon Sep 17 00:00:00 2001
+From: Ondrej Jirman
+Date: Mon, 13 May 2024 17:34:52 +0200
+Subject: [PATCH] Fix openssl TLS data corruption in shared memory by
workers
+
+The problem is that somet TLS state is shared among workers but should
+not be. We solve this by clearing the relevant TLS data after fork in the
+child process.
+
+We identify the data to clear by asking OPENSSL itself for the pointers,
+and then searching through the first 32 TLS items.
+
+Signed-off-by: Ondrej Jirman
+---
+ modules/tls_openssl/openssl.c | 47 +++
+ 1 file changed, 47 insertions(+)
+
+diff --git a/modules/tls_openssl/openssl.c b/modules/tls_openssl/openssl.c
+index 522b68258527..067865eef20f 100644
+--- a/modules/tls_openssl/openssl.c
++++ b/modules/tls_openssl/openssl.c
+@@ -29,6 +29,9 @@
+ #include
+ #include
+ #include
++#if OPENSSL_VERSION_NUMBER < 0x3000L
++#include
++#endif
+
+ #include "../../dprint.h"
+ #include "../../mem/shm_mem.h"
+@@ -188,6 +191,48 @@ static int check_for_krb(void)
+ }
+ #endif
+
++static void clean_openssl_locals(void)
++{
++#if OPENSSL_VERSION_NUMBER < 0x3000L
++ ERR_STATE *es = ERR_get_state();
++ RAND_DRBG *r0 = RAND_DRBG_get0_public();
++ RAND_DRBG *r1 = RAND_DRBG_get0_private();
++
++ for(int k = 0; k < 32; k++) {
++ void* p = pthread_getspecific(k);
++ if (p && p == es) {
++ pthread_setspecific(k, NULL);
++ ERR_clear_error();
++ } else if (p && p == r0) {
++ pthread_setspecific(k, NULL);
++ RAND_DRBG_get0_public();
++ } else if (p && p == r1) {
++ pthread_setspecific(k, NULL);
++ RAND_DRBG_get0_private();
++ }
++ }
++#else
++ OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_get0_global_default();
++ ERR_STATE *es = ERR_get_state();
++ EVP_RAND_CTX *r0 = RAND_get0_public(ctx);
++ EVP_RAND_CTX *r1 = RAND_get0_private(ctx);
++
++ for(int k = 0; k < 32; k++) {
++ void* p = pthread_getspecific(k);
++ if (p && p == es) {
++ pthread_setspecific(k, NULL);
++ ERR_clear_error();
++ } else if (p && p == r0) {
++ pthread_setspecific(k, NULL);
++ RAND_get0_public(ctx);
++ } else if (p && p == r1) {
++ pthread_setspecific(k, NULL);
++ RAND_get0_private(ctx);
++ }
++ }
++#endif
++}
++
+ /*
+ * initialize ssl methods
+ */
+@@ -297,6 +342,8 @@ static int mod_init(void)
+on_exit(openssl_on_exit, NULL);
+ #endif
+
++ pthread_atfork(NULL, NULL, clean_openssl_locals);
++
+return 0;
+ }
+
+--
+2.45.0
___
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
[sr-dev] git:master:62b4ee4a: app_python3s: refactor GIL and thread state handling
Module: kamailio Branch: master Commit: 62b4ee4a0d0b62b35c8bdf67e5daf9cbe9a28499 URL: https://github.com/kamailio/kamailio/commit/62b4ee4a0d0b62b35c8bdf67e5daf9cbe9a28499 Author: S-P Chan Committer: S-P Chan Date: 2024-10-19T10:15:34+08:00 app_python3s: refactor GIL and thread state handling * incorrectly using PyGILState_XXX functions; these functions are for threads launched by Python unaware libraries * if the KEMI script used Python threading these threads would be blocked after returning to the Kamailio event loop as the GIL was not released Fix is to use Py_BLOCK|UNBLOCK_THREADS macros --- Modified: src/modules/app_python3s/app_python3s_mod.c Modified: src/modules/app_python3s/apy3s_kemi.c --- Diff: https://github.com/kamailio/kamailio/commit/62b4ee4a0d0b62b35c8bdf67e5daf9cbe9a28499.diff Patch: https://github.com/kamailio/kamailio/commit/62b4ee4a0d0b62b35c8bdf67e5daf9cbe9a28499.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:c81b2b33: app_python3s: initial support for free-threading Python
Module: kamailio Branch: master Commit: c81b2b3383c5900aba83672da024c812d8e6d89d URL: https://github.com/kamailio/kamailio/commit/c81b2b3383c5900aba83672da024c812d8e6d89d Author: S-P Chan Committer: S-P Chan Date: 2024-10-19T10:15:34+08:00 app_python3s: initial support for free-threading Python * build the modules as free-threading compatible if free-threading Python is detected * can be gated by -DKSR_PYTHON_DISABLE_FREETHREADING --- Modified: src/modules/app_python3s/apy3s_kemi.c --- Diff: https://github.com/kamailio/kamailio/commit/c81b2b3383c5900aba83672da024c812d8e6d89d.diff Patch: https://github.com/kamailio/kamailio/commit/c81b2b3383c5900aba83672da024c812d8e6d89d.patch --- diff --git a/src/modules/app_python3s/apy3s_kemi.c b/src/modules/app_python3s/apy3s_kemi.c index 38c67b9e1d5..0fb7879ef6b 100644 --- a/src/modules/app_python3s/apy3s_kemi.c +++ b/src/modules/app_python3s/apy3s_kemi.c @@ -746,6 +746,11 @@ static PyObject *init_KSR(void) /* special sub-modules - x.modf() can have variable number of params */ _sr_apy_ksr_modules_list[m] = PyModule_Create(&KSR_x_moduledef); PyModule_AddObject(_sr_apy_ksr_module, "x", _sr_apy_ksr_modules_list[m]); +#if defined(Py_GIL_DISABLED) && !defined(KSR_PYTHON_DISABLE_FREETHREADING) +#warning Python Free Threading build + PyUnstable_Module_SetGIL(_sr_apy_ksr_module, Py_MOD_GIL_NOT_USED); + PyUnstable_Module_SetGIL(_sr_apy_ksr_modules_list[m], Py_MOD_GIL_NOT_USED); +#endif Py_INCREF(_sr_apy_ksr_modules_list[m]); m++; @@ -781,6 +786,11 @@ static PyObject *init_KSR(void) mmodule->m_size = -1; _sr_apy_ksr_modules_list[m] = PyModule_Create(mmodule); +#if defined(Py_GIL_DISABLED) && !defined(KSR_PYTHON_DISABLE_FREETHREADING) +#warning Python Free Threading build + PyUnstable_Module_SetGIL( + _sr_apy_ksr_modules_list[m], Py_MOD_GIL_NOT_USED); +#endif PyModule_AddObject(_sr_apy_ksr_module, emods[k].kexp[0].mname.s, _sr_apy_ksr_modules_list[m]); Py_INCREF(_sr_apy_ksr_modules_list[m]); ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:4d87f292: app_python3: bump to 3.12 for el8/el9
Module: kamailio
Branch: master
Commit: 4d87f29248d36d873784827204f272116050343d
URL:
https://github.com/kamailio/kamailio/commit/4d87f29248d36d873784827204f272116050343d
Author: S-P Chan
Committer: S-P Chan
Date: 2024-08-29T16:27:44+08:00
app_python3: bump to 3.12 for el8/el9
---
Modified: pkg/kamailio/obs/kamailio.spec
---
Diff:
https://github.com/kamailio/kamailio/commit/4d87f29248d36d873784827204f272116050343d.diff
Patch:
https://github.com/kamailio/kamailio/commit/4d87f29248d36d873784827204f272116050343d.patch
---
diff --git a/pkg/kamailio/obs/kamailio.spec b/pkg/kamailio/obs/kamailio.spec
index a9a33082316..f642623b4eb 100644
--- a/pkg/kamailio/obs/kamailio.spec
+++ b/pkg/kamailio/obs/kamailio.spec
@@ -812,9 +812,9 @@ Requires: python2, kamailio = %ver
BuildRequires: python2, python2-devel
%endif
%if %{with python3}
-%if 0%{?rhel} == 8
-Requires: python39, kamailio = %ver
-BuildRequires: python39, python39-devel
+%if 0%{?rhel} == 8 || 0%{?rhel} == 9
+Requires: python3.12, kamailio = %ver
+BuildRequires: python3.12, python3.12-devel
%else
Requires: python3, kamailio = %ver
BuildRequires: python3, python3-devel
@@ -1212,7 +1212,7 @@ make every-module skip_modules="app_mono db_cassandra
db_oracle iptrtpproxy \
FREERADIUS=1 \
%endif
%if 0%{?rhel} >= 8
-PYTHON3=python3.9 \
+PYTHON3=python3.12 \
%endif
WOLFSSL_INTERNAL=no \
group_include="kstandard kautheph kberkeley kcarrierroute \
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:fe56aa38: tls_wolfssl: legacy clean-up
Module: kamailio
Branch: master
Commit: fe56aa38a88a9961141bbcc2fc26d384af63734e
URL:
https://github.com/kamailio/kamailio/commit/fe56aa38a88a9961141bbcc2fc26d384af63734e
Author: S-P Chan
Committer: S-P Chan
Date: 2024-07-30T19:47:06+08:00
tls_wolfssl: legacy clean-up
---
Modified: src/modules/tls_wolfssl/tls_init.c
Modified: src/modules/tls_wolfssl/tls_wolfssl_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/fe56aa38a88a9961141bbcc2fc26d384af63734e.diff
Patch:
https://github.com/kamailio/kamailio/commit/fe56aa38a88a9961141bbcc2fc26d384af63734e.patch
---
diff --git a/src/modules/tls_wolfssl/tls_init.c
b/src/modules/tls_wolfssl/tls_init.c
index 2c8c4a4965c..8f2f994e961 100644
--- a/src/modules/tls_wolfssl/tls_init.c
+++ b/src/modules/tls_wolfssl/tls_init.c
@@ -221,7 +221,6 @@ static void *ser_realloc(void *ptr, size_t size, const char
*file, int line)
#endif
return p;
}
-
#else /*TLS_MALLOC_DBG */
static void *ser_malloc(size_t size)
{
@@ -234,6 +233,7 @@ static void *ser_realloc(void *ptr, size_t size)
}
#endif
+
static void ser_free(void *ptr)
{
if(ptr) {
@@ -241,45 +241,6 @@ static void ser_free(void *ptr)
}
}
-#if 0
-// up align memory allocations to 16 bytes for
-// wolfSSL --enable-aligndata=yes (the default)
-static const int MAX_ALIGN = __alignof__(max_align_t);
-
-static void* ser_malloc(size_t size)
-{
- char* ptr = shm_malloc(size + MAX_ALIGN);
- int pad = MAX_ALIGN - ((long) ptr % MAX_ALIGN); // 8 or 16 bytes
-
- memset(ptr, pad, pad);
- return ptr + pad;
-}
-
-static void* ser_realloc(void *ptr, size_t new_size)
-{
- if(!ptr) return ser_malloc(new_size);
-
- int pad = *((char*)ptr - 1); // 8 or 16 bytes
- char *real_ptr = (char*)ptr - pad;
-
- char *new_ptr = shm_realloc(real_ptr, new_size+MAX_ALIGN);
- int new_pad = MAX_ALIGN - ((long) new_ptr % MAX_ALIGN);
- if (new_pad != pad) {
- memmove(new_ptr + new_pad, new_ptr + pad, new_size);
- memset(new_ptr, new_pad, new_pad);
- }
-
- return new_ptr + new_pad;
-}
-
-static void ser_free(void *ptr)
-{
- if (ptr) {
- int pad = *((unsigned char *)ptr - 1);
- shm_free((unsigned char*)ptr - pad);
- }
-}
-#endif
/*
* Initialize TLS socket
diff --git a/src/modules/tls_wolfssl/tls_wolfssl_mod.c
b/src/modules/tls_wolfssl/tls_wolfssl_mod.c
index e95cecb7be5..9a195b76b39 100644
--- a/src/modules/tls_wolfssl/tls_wolfssl_mod.c
+++ b/src/modules/tls_wolfssl/tls_wolfssl_mod.c
@@ -262,22 +262,6 @@ static struct tls_hooks tls_h = {
};
-#if 0
-/*
- * Create TLS configuration from modparams
- */
-static tls_domains_cfg_t* tls_use_modparams(void)
-{
- tls_domains_cfg_t* ret;
-
- ret = tls_new_cfg();
- if (!ret) return;
-
-
-}
-#endif
-
-
static int mod_init(void)
{
int method;
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:280c6cd0: tls_wolfssl: Makefile logging: reduce to info level
Module: kamailio Branch: master Commit: 280c6cd0fac7be75dede54c8e4a96ccf03312371 URL: https://github.com/kamailio/kamailio/commit/280c6cd0fac7be75dede54c8e4a96ccf03312371 Author: S-P Chan Committer: S-P Chan Date: 2024-07-30T07:39:57+08:00 tls_wolfssl: Makefile logging: reduce to info level --- Modified: src/modules/tls_wolfssl/Makefile --- Diff: https://github.com/kamailio/kamailio/commit/280c6cd0fac7be75dede54c8e4a96ccf03312371.diff Patch: https://github.com/kamailio/kamailio/commit/280c6cd0fac7be75dede54c8e4a96ccf03312371.patch --- diff --git a/src/modules/tls_wolfssl/Makefile b/src/modules/tls_wolfssl/Makefile index dda5ad4779e..e327def77c1 100644 --- a/src/modules/tls_wolfssl/Makefile +++ b/src/modules/tls_wolfssl/Makefile @@ -62,4 +62,4 @@ clean-all: clean-wolfssl clean-module .PHONY: clean-wolfssl clean-module clean-all # debugging for dependency on lib/wolfssl -$(warning sources = $(sources), auto_gen = $(auto_gen), objs = $(objs)) +$(info sources = $(sources), auto_gen = $(auto_gen), objs = $(objs)) ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:f4e14a94: tls_wolfssl: upstream v5.7.2-stable
Module: kamailio Branch: master Commit: f4e14a945d69e1555aa76431202693f0c855c916 URL: https://github.com/kamailio/kamailio/commit/f4e14a945d69e1555aa76431202693f0c855c916 Author: S-P Chan Committer: S-P Chan Date: 2024-07-30T07:43:14+08:00 tls_wolfssl: upstream v5.7.2-stable --- Modified: misc/external/wolfssl/wolfssl --- Diff: https://github.com/kamailio/kamailio/commit/f4e14a945d69e1555aa76431202693f0c855c916.diff Patch: https://github.com/kamailio/kamailio/commit/f4e14a945d69e1555aa76431202693f0c855c916.patch --- diff --git a/misc/external/wolfssl/wolfssl b/misc/external/wolfssl/wolfssl index 66596ad9e1d..00e42151ca0 16 --- a/misc/external/wolfssl/wolfssl +++ b/misc/external/wolfssl/wolfssl @@ -1 +1 @@ -Subproject commit 66596ad9e1d7efa8479656872cf09c9c1870a02e +Subproject commit 00e42151ca061463ba6a95adb2290f678cbca472 ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:dbe51dc4: db_mysql: fix check for enum MYSQL_OPT_SSL_CA for CentOS 7/5.5.x
Module: kamailio
Branch: 5.8
Commit: dbe51dc4ee53f6e4f00450745db709a9d741c481
URL:
https://github.com/kamailio/kamailio/commit/dbe51dc4ee53f6e4f00450745db709a9d741c481
Author: S-P Chan
Committer: S-P Chan
Date: 2024-07-09T13:40:05+08:00
db_mysql: fix check for enum MYSQL_OPT_SSL_CA for CentOS 7/5.5.x
- MYSQL_OPT_SSL_CA is an enum not a macro
- base check on MYSQL_VERSION_ID - 50568 used in CentOS 7
Addresses #3910
(cherry-picked from commit 92cfedaaffb034db536f3bcf68695b433db92706)
---
Modified: src/modules/db_mysql/km_my_con.c
---
Diff:
https://github.com/kamailio/kamailio/commit/dbe51dc4ee53f6e4f00450745db709a9d741c481.diff
Patch:
https://github.com/kamailio/kamailio/commit/dbe51dc4ee53f6e4f00450745db709a9d741c481.patch
---
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index 240d3f59a76..37508ce24c0 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -179,14 +179,14 @@ struct my_con *db_mysql_new_connection(const struct db_id
*id)
#endif /* MYSQL_VERSION_ID */
#endif /* MARIADB_BASE_VERSION */
-#ifdef MYSQL_OPT_SSL_CA
+#if(MYSQL_VERSION_ID >= 50600)
if(db_mysql_opt_ssl_ca)
mysql_options(
ptr->con, MYSQL_OPT_SSL_CA, (const void
*)db_mysql_opt_ssl_ca);
#else
- LM_DBG("opt_ssl_ca option not supported by mysql version (value %s) - "
+ LM_DBG("opt_ssl_ca option not supported by mysql version (value %d) - "
"ignoring\n",
- db_mysql_opt_ssl_ca);
+ MYSQL_VERSION_ID);
#endif /* MYSQL_OPT_SSL_CA */
#ifdef KSR_MYSQL_OPT_RECONNECT
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:0fc0c7b3: Revert "db_mysql: fix check for enum MYSQL_OPT_SSL_CA for CentOS 7/5.5.x"
Module: kamailio
Branch: master
Commit: 0fc0c7b3d3d6ded300c46f504406447670fee4e8
URL:
https://github.com/kamailio/kamailio/commit/0fc0c7b3d3d6ded300c46f504406447670fee4e8
Author: S-P Chan
Committer: S-P Chan
Date: 2024-07-09T10:50:14+08:00
Revert "db_mysql: fix check for enum MYSQL_OPT_SSL_CA for CentOS 7/5.5.x"
This reverts commit 5b2be5e2c716ad8f8502b3be3db5194eb8474d39.
The commit should check >= not <
---
Modified: src/modules/db_mysql/km_my_con.c
---
Diff:
https://github.com/kamailio/kamailio/commit/0fc0c7b3d3d6ded300c46f504406447670fee4e8.diff
Patch:
https://github.com/kamailio/kamailio/commit/0fc0c7b3d3d6ded300c46f504406447670fee4e8.patch
---
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index 21ac5023c81..240d3f59a76 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -179,15 +179,15 @@ struct my_con *db_mysql_new_connection(const struct db_id
*id)
#endif /* MYSQL_VERSION_ID */
#endif /* MARIADB_BASE_VERSION */
-#if(MYSQL_VERSION_ID < 50600)
+#ifdef MYSQL_OPT_SSL_CA
if(db_mysql_opt_ssl_ca)
mysql_options(
ptr->con, MYSQL_OPT_SSL_CA, (const void
*)db_mysql_opt_ssl_ca);
#else
- LM_DBG("opt_ssl_ca option not supported by mysql version (value %s:%d)
- "
+ LM_DBG("opt_ssl_ca option not supported by mysql version (value %s) - "
"ignoring\n",
- MYSQL_SERVER_VERSION, MYSQL_VERSION_ID);
-#endif /* MYSQL_VERSION_ID */
+ db_mysql_opt_ssl_ca);
+#endif /* MYSQL_OPT_SSL_CA */
#ifdef KSR_MYSQL_OPT_RECONNECT
/* set reconnect flag if enabled */
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:92cfedaa: db_mysql: fix check for enum MYSQL_OPT_SSL_CA for CentOS 7/5.5.x
Module: kamailio
Branch: master
Commit: 92cfedaaffb034db536f3bcf68695b433db92706
URL:
https://github.com/kamailio/kamailio/commit/92cfedaaffb034db536f3bcf68695b433db92706
Author: S-P Chan
Committer: S-P Chan
Date: 2024-07-09T10:53:07+08:00
db_mysql: fix check for enum MYSQL_OPT_SSL_CA for CentOS 7/5.5.x
- MYSQL_OPT_SSL_CA is an enum not a macro
- base check on MYSQL_VERSION_ID - 50568 used in CentOS 7
Addresses #3910
---
Modified: src/modules/db_mysql/km_my_con.c
---
Diff:
https://github.com/kamailio/kamailio/commit/92cfedaaffb034db536f3bcf68695b433db92706.diff
Patch:
https://github.com/kamailio/kamailio/commit/92cfedaaffb034db536f3bcf68695b433db92706.patch
---
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index 240d3f59a76..37508ce24c0 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -179,14 +179,14 @@ struct my_con *db_mysql_new_connection(const struct db_id
*id)
#endif /* MYSQL_VERSION_ID */
#endif /* MARIADB_BASE_VERSION */
-#ifdef MYSQL_OPT_SSL_CA
+#if(MYSQL_VERSION_ID >= 50600)
if(db_mysql_opt_ssl_ca)
mysql_options(
ptr->con, MYSQL_OPT_SSL_CA, (const void
*)db_mysql_opt_ssl_ca);
#else
- LM_DBG("opt_ssl_ca option not supported by mysql version (value %s) - "
+ LM_DBG("opt_ssl_ca option not supported by mysql version (value %d) - "
"ignoring\n",
- db_mysql_opt_ssl_ca);
+ MYSQL_VERSION_ID);
#endif /* MYSQL_OPT_SSL_CA */
#ifdef KSR_MYSQL_OPT_RECONNECT
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:5b2be5e2: db_mysql: fix check for enum MYSQL_OPT_SSL_CA for CentOS 7/5.5.x
Module: kamailio
Branch: master
Commit: 5b2be5e2c716ad8f8502b3be3db5194eb8474d39
URL:
https://github.com/kamailio/kamailio/commit/5b2be5e2c716ad8f8502b3be3db5194eb8474d39
Author: S-P Chan
Committer: S-P Chan
Date: 2024-07-09T10:38:44+08:00
db_mysql: fix check for enum MYSQL_OPT_SSL_CA for CentOS 7/5.5.x
- MYSQL_OPT_SSL_CA is an enum not a macro
- base check on MYSQL_VERSION_ID - 50568 used in CentOS 7
Addresses #3910
---
Modified: src/modules/db_mysql/km_my_con.c
---
Diff:
https://github.com/kamailio/kamailio/commit/5b2be5e2c716ad8f8502b3be3db5194eb8474d39.diff
Patch:
https://github.com/kamailio/kamailio/commit/5b2be5e2c716ad8f8502b3be3db5194eb8474d39.patch
---
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index 240d3f59a76..21ac5023c81 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -179,15 +179,15 @@ struct my_con *db_mysql_new_connection(const struct db_id
*id)
#endif /* MYSQL_VERSION_ID */
#endif /* MARIADB_BASE_VERSION */
-#ifdef MYSQL_OPT_SSL_CA
+#if(MYSQL_VERSION_ID < 50600)
if(db_mysql_opt_ssl_ca)
mysql_options(
ptr->con, MYSQL_OPT_SSL_CA, (const void
*)db_mysql_opt_ssl_ca);
#else
- LM_DBG("opt_ssl_ca option not supported by mysql version (value %s) - "
+ LM_DBG("opt_ssl_ca option not supported by mysql version (value %s:%d)
- "
"ignoring\n",
- db_mysql_opt_ssl_ca);
-#endif /* MYSQL_OPT_SSL_CA */
+ MYSQL_SERVER_VERSION, MYSQL_VERSION_ID);
+#endif /* MYSQL_VERSION_ID */
#ifdef KSR_MYSQL_OPT_RECONNECT
/* set reconnect flag if enabled */
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:77de8690: tls: document handling of thread-locals
Module: kamailio Branch: master Commit: 77de86909ac8c156335e1e789bb3067932f9eff5 URL: https://github.com/kamailio/kamailio/commit/77de86909ac8c156335e1e789bb3067932f9eff5 Author: S-P Chan Committer: S-P Chan Date: 2024-05-04T19:48:21+08:00 tls: document handling of thread-locals --- Added: src/modules/tls/OpenSSL3-README.md --- Diff: https://github.com/kamailio/kamailio/commit/77de86909ac8c156335e1e789bb3067932f9eff5.diff Patch: https://github.com/kamailio/kamailio/commit/77de86909ac8c156335e1e789bb3067932f9eff5.patch --- diff --git a/src/modules/tls/OpenSSL3-README.md b/src/modules/tls/OpenSSL3-README.md new file mode 100644 index 000..6b6a7814129 --- /dev/null +++ b/src/modules/tls/OpenSSL3-README.md @@ -0,0 +1,55 @@ +# OpenSSL 3 Developer Notes + +## Background + +OpenSSL since 1.1.1 uses thread-local storage. The OpenSSL internal API +is `CRYPTO_THREAD_set_local()` and it is implemented on Linux using `pthread_setspecific()`. + +In a new thread, the value of a thread-local variable is 0x0; the first access of this +variable by OpenSSL will allocate new dynamic memory. The implication for Kamailio is that +if such variables are initialized in rank 0, then all workers will reuse the same memory +location as Kamailio uses shared memory for OpenSSL. + +## OpenSSL 1.1.1 shmmem Corruption + +In OpenSSL 1.1.1 there are three variables that impact Kamailio: `private_drbg`, `public_drbg`, and +`err_thread_local`. The first two variables are circumvented by an early call to `RAND_set_rand_method()`. + +The third variable, i.e., `err_thread_local` is reused by all workers and leads to shmmem corruption +particularly with other users of OpenSSL such as libcurl, and db modules with TLS. + +Historically, since 2019, this was a low-impact bug due to use of static variables in the OpenSSL 1.1.1 +implementation. + + +## OpenSSL 3 shmmem Corruption + +In OpenSSL 3 there is one variable that impacts Kamailio: `err_thread_local`. + +OpenSSL 3 uses more dynamic memory to handle the error stack and shmmem corruption is easily +reproducible, even without libcurl or db modules. + +## Resolution + +This resolution uses non-portable internal knowledge of pthreads on Linux: that `pthread_key_t` +is a small integer, and that it is incremented when a new thread-local key is requested + +OpenSSL 3 uses 6 thread-locals, and OpenSSL 1.1.1 uses 4 thread-locals. + +The first attempt (5.8.0/5.8.1) to resolve this issue uses the following technique: +* `tls_threads_mode = 1`: for each function that might initialize OpenSSL, run it in + a temporary thread; this leaves the thread-local variables in rank 0, main thread at their + default value of 0x0 +* `tls_threads_mode = 2`: add an at-fork handler to set thread-local variables to 0x0. + The implementation will set thread-local keys from 0-15 to have value 0x0. + +Limitation: the limitation of this method is some libraries like libpython cannot be initialized +other than in the primary thread and they will initialize thread-locals. + +The revised method makes a few OpenSSL function calls so +that OpenSSL will initialize all required thread-locals, and the tls.so sets a high-water mark. +It is assumed that all `pthread_key_t` values at the high-water mark or greater are set +by non-OpenSSL libraries. During fork, tls.so will clear all thread-locals up to the high-water +mark. + + ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:d8907b62: tls: clear thread-local variables up to tls_pthreads_key_mark
Module: kamailio
Branch: 5.7
Commit: d8907b6290d37965d07ceaf30e6c06956a59c90a
URL:
https://github.com/kamailio/kamailio/commit/d8907b6290d37965d07ceaf30e6c06956a59c90a
Author: S-P Chan
Committer: S-P Chan
Date: 2024-05-04T19:35:23+08:00
tls: clear thread-local variables up to tls_pthreads_key_mark
- other libraries may set thread-locals via pthread_setspecific
- assume that tls_pthreads_key_mark demarcates libssl's values
- only clean thread-local values up to tls_pthreads_key_mark
Currently only used by app_python[s]
(cherry picked from commit fe6f4fcde2fa06a3c00479cef169c27dc32ae490)
---
Modified: src/modules/tls/tls_mod.c
Modified: src/modules/tls/tls_rand.h
---
Diff:
https://github.com/kamailio/kamailio/commit/d8907b6290d37965d07ceaf30e6c06956a59c90a.diff
Patch:
https://github.com/kamailio/kamailio/commit/d8907b6290d37965d07ceaf30e6c06956a59c90a.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index c2a3c8de271..524419dd854 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -343,9 +343,11 @@ static tls_domains_cfg_t* tls_use_modparams(void)
* is < 10
*
*/
+static int tls_pthreads_key_mark;
static void fork_child(void)
{
- for(int k = 0; k < 16; k++) {
+ int k;
+ for(k = 0; k < tls_pthreads_key_mark; k++) {
if(pthread_getspecific(k) != 0)
pthread_setspecific(k, 0x0);
}
@@ -355,6 +357,8 @@ static int mod_init(void)
{
int method;
int verify_client;
+ unsigned char rand_buf[32];
+ int k;
if(tls_disable) {
LM_WARN("tls support is disabled "
@@ -463,6 +467,23 @@ static int mod_init(void)
if(ksr_tls_threads_mode == 2) {
pthread_atfork(NULL, NULL, &fork_child);
}
+
+#if OPENSSL_VERSION_NUMBER >= 0x010101000L
+ /*
+* force creation of all thread-locals now so that other libraries
+* that use pthread_key_create(), e.g. python,
+* will have larger key values
+*/
+ if(ksr_tls_threads_mode > 0) {
+ ERR_clear_error();
+ RAND_bytes(rand_buf, sizeof(rand_buf));
+ for(k = 0; k < 32; k++) {
+ if(pthread_getspecific(k))
+ tls_pthreads_key_mark = k + 1;
+ }
+ LM_WARN("set maximum pthreads key to %d\n",
tls_pthreads_key_mark);
+ }
+#endif
return 0;
error:
tls_h_mod_destroy_f();
@@ -499,6 +520,7 @@ static int mod_child_hook(int *rank, void *dummy)
if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params,
&mod_params) < 0)
return -1;
}
+
return 0;
}
@@ -508,6 +530,8 @@ static OSSL_LIB_CTX *new_ctx;
#endif
static int mod_child(int rank)
{
+ int k;
+
if(tls_disable || (tls_domains_cfg == 0))
return 0;
@@ -519,6 +543,13 @@ static int mod_child(int rank)
return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
}
+ if(ksr_tls_threads_mode == 1 && rank && rank != PROC_INIT
+ && rank != PROC_POSTCHILDINIT) {
+ for(k = 0; k < tls_pthreads_key_mark; k++)
+ pthread_setspecific(k, 0x0);
+ LM_WARN("clean-up of thread-locals key < %d\n",
tls_pthreads_key_mark);
+ }
+
#ifdef KSR_SSL_COMMON
/*
* after the child is fork()ed we go through the TLS domains
diff --git a/src/modules/tls/tls_rand.h b/src/modules/tls/tls_rand.h
index 58ddc853acd..7bbcf3a628c 100644
--- a/src/modules/tls/tls_rand.h
+++ b/src/modules/tls/tls_rand.h
@@ -21,10 +21,10 @@
#define _TLS_RAND_H_
#include
+#include
#if OPENSSL_VERSION_NUMBER >= 0x1010L \
&& OPENSSL_VERSION_NUMBER < 0x03000L
-#include
const RAND_METHOD *RAND_ksr_krand_method(void);
const RAND_METHOD *RAND_ksr_fastrand_method(void);
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:cafe437d: tls: clear thread-local variables up to tls_pthreads_key_mark
Module: kamailio
Branch: 5.8
Commit: cafe437dcb637b0e571a2d2ffd04d911584404d9
URL:
https://github.com/kamailio/kamailio/commit/cafe437dcb637b0e571a2d2ffd04d911584404d9
Author: S-P Chan
Committer: S-P Chan
Date: 2024-04-29T21:27:38+08:00
tls: clear thread-local variables up to tls_pthreads_key_mark
- other libraries may set thread-locals via pthread_setspecific
- assume that tls_pthreads_key_mark demarcates libssl's values
- only clean thread-local values up to tls_pthreads_key_mark
Currently only used by app_python[s]
(cherry picked from commit fe6f4fcde2fa06a3c00479cef169c27dc32ae490)
---
Modified: src/modules/tls/tls_mod.c
Modified: src/modules/tls/tls_rand.h
---
Diff:
https://github.com/kamailio/kamailio/commit/cafe437dcb637b0e571a2d2ffd04d911584404d9.diff
Patch:
https://github.com/kamailio/kamailio/commit/cafe437dcb637b0e571a2d2ffd04d911584404d9.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 83b86d99d58..baa1a7c76d1 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -343,10 +343,11 @@ static tls_domains_cfg_t* tls_use_modparams(void)
* is < 10
*
*/
+static int tls_pthreads_key_mark;
static void fork_child(void)
{
- int k = 0;
- for(k = 0; k < 16; k++) {
+ int k;
+ for(k = 0; k < tls_pthreads_key_mark; k++) {
if(pthread_getspecific(k) != 0)
pthread_setspecific(k, 0x0);
}
@@ -356,6 +357,8 @@ static int mod_init(void)
{
int method;
int verify_client;
+ unsigned char rand_buf[32];
+ int k;
if(tls_disable) {
LM_WARN("tls support is disabled "
@@ -464,6 +467,23 @@ static int mod_init(void)
if(ksr_tls_threads_mode == 2) {
pthread_atfork(NULL, NULL, &fork_child);
}
+
+#if OPENSSL_VERSION_NUMBER >= 0x010101000L
+ /*
+* force creation of all thread-locals now so that other libraries
+* that use pthread_key_create(), e.g. python,
+* will have larger key values
+*/
+ if(ksr_tls_threads_mode > 0) {
+ ERR_clear_error();
+ RAND_bytes(rand_buf, sizeof(rand_buf));
+ for(k = 0; k < 32; k++) {
+ if(pthread_getspecific(k))
+ tls_pthreads_key_mark = k + 1;
+ }
+ LM_WARN("set maximum pthreads key to %d\n",
tls_pthreads_key_mark);
+ }
+#endif
return 0;
error:
tls_h_mod_destroy_f();
@@ -500,6 +520,7 @@ static int mod_child_hook(int *rank, void *dummy)
if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params,
&mod_params) < 0)
return -1;
}
+
return 0;
}
@@ -509,17 +530,26 @@ static OSSL_LIB_CTX *new_ctx;
#endif
static int mod_child(int rank)
{
+ int k;
+
if(tls_disable || (tls_domains_cfg == 0))
return 0;
/*
- * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor
- * to avoid init of libssl in thread#1: ksr_tls_threads_mode = 1
- */
+* OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor
+* to avoid init of libssl in thread#1: ksr_tls_threads_mode = 1
+*/
if(rank == PROC_INIT) {
return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
}
+ if(ksr_tls_threads_mode == 1 && rank && rank != PROC_INIT
+ && rank != PROC_POSTCHILDINIT) {
+ for(k = 0; k < tls_pthreads_key_mark; k++)
+ pthread_setspecific(k, 0x0);
+ LM_WARN("clean-up of thread-locals key < %d\n",
tls_pthreads_key_mark);
+ }
+
#ifdef KSR_SSL_COMMON
/*
* after the child is fork()ed we go through the TLS domains
diff --git a/src/modules/tls/tls_rand.h b/src/modules/tls/tls_rand.h
index 58ddc853acd..7bbcf3a628c 100644
--- a/src/modules/tls/tls_rand.h
+++ b/src/modules/tls/tls_rand.h
@@ -21,10 +21,10 @@
#define _TLS_RAND_H_
#include
+#include
#if OPENSSL_VERSION_NUMBER >= 0x1010L \
&& OPENSSL_VERSION_NUMBER < 0x03000L
-#include
const RAND_METHOD *RAND_ksr_krand_method(void);
const RAND_METHOD *RAND_ksr_fastrand_method(void);
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:fe6f4fcd: tls: clear thread-local variables up to tls_pthreads_key_mark
Module: kamailio
Branch: master
Commit: fe6f4fcde2fa06a3c00479cef169c27dc32ae490
URL:
https://github.com/kamailio/kamailio/commit/fe6f4fcde2fa06a3c00479cef169c27dc32ae490
Author: S-P Chan
Committer: S-P Chan
Date: 2024-04-29T21:20:20+08:00
tls: clear thread-local variables up to tls_pthreads_key_mark
- other libraries may set thread-locals via pthread_setspecific
- assume that tls_pthreads_key_mark demarcates libssl's values
- only clean thread-local values up to tls_pthreads_key_mark
Currently only used by app_python[s]
---
Modified: src/modules/tls/tls_mod.c
Modified: src/modules/tls/tls_rand.h
---
Diff:
https://github.com/kamailio/kamailio/commit/fe6f4fcde2fa06a3c00479cef169c27dc32ae490.diff
Patch:
https://github.com/kamailio/kamailio/commit/fe6f4fcde2fa06a3c00479cef169c27dc32ae490.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 83b86d99d58..baa1a7c76d1 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -343,10 +343,11 @@ static tls_domains_cfg_t* tls_use_modparams(void)
* is < 10
*
*/
+static int tls_pthreads_key_mark;
static void fork_child(void)
{
- int k = 0;
- for(k = 0; k < 16; k++) {
+ int k;
+ for(k = 0; k < tls_pthreads_key_mark; k++) {
if(pthread_getspecific(k) != 0)
pthread_setspecific(k, 0x0);
}
@@ -356,6 +357,8 @@ static int mod_init(void)
{
int method;
int verify_client;
+ unsigned char rand_buf[32];
+ int k;
if(tls_disable) {
LM_WARN("tls support is disabled "
@@ -464,6 +467,23 @@ static int mod_init(void)
if(ksr_tls_threads_mode == 2) {
pthread_atfork(NULL, NULL, &fork_child);
}
+
+#if OPENSSL_VERSION_NUMBER >= 0x010101000L
+ /*
+* force creation of all thread-locals now so that other libraries
+* that use pthread_key_create(), e.g. python,
+* will have larger key values
+*/
+ if(ksr_tls_threads_mode > 0) {
+ ERR_clear_error();
+ RAND_bytes(rand_buf, sizeof(rand_buf));
+ for(k = 0; k < 32; k++) {
+ if(pthread_getspecific(k))
+ tls_pthreads_key_mark = k + 1;
+ }
+ LM_WARN("set maximum pthreads key to %d\n",
tls_pthreads_key_mark);
+ }
+#endif
return 0;
error:
tls_h_mod_destroy_f();
@@ -500,6 +520,7 @@ static int mod_child_hook(int *rank, void *dummy)
if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params,
&mod_params) < 0)
return -1;
}
+
return 0;
}
@@ -509,17 +530,26 @@ static OSSL_LIB_CTX *new_ctx;
#endif
static int mod_child(int rank)
{
+ int k;
+
if(tls_disable || (tls_domains_cfg == 0))
return 0;
/*
- * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor
- * to avoid init of libssl in thread#1: ksr_tls_threads_mode = 1
- */
+* OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor
+* to avoid init of libssl in thread#1: ksr_tls_threads_mode = 1
+*/
if(rank == PROC_INIT) {
return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
}
+ if(ksr_tls_threads_mode == 1 && rank && rank != PROC_INIT
+ && rank != PROC_POSTCHILDINIT) {
+ for(k = 0; k < tls_pthreads_key_mark; k++)
+ pthread_setspecific(k, 0x0);
+ LM_WARN("clean-up of thread-locals key < %d\n",
tls_pthreads_key_mark);
+ }
+
#ifdef KSR_SSL_COMMON
/*
* after the child is fork()ed we go through the TLS domains
diff --git a/src/modules/tls/tls_rand.h b/src/modules/tls/tls_rand.h
index 58ddc853acd..7bbcf3a628c 100644
--- a/src/modules/tls/tls_rand.h
+++ b/src/modules/tls/tls_rand.h
@@ -21,10 +21,10 @@
#define _TLS_RAND_H_
#include
+#include
#if OPENSSL_VERSION_NUMBER >= 0x1010L \
&& OPENSSL_VERSION_NUMBER < 0x03000L
-#include
const RAND_METHOD *RAND_ksr_krand_method(void);
const RAND_METHOD *RAND_ksr_fastrand_method(void);
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.6:3d642314: tls: revert commit a08562b2e56c89900220b7ed15c9ccd12655d9a6
Module: kamailio
Branch: 5.6
Commit: 3d6423140a864b83e61dbc8e662c8fd53ecb9bb3
URL:
https://github.com/kamailio/kamailio/commit/3d6423140a864b83e61dbc8e662c8fd53ecb9bb3
Author: S-P Chan
Committer: S-P Chan
Date: 2024-03-24T08:27:43+08:00
tls: revert commit a08562b2e56c89900220b7ed15c9ccd12655d9a6
- GH#3791: users of tls.so on systems that provide only
libssl3 (e.g. bookworm) are advised to try >= 5.8.0
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/3d6423140a864b83e61dbc8e662c8fd53ecb9bb3.diff
Patch:
https://github.com/kamailio/kamailio/commit/3d6423140a864b83e61dbc8e662c8fd53ecb9bb3.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 3805accf70a..499a9a77aea 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -306,17 +306,6 @@ static tls_domains_cfg_t* tls_use_modparams(void)
}
#endif
-/* unconditionally perform thread-local clean-up
- * especially needed with libssl3 uses
- * (bookworm/jammy/noble/el9)
- */
-static void fork_child(void)
-{
-for(int k = 0; k < 16; k++) {
-if(pthread_getspecific(k) != 0)
-pthread_setspecific(k, 0x0);
-}
-}
static int mod_init(void)
{
@@ -418,9 +407,6 @@ static int mod_init(void)
if(sr_tls_event_callback.s == NULL || sr_tls_event_callback.len <= 0) {
tls_lookup_event_routes();
}
-/* minimal fix for libssl 1.1.1/3.x uses
- */
-pthread_atfork(NULL, NULL, &fork_child);
return 0;
error:
tls_h_mod_destroy_f();
@@ -649,6 +635,11 @@ int mod_register(char *path, int *dlflags, void *p1, void
*p2)
register_tls_hooks(&tls_h);
+#if OPENSSL_VERSION_NUMBER >= 0x1010L
+ LM_DBG("setting cryptorand random engine\n");
+ RAND_set_rand_method(RAND_ksr_cryptorand_method());
+#endif
+
sr_kemi_modules_add(sr_kemi_tls_exports);
return 0;
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.6:a08562b2: tls: force thread-locals clean-up for libssl3
Module: kamailio
Branch: 5.6
Commit: a08562b2e56c89900220b7ed15c9ccd12655d9a6
URL:
https://github.com/kamailio/kamailio/commit/a08562b2e56c89900220b7ed15c9ccd12655d9a6
Author: S-P Chan
Committer: S-P Chan
Date: 2024-03-23T21:38:18+08:00
tls: force thread-locals clean-up for libssl3
- minimal thread-locals patch as 5.6.x is packaged for distros
that use libssl3 GH#3791
- simplified version of tls rework in 5.8.x
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/a08562b2e56c89900220b7ed15c9ccd12655d9a6.diff
Patch:
https://github.com/kamailio/kamailio/commit/a08562b2e56c89900220b7ed15c9ccd12655d9a6.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 499a9a77aea..3805accf70a 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -306,6 +306,17 @@ static tls_domains_cfg_t* tls_use_modparams(void)
}
#endif
+/* unconditionally perform thread-local clean-up
+ * especially needed with libssl3 uses
+ * (bookworm/jammy/noble/el9)
+ */
+static void fork_child(void)
+{
+for(int k = 0; k < 16; k++) {
+if(pthread_getspecific(k) != 0)
+pthread_setspecific(k, 0x0);
+}
+}
static int mod_init(void)
{
@@ -407,6 +418,9 @@ static int mod_init(void)
if(sr_tls_event_callback.s == NULL || sr_tls_event_callback.len <= 0) {
tls_lookup_event_routes();
}
+/* minimal fix for libssl 1.1.1/3.x uses
+ */
+pthread_atfork(NULL, NULL, &fork_child);
return 0;
error:
tls_h_mod_destroy_f();
@@ -635,11 +649,6 @@ int mod_register(char *path, int *dlflags, void *p1, void
*p2)
register_tls_hooks(&tls_h);
-#if OPENSSL_VERSION_NUMBER >= 0x1010L
- LM_DBG("setting cryptorand random engine\n");
- RAND_set_rand_method(RAND_ksr_cryptorand_method());
-#endif
-
sr_kemi_modules_add(sr_kemi_tls_exports);
return 0;
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:af524f5b: tlsa: removed the map files used in the past for tls engine
Module: kamailio Branch: 5.7 Commit: af524f5b2b2fa3de4aa4e198bf3a9f0feff04e17 URL: https://github.com/kamailio/kamailio/commit/af524f5b2b2fa3de4aa4e198bf3a9f0feff04e17 Author: Daniel-Constantin Mierla Committer: S-P Chan Date: 2024-03-23T21:06:43+08:00 tlsa: removed the map files used in the past for tls engine - sync with code of tls module --- Removed: src/modules/tlsa/tls_map.c Removed: src/modules/tlsa/tls_map.h --- Diff: https://github.com/kamailio/kamailio/commit/af524f5b2b2fa3de4aa4e198bf3a9f0feff04e17.diff Patch: https://github.com/kamailio/kamailio/commit/af524f5b2b2fa3de4aa4e198bf3a9f0feff04e17.patch --- diff --git a/src/modules/tlsa/tls_map.c b/src/modules/tlsa/tls_map.c deleted file mode 100644 index ad799b5cdff..000 --- a/src/modules/tlsa/tls_map.c +++ /dev/null @@ -1,27 +0,0 @@ -/** - * Copyright (C) 2021 Daniel-Constantin Mierla (asipto.com) - * - * This file is part of Kamailio, a free SIP server. - * - * This file is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version - * - * - * This file is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -/** - * THIS FILE IS GENERATED - DO NOT MODIFY IT - */ - -#include "../tls/tls_map.c" diff --git a/src/modules/tlsa/tls_map.h b/src/modules/tlsa/tls_map.h deleted file mode 100644 index 96705a7f7fa..000 --- a/src/modules/tlsa/tls_map.h +++ /dev/null @@ -1,27 +0,0 @@ -/** - * Copyright (C) 2021 Daniel-Constantin Mierla (asipto.com) - * - * This file is part of Kamailio, a free SIP server. - * - * This file is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version - * - * - * This file is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -/** - * THIS FILE IS GENERATED - DO NOT MODIFY IT - */ - -#include "../tls/tls_map.h" ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:d20df6fb: core/rthreads.h: add new option tls_threads_mode = 2
Module: kamailio
Branch: 5.7
Commit: d20df6fb372ab4da0dd5e6f277b08345059c2be5
URL:
https://github.com/kamailio/kamailio/commit/d20df6fb372ab4da0dd5e6f277b08345059c2be5
Author: S-P Chan
Committer: S-P Chan
Date: 2024-03-23T21:09:14+08:00
core/rthreads.h: add new option tls_threads_mode = 2
- add global handling of thread-locals with
tls_threads_mode = 2
- this will run a pthread_atfork handler to reset
all thread-locals to 0x0
- alternative solution to running functions
in thread executors
- requires tls.so to be loaded to be effective
(cherry picked from commit e7f040f219b46592081a6053b4ed1ae0d0552b1a)
---
Modified: src/core/rthreads.h
---
Diff:
https://github.com/kamailio/kamailio/commit/d20df6fb372ab4da0dd5e6f277b08345059c2be5.diff
Patch:
https://github.com/kamailio/kamailio/commit/d20df6fb372ab4da0dd5e6f277b08345059c2be5.patch
---
diff --git a/src/core/rthreads.h b/src/core/rthreads.h
index 0f4f0cf8b8a..6fee4d0b407 100644
--- a/src/core/rthreads.h
+++ b/src/core/rthreads.h
@@ -40,7 +40,7 @@ static void *run_threadP(_thread_proto fn, void *arg)
pthread_t tid;
void *ret;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg);
}
@@ -77,7 +77,7 @@ static void *run_threadPI(_thread_protoPI fn, void *arg1, int
arg2)
pthread_t tid;
void *ret;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1, arg2);
}
@@ -113,7 +113,7 @@ static void run_threadV(_thread_protoV fn)
#ifdef USE_TLS
pthread_t tid;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
fn();
return;
@@ -152,7 +152,7 @@ static int run_thread4PP(_thread_proto4PP fn, void *arg1,
void *arg2)
pthread_t tid;
int ret;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1, arg2);
}
@@ -188,7 +188,7 @@ static void run_thread0P(_thread_proto0P fn, void *arg1)
#ifdef USE_TLS
pthread_t tid;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
fn(arg1);
return;
@@ -240,7 +240,7 @@ static int run_thread4P5I2P2(_thread_proto4P5I2P2 fn, void
*arg1, void *arg2,
pthread_t tid;
int ret;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9);
}
@@ -278,7 +278,7 @@ static int run_thread4L(_thread_proto4L fn, long arg1)
pthread_t tid;
int ret;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1);
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:88429b9e: tls: remove unused ENGINE define
Module: kamailio Branch: 5.7 Commit: 88429b9e3546864845fb1a3c2ce5263620b51c58 URL: https://github.com/kamailio/kamailio/commit/88429b9e3546864845fb1a3c2ce5263620b51c58 Author: S-P Chan Committer: S-P Chan Date: 2024-03-23T21:06:43+08:00 tls: remove unused ENGINE define --- Modified: src/modules/tls/tls_server.c --- Diff: https://github.com/kamailio/kamailio/commit/88429b9e3546864845fb1a3c2ce5263620b51c58.diff Patch: https://github.com/kamailio/kamailio/commit/88429b9e3546864845fb1a3c2ce5263620b51c58.patch --- diff --git a/src/modules/tls/tls_server.c b/src/modules/tls/tls_server.c index 3e22ec42712..3bfea131cf2 100644 --- a/src/modules/tls/tls_server.c +++ b/src/modules/tls/tls_server.c @@ -128,11 +128,6 @@ int tls_run_event_routes(struct tcp_connection *c); #endif /* __SUNPRO_c */ #endif /* TLS_RD_DEBUG */ -/* only OpenSSL <= 1.1.1 */ -#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_NUMBER < 0x03000L -#define KSR_SSL_ENGINE -#endif - extern str sr_tls_xavp_cfg; static str _ksr_tls_connect_server_id = STR_NULL; ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:cf764b49: tls: new option tls_threads_mode = 2
Module: kamailio
Branch: 5.7
Commit: cf764b499fbc3f28f7ed080b488e0e8111687cf8
URL:
https://github.com/kamailio/kamailio/commit/cf764b499fbc3f28f7ed080b488e0e8111687cf8
Author: S-P Chan
Committer: S-P Chan
Date: 2024-03-23T21:09:14+08:00
tls: new option tls_threads_mode = 2
- use pthread_atfork to force all thread-locals
to 0x0 after fork()
(cherry picked from commit 464299c202f3ba963aed821b777075397e843856)
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/cf764b499fbc3f28f7ed080b488e0e8111687cf8.diff
Patch:
https://github.com/kamailio/kamailio/commit/cf764b499fbc3f28f7ed080b488e0e8111687cf8.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index c34c9933b1d..51e88bed51f 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -337,6 +337,20 @@ static tls_domains_cfg_t* tls_use_modparams(void)
}
#endif
+/* global config tls_threads_mode = 2
+ * - force all thread-locals to be 0x0 after fork()
+ * - with OpenSSL loaded the largest value observed
+ * is < 10
+ *
+ */
+static void fork_child(void)
+{
+ for(int k = 0; k < 16; k++) {
+ if(pthread_getspecific(k) != 0)
+ pthread_setspecific(k, 0x0);
+ }
+}
+
static int mod_init(void)
{
int method;
@@ -446,6 +460,9 @@ static int mod_init(void)
ksr_module_set_flag(KSRMOD_FLAG_POSTCHILDINIT);
}
#endif
+ if(ksr_tls_threads_mode == 2) {
+ pthread_atfork(NULL, NULL, &fork_child);
+ }
return 0;
error:
tls_h_mod_destroy_f();
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:957c8005: tls: clean-up of ENGINE
Module: kamailio Branch: 5.7 Commit: 957c8005d2a97207debf1d3e782c1df5de70d487 URL: https://github.com/kamailio/kamailio/commit/957c8005d2a97207debf1d3e782c1df5de70d487 Author: S-P Chan Committer: S-P Chan Date: 2024-03-23T21:06:43+08:00 tls: clean-up of ENGINE - remove tls_map.* - not needed anymore - install an ENGINE in each worker SSL_CTX no need to replicate to all processes --- Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_server.c Removed: src/modules/tls/tls_map.c Removed: src/modules/tls/tls_map.h --- Diff: https://github.com/kamailio/kamailio/commit/957c8005d2a97207debf1d3e782c1df5de70d487.diff Patch: https://github.com/kamailio/kamailio/commit/957c8005d2a97207debf1d3e782c1df5de70d487.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:4b206bcc: tls: make explicit ENGINE deprecation in OpenSSL 3
Module: kamailio Branch: 5.7 Commit: 4b206bccc0ed46aac876921009d2884eb868075c URL: https://github.com/kamailio/kamailio/commit/4b206bccc0ed46aac876921009d2884eb868075c Author: S-P Chan Committer: S-P Chan Date: 2024-03-23T21:06:43+08:00 tls: make explicit ENGINE deprecation in OpenSSL 3 --- Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_server.c --- Diff: https://github.com/kamailio/kamailio/commit/4b206bccc0ed46aac876921009d2884eb868075c.diff Patch: https://github.com/kamailio/kamailio/commit/4b206bccc0ed46aac876921009d2884eb868075c.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:d03d5fdf: tls: NULL safety check
Module: kamailio
Branch: 5.7
Commit: d03d5fdf2b6a29e783738a6ea98c35725826d9ed
URL:
https://github.com/kamailio/kamailio/commit/d03d5fdf2b6a29e783738a6ea98c35725826d9ed
Author: S-P Chan
Committer: S-P Chan
Date: 2024-03-23T21:09:14+08:00
tls: NULL safety check
(cherry picked from commit f6f9d90ada963b53b6552e1a172b8f2fd021c33b)
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/d03d5fdf2b6a29e783738a6ea98c35725826d9ed.diff
Patch:
https://github.com/kamailio/kamailio/commit/d03d5fdf2b6a29e783738a6ea98c35725826d9ed.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 51e88bed51f..c2a3c8de271 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -871,6 +871,8 @@ EVP_PKEY *tls_engine_private_key(const char *key_id)
while(!(OSSL_STORE_eof(ctx))) {
OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
+ if(info == NULL)
+ continue;
int type;
type = OSSL_STORE_INFO_get_type(info);
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:caa24125: etc/kamailio.cfg: document tls_threads_mode = 2 to use atfork handler
Module: kamailio Branch: 5.7 Commit: caa2412507586329b7b97685203fd8bd54cd2691 URL: https://github.com/kamailio/kamailio/commit/caa2412507586329b7b97685203fd8bd54cd2691 Author: S-P Chan Committer: S-P Chan Date: 2024-03-23T21:09:14+08:00 etc/kamailio.cfg: document tls_threads_mode = 2 to use atfork handler (cherry picked from commit 5b4926b04ba0fcd8f65f5709789abd83181a381a) --- Modified: etc/kamailio.cfg --- Diff: https://github.com/kamailio/kamailio/commit/caa2412507586329b7b97685203fd8bd54cd2691.diff Patch: https://github.com/kamailio/kamailio/commit/caa2412507586329b7b97685203fd8bd54cd2691.patch --- diff --git a/etc/kamailio.cfg b/etc/kamailio.cfg index a95a652b935..bf456f396fa 100755 --- a/etc/kamailio.cfg +++ b/etc/kamailio.cfg @@ -224,8 +224,9 @@ tls_max_connections=2048 /* For OpenSSL 3 integration * functions calling libssl3 can be invoked in a transient thread * 0: disable threaded calls - * 1: use threads for process#0 only - * 2: use threads for all processes */ + * 1: use thread executors for process#0 only + * 2: no thread executors, but use atfork handler to reset thread-locals to NULL + * 3: use thread executors for all processes */ tls_threads_mode=1 #!endif ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:822960b0: tls: basic OpenSSL 3 support of provider keys (replaces ENGINE)
Module: kamailio Branch: 5.7 Commit: 822960b0e869b5fce093f708daf65b9f4b4c47f8 URL: https://github.com/kamailio/kamailio/commit/822960b0e869b5fce093f708daf65b9f4b4c47f8 Author: S-P Chan Committer: S-P Chan Date: 2024-03-23T21:09:14+08:00 tls: basic OpenSSL 3 support of provider keys (replaces ENGINE) - initial support for v3 provider keys (replaces ENGINE from v1.1.1) - can be disabled behind build flag -DOPENSSL_NO_PROVIDER - provider keys start with /uri: e.g private_key = /uri:pkcs11:token=NSS%20Certificate%20DB;type=private;object=Fork-Test-c67cc0e0 - global config: provider_quirks: 0 | 1 - 0 - default - 1 - create a new OSS_LIB_CTX* in the child This integration does not load any providers itself and depends on the usual export OPENSSL_CONF=my-openssl.cnf to configure providers. (cherry picked from commit 69883dd381368ca219cc52140e71d571775f95d5) --- Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/822960b0e869b5fce093f708daf65b9f4b4c47f8.diff Patch: https://github.com/kamailio/kamailio/commit/822960b0e869b5fce093f708daf65b9f4b4c47f8.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:dae15377: tls: NULL safety check
Module: kamailio
Branch: 5.8
Commit: dae15377dac1b019f2278baca208162154d5a7ad
URL:
https://github.com/kamailio/kamailio/commit/dae15377dac1b019f2278baca208162154d5a7ad
Author: S-P Chan
Committer: S-P Chan
Date: 2024-03-05T10:01:03+08:00
tls: NULL safety check
(cherry picked from commit f6f9d90ada963b53b6552e1a172b8f2fd021c33b)
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/dae15377dac1b019f2278baca208162154d5a7ad.diff
Patch:
https://github.com/kamailio/kamailio/commit/dae15377dac1b019f2278baca208162154d5a7ad.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 6dfde00c93a..b4a2afb7818 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -871,6 +871,8 @@ EVP_PKEY *tls_engine_private_key(const char *key_id)
while(!(OSSL_STORE_eof(ctx))) {
OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
+ if(info == NULL)
+ continue;
int type;
type = OSSL_STORE_INFO_get_type(info);
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:f6f9d90a: tls: NULL safety check
Module: kamailio
Branch: master
Commit: f6f9d90ada963b53b6552e1a172b8f2fd021c33b
URL:
https://github.com/kamailio/kamailio/commit/f6f9d90ada963b53b6552e1a172b8f2fd021c33b
Author: S-P Chan
Committer: S-P Chan
Date: 2024-03-05T09:59:41+08:00
tls: NULL safety check
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/f6f9d90ada963b53b6552e1a172b8f2fd021c33b.diff
Patch:
https://github.com/kamailio/kamailio/commit/f6f9d90ada963b53b6552e1a172b8f2fd021c33b.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 6dfde00c93a..b4a2afb7818 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -871,6 +871,8 @@ EVP_PKEY *tls_engine_private_key(const char *key_id)
while(!(OSSL_STORE_eof(ctx))) {
OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
+ if(info == NULL)
+ continue;
int type;
type = OSSL_STORE_INFO_get_type(info);
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:56aeb072: etc/kamailio.cfg: document tls_threads_mode = 2 to use atfork handler
Module: kamailio Branch: 5.8 Commit: 56aeb0723562409aa97098e51c602bcddc8b6789 URL: https://github.com/kamailio/kamailio/commit/56aeb0723562409aa97098e51c602bcddc8b6789 Author: S-P Chan Committer: S-P Chan Date: 2024-03-05T06:48:35+08:00 etc/kamailio.cfg: document tls_threads_mode = 2 to use atfork handler (cherry picked from commit 5b4926b04ba0fcd8f65f5709789abd83181a381a) --- Modified: etc/kamailio.cfg --- Diff: https://github.com/kamailio/kamailio/commit/56aeb0723562409aa97098e51c602bcddc8b6789.diff Patch: https://github.com/kamailio/kamailio/commit/56aeb0723562409aa97098e51c602bcddc8b6789.patch --- diff --git a/etc/kamailio.cfg b/etc/kamailio.cfg index 2d68f7692e1..3f9a5fe793f 100755 --- a/etc/kamailio.cfg +++ b/etc/kamailio.cfg @@ -224,8 +224,9 @@ tls_max_connections=2048 /* For OpenSSL 3 integration * functions calling libssl3 can be invoked in a transient thread * 0: disable threaded calls - * 1: use threads for process#0 only - * 2: use threads for all processes */ + * 1: use thread executors for process#0 only + * 2: no thread executors, but use atfork handler to reset thread-locals to NULL + * 3: use thread executors for all processes */ tls_threads_mode=1 #!endif ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:5b4926b0: etc/kamailio.cfg: document tls_threads_mode = 2 to use atfork handler
Module: kamailio Branch: master Commit: 5b4926b04ba0fcd8f65f5709789abd83181a381a URL: https://github.com/kamailio/kamailio/commit/5b4926b04ba0fcd8f65f5709789abd83181a381a Author: S-P Chan Committer: S-P Chan Date: 2024-03-05T06:47:24+08:00 etc/kamailio.cfg: document tls_threads_mode = 2 to use atfork handler --- Modified: etc/kamailio.cfg --- Diff: https://github.com/kamailio/kamailio/commit/5b4926b04ba0fcd8f65f5709789abd83181a381a.diff Patch: https://github.com/kamailio/kamailio/commit/5b4926b04ba0fcd8f65f5709789abd83181a381a.patch --- diff --git a/etc/kamailio.cfg b/etc/kamailio.cfg index 2d68f7692e1..3f9a5fe793f 100755 --- a/etc/kamailio.cfg +++ b/etc/kamailio.cfg @@ -224,8 +224,9 @@ tls_max_connections=2048 /* For OpenSSL 3 integration * functions calling libssl3 can be invoked in a transient thread * 0: disable threaded calls - * 1: use threads for process#0 only - * 2: use threads for all processes */ + * 1: use thread executors for process#0 only + * 2: no thread executors, but use atfork handler to reset thread-locals to NULL + * 3: use thread executors for all processes */ tls_threads_mode=1 #!endif ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:e7f040f2: core/rthreads.h: add new option tls_threads_mode = 2
Module: kamailio
Branch: master
Commit: e7f040f219b46592081a6053b4ed1ae0d0552b1a
URL:
https://github.com/kamailio/kamailio/commit/e7f040f219b46592081a6053b4ed1ae0d0552b1a
Author: S-P Chan
Committer: S-P Chan
Date: 2024-03-04T22:00:38+08:00
core/rthreads.h: add new option tls_threads_mode = 2
- add global handling of thread-locals with
tls_threads_mode = 2
- this will run a pthread_atfork handler to reset
all thread-locals to 0x0
- alternative solution to running functions
in thread executors
- requires tls.so to be loaded to be effective
---
Modified: src/core/rthreads.h
---
Diff:
https://github.com/kamailio/kamailio/commit/e7f040f219b46592081a6053b4ed1ae0d0552b1a.diff
Patch:
https://github.com/kamailio/kamailio/commit/e7f040f219b46592081a6053b4ed1ae0d0552b1a.patch
---
diff --git a/src/core/rthreads.h b/src/core/rthreads.h
index 1a04f9982c7..56d68cef276 100644
--- a/src/core/rthreads.h
+++ b/src/core/rthreads.h
@@ -40,7 +40,7 @@ static void *run_threadP(_thread_proto fn, void *arg)
pthread_t tid;
void *ret = NULL;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg);
}
@@ -77,7 +77,7 @@ static void *run_threadPI(_thread_protoPI fn, void *arg1, int
arg2)
pthread_t tid;
void *ret = NULL;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1, arg2);
}
@@ -113,7 +113,7 @@ static void run_threadV(_thread_protoV fn)
#ifdef USE_TLS
pthread_t tid;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
fn();
return;
@@ -152,7 +152,7 @@ static int run_thread4PP(_thread_proto4PP fn, void *arg1,
void *arg2)
pthread_t tid;
int ret = 0;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1, arg2);
}
@@ -188,7 +188,7 @@ static void run_thread0P(_thread_proto0P fn, void *arg1)
#ifdef USE_TLS
pthread_t tid;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
fn(arg1);
return;
@@ -240,7 +240,7 @@ static int run_thread4P5I2P2(_thread_proto4P5I2P2 fn, void
*arg1, void *arg2,
pthread_t tid;
int ret = 0;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9);
}
@@ -278,7 +278,7 @@ static int run_thread4L(_thread_proto4L fn, long arg1)
pthread_t tid;
int ret = 0;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1);
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:0ba1ff1d: tls: new option tls_threads_mode = 2
Module: kamailio
Branch: 5.8
Commit: 0ba1ff1d430e5e51c7745d7eb1242dcae2557db9
URL:
https://github.com/kamailio/kamailio/commit/0ba1ff1d430e5e51c7745d7eb1242dcae2557db9
Author: S-P Chan
Committer: S-P Chan
Date: 2024-03-04T22:27:36+08:00
tls: new option tls_threads_mode = 2
- use pthread_atfork to force all thread-locals
to 0x0 after fork()
(cherry picked from commit 464299c202f3ba963aed821b777075397e843856)
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/0ba1ff1d430e5e51c7745d7eb1242dcae2557db9.diff
Patch:
https://github.com/kamailio/kamailio/commit/0ba1ff1d430e5e51c7745d7eb1242dcae2557db9.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 1dc9357f56a..6dfde00c93a 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -337,6 +337,20 @@ static tls_domains_cfg_t* tls_use_modparams(void)
}
#endif
+/* global config tls_threads_mode = 2
+ * - force all thread-locals to be 0x0 after fork()
+ * - with OpenSSL loaded the largest value observed
+ * is < 10
+ *
+ */
+static void fork_child(void)
+{
+ for(int k = 0; k < 16; k++) {
+ if(pthread_getspecific(k) != 0)
+ pthread_setspecific(k, 0x0);
+ }
+}
+
static int mod_init(void)
{
int method;
@@ -446,6 +460,9 @@ static int mod_init(void)
ksr_module_set_flag(KSRMOD_FLAG_POSTCHILDINIT);
}
#endif
+ if(ksr_tls_threads_mode == 2) {
+ pthread_atfork(NULL, NULL, &fork_child);
+ }
return 0;
error:
tls_h_mod_destroy_f();
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:0a565d34: core/rthreads.h: add new option tls_threads_mode = 2
Module: kamailio
Branch: 5.8
Commit: 0a565d34b98b7ec4de0524a3e216e8d907661181
URL:
https://github.com/kamailio/kamailio/commit/0a565d34b98b7ec4de0524a3e216e8d907661181
Author: S-P Chan
Committer: S-P Chan
Date: 2024-03-04T22:27:15+08:00
core/rthreads.h: add new option tls_threads_mode = 2
- add global handling of thread-locals with
tls_threads_mode = 2
- this will run a pthread_atfork handler to reset
all thread-locals to 0x0
- alternative solution to running functions
in thread executors
- requires tls.so to be loaded to be effective
(cherry picked from commit e7f040f219b46592081a6053b4ed1ae0d0552b1a)
---
Modified: src/core/rthreads.h
---
Diff:
https://github.com/kamailio/kamailio/commit/0a565d34b98b7ec4de0524a3e216e8d907661181.diff
Patch:
https://github.com/kamailio/kamailio/commit/0a565d34b98b7ec4de0524a3e216e8d907661181.patch
---
diff --git a/src/core/rthreads.h b/src/core/rthreads.h
index 0f4f0cf8b8a..6fee4d0b407 100644
--- a/src/core/rthreads.h
+++ b/src/core/rthreads.h
@@ -40,7 +40,7 @@ static void *run_threadP(_thread_proto fn, void *arg)
pthread_t tid;
void *ret;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg);
}
@@ -77,7 +77,7 @@ static void *run_threadPI(_thread_protoPI fn, void *arg1, int
arg2)
pthread_t tid;
void *ret;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1, arg2);
}
@@ -113,7 +113,7 @@ static void run_threadV(_thread_protoV fn)
#ifdef USE_TLS
pthread_t tid;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
fn();
return;
@@ -152,7 +152,7 @@ static int run_thread4PP(_thread_proto4PP fn, void *arg1,
void *arg2)
pthread_t tid;
int ret;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1, arg2);
}
@@ -188,7 +188,7 @@ static void run_thread0P(_thread_proto0P fn, void *arg1)
#ifdef USE_TLS
pthread_t tid;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
fn(arg1);
return;
@@ -240,7 +240,7 @@ static int run_thread4P5I2P2(_thread_proto4P5I2P2 fn, void
*arg1, void *arg2,
pthread_t tid;
int ret;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9);
}
@@ -278,7 +278,7 @@ static int run_thread4L(_thread_proto4L fn, long arg1)
pthread_t tid;
int ret;
- if(likely(ksr_tls_threads_mode == 0
+ if(likely(ksr_tls_threads_mode == 0 || ksr_tls_threads_mode == 2
|| (ksr_tls_threads_mode == 1 && process_no > 0))) {
return fn(arg1);
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:464299c2: tls: new option tls_threads_mode = 2
Module: kamailio
Branch: master
Commit: 464299c202f3ba963aed821b777075397e843856
URL:
https://github.com/kamailio/kamailio/commit/464299c202f3ba963aed821b777075397e843856
Author: S-P Chan
Committer: S-P Chan
Date: 2024-03-04T22:00:38+08:00
tls: new option tls_threads_mode = 2
- use pthread_atfork to force all thread-locals
to 0x0 after fork()
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/464299c202f3ba963aed821b777075397e843856.diff
Patch:
https://github.com/kamailio/kamailio/commit/464299c202f3ba963aed821b777075397e843856.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 1dc9357f56a..6dfde00c93a 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -337,6 +337,20 @@ static tls_domains_cfg_t* tls_use_modparams(void)
}
#endif
+/* global config tls_threads_mode = 2
+ * - force all thread-locals to be 0x0 after fork()
+ * - with OpenSSL loaded the largest value observed
+ * is < 10
+ *
+ */
+static void fork_child(void)
+{
+ for(int k = 0; k < 16; k++) {
+ if(pthread_getspecific(k) != 0)
+ pthread_setspecific(k, 0x0);
+ }
+}
+
static int mod_init(void)
{
int method;
@@ -446,6 +460,9 @@ static int mod_init(void)
ksr_module_set_flag(KSRMOD_FLAG_POSTCHILDINIT);
}
#endif
+ if(ksr_tls_threads_mode == 2) {
+ pthread_atfork(NULL, NULL, &fork_child);
+ }
return 0;
error:
tls_h_mod_destroy_f();
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:3d80bc81: tls: basic OpenSSL 3 support of provider keys (replaces ENGINE)
Module: kamailio Branch: 5.8 Commit: 3d80bc811c75eb0cbcf0f4aee8929a5082b4de6a URL: https://github.com/kamailio/kamailio/commit/3d80bc811c75eb0cbcf0f4aee8929a5082b4de6a Author: S-P Chan Committer: S-P Chan Date: 2024-03-03T14:38:56+08:00 tls: basic OpenSSL 3 support of provider keys (replaces ENGINE) - initial support for v3 provider keys (replaces ENGINE from v1.1.1) - can be disabled behind build flag -DOPENSSL_NO_PROVIDER - provider keys start with /uri: e.g private_key = /uri:pkcs11:token=NSS%20Certificate%20DB;type=private;object=Fork-Test-c67cc0e0 - global config: provider_quirks: 0 | 1 - 0 - default - 1 - create a new OSS_LIB_CTX* in the child This integration does not load any providers itself and depends on the usual export OPENSSL_CONF=my-openssl.cnf to configure providers. (cherry picked from commit 69883dd381368ca219cc52140e71d571775f95d5) --- Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/3d80bc811c75eb0cbcf0f4aee8929a5082b4de6a.diff Patch: https://github.com/kamailio/kamailio/commit/3d80bc811c75eb0cbcf0f4aee8929a5082b4de6a.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:69883dd3: tls: basic OpenSSL 3 support of provider keys (replaces ENGINE)
Module: kamailio Branch: master Commit: 69883dd381368ca219cc52140e71d571775f95d5 URL: https://github.com/kamailio/kamailio/commit/69883dd381368ca219cc52140e71d571775f95d5 Author: S-P Chan Committer: S-P Chan Date: 2024-03-03T14:34:47+08:00 tls: basic OpenSSL 3 support of provider keys (replaces ENGINE) - initial support for v3 provider keys (replaces ENGINE from 1.1.1) - can be disabled behind build flag -DOPENSSL_NO_PROVIDER - provider keys start with /uri: e.g private_key = /uri:pkcs11:token=NSS%20Certificate%20DB;type=private;object=Fork-Test-c67cc0e0 - global config: provider_quirks: 0 | 1 - 0 - default - 1 - create a new OSS_LIB_CTX* in the child This integration does not load any providers itself and depends on the usual export OPENSSL_CONF=my-openssl.cnf to configure providers. --- Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/69883dd381368ca219cc52140e71d571775f95d5.diff Patch: https://github.com/kamailio/kamailio/commit/69883dd381368ca219cc52140e71d571775f95d5.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:6ee44373: tls: remove unused ENGINE define
Module: kamailio Branch: 5.8 Commit: 6ee443731a23032fce9a32ce9609ae5b7c6bd171 URL: https://github.com/kamailio/kamailio/commit/6ee443731a23032fce9a32ce9609ae5b7c6bd171 Author: S-P Chan Committer: S-P Chan Date: 2024-03-02T21:42:51+08:00 tls: remove unused ENGINE define (cherry-picked from commit 73e7123c2dd19b82db167ceee93444e43f70f446) --- Modified: src/modules/tls/tls_server.c --- Diff: https://github.com/kamailio/kamailio/commit/6ee443731a23032fce9a32ce9609ae5b7c6bd171.diff Patch: https://github.com/kamailio/kamailio/commit/6ee443731a23032fce9a32ce9609ae5b7c6bd171.patch --- diff --git a/src/modules/tls/tls_server.c b/src/modules/tls/tls_server.c index 3e22ec42712..3bfea131cf2 100644 --- a/src/modules/tls/tls_server.c +++ b/src/modules/tls/tls_server.c @@ -128,11 +128,6 @@ int tls_run_event_routes(struct tcp_connection *c); #endif /* __SUNPRO_c */ #endif /* TLS_RD_DEBUG */ -/* only OpenSSL <= 1.1.1 */ -#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_NUMBER < 0x03000L -#define KSR_SSL_ENGINE -#endif - extern str sr_tls_xavp_cfg; static str _ksr_tls_connect_server_id = STR_NULL; ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:73e7123c: tls: remove unused ENGINE define
Module: kamailio Branch: master Commit: 73e7123c2dd19b82db167ceee93444e43f70f446 URL: https://github.com/kamailio/kamailio/commit/73e7123c2dd19b82db167ceee93444e43f70f446 Author: S-P Chan Committer: S-P Chan Date: 2024-03-02T21:41:11+08:00 tls: remove unused ENGINE define --- Modified: src/modules/tls/tls_server.c --- Diff: https://github.com/kamailio/kamailio/commit/73e7123c2dd19b82db167ceee93444e43f70f446.diff Patch: https://github.com/kamailio/kamailio/commit/73e7123c2dd19b82db167ceee93444e43f70f446.patch --- diff --git a/src/modules/tls/tls_server.c b/src/modules/tls/tls_server.c index 3e22ec42712..3bfea131cf2 100644 --- a/src/modules/tls/tls_server.c +++ b/src/modules/tls/tls_server.c @@ -128,11 +128,6 @@ int tls_run_event_routes(struct tcp_connection *c); #endif /* __SUNPRO_c */ #endif /* TLS_RD_DEBUG */ -/* only OpenSSL <= 1.1.1 */ -#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_NUMBER < 0x03000L -#define KSR_SSL_ENGINE -#endif - extern str sr_tls_xavp_cfg; static str _ksr_tls_connect_server_id = STR_NULL; ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:9d42e4aa: tls: clean-up of ENGINE
Module: kamailio Branch: 5.8 Commit: 9d42e4aacab4a7bf18192701cd66cba95c2c98dd URL: https://github.com/kamailio/kamailio/commit/9d42e4aacab4a7bf18192701cd66cba95c2c98dd Author: S-P Chan Committer: S-P Chan Date: 2024-03-02T08:47:48+08:00 tls: clean-up of ENGINE - remove tls_map.* - not needed anymore - install an ENGINE in each worker SSL_CTX no need to replicate to all processes Cherry-pick from 5933893b91 --- Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_server.c Removed: src/modules/tls/tls_map.c Removed: src/modules/tls/tls_map.h --- Diff: https://github.com/kamailio/kamailio/commit/9d42e4aacab4a7bf18192701cd66cba95c2c98dd.diff Patch: https://github.com/kamailio/kamailio/commit/9d42e4aacab4a7bf18192701cd66cba95c2c98dd.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:5933893b: tls: clean-up of ENGINE
Module: kamailio Branch: master Commit: 5933893b919bccdc1c35e7bb0505e3a49d72c403 URL: https://github.com/kamailio/kamailio/commit/5933893b919bccdc1c35e7bb0505e3a49d72c403 Author: S-P Chan Committer: S-P Chan Date: 2024-03-02T08:46:39+08:00 tls: clean-up of ENGINE - remove tls_map.* - not needed anymore - install an ENGINE in each worker SSL_CTX no need to replicate to all processes --- Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_server.c Removed: src/modules/tls/tls_map.c Removed: src/modules/tls/tls_map.h --- Diff: https://github.com/kamailio/kamailio/commit/5933893b919bccdc1c35e7bb0505e3a49d72c403.diff Patch: https://github.com/kamailio/kamailio/commit/5933893b919bccdc1c35e7bb0505e3a49d72c403.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:0ddbd961: tls: make explicit ENGINE deprecation in OpenSSL 3
Module: kamailio Branch: 5.8 Commit: 0ddbd961e91abf3e967285d80cc1c6f8d2aa5cf9 URL: https://github.com/kamailio/kamailio/commit/0ddbd961e91abf3e967285d80cc1c6f8d2aa5cf9 Author: S-P Chan Committer: S-P Chan Date: 2024-03-01T08:08:09+08:00 tls: make explicit ENGINE deprecation in OpenSSL 3 Cherry-pick from 0c68a5511e --- Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_server.c --- Diff: https://github.com/kamailio/kamailio/commit/0ddbd961e91abf3e967285d80cc1c6f8d2aa5cf9.diff Patch: https://github.com/kamailio/kamailio/commit/0ddbd961e91abf3e967285d80cc1c6f8d2aa5cf9.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:0c68a551: tls: make explicit ENGINE deprecation in OpenSSL 3
Module: kamailio Branch: master Commit: 0c68a5511e83e4367954172e3050fe997e47e9c8 URL: https://github.com/kamailio/kamailio/commit/0c68a5511e83e4367954172e3050fe997e47e9c8 Author: S-P Chan Committer: S-P Chan Date: 2024-03-01T08:06:13+08:00 tls: make explicit ENGINE deprecation in OpenSSL 3 --- Modified: src/modules/tls/tls_domain.c Modified: src/modules/tls/tls_mod.c Modified: src/modules/tls/tls_server.c --- Diff: https://github.com/kamailio/kamailio/commit/0c68a5511e83e4367954172e3050fe997e47e9c8.diff Patch: https://github.com/kamailio/kamailio/commit/0c68a5511e83e4367954172e3050fe997e47e9c8.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:f53c6b49: tls: fix OpenSSL 1.1.1 engine keys
Module: kamailio
Branch: 5.8
Commit: f53c6b49e158203ba0783ec6a6fbadd76c5fdde9
URL:
https://github.com/kamailio/kamailio/commit/f53c6b49e158203ba0783ec6a6fbadd76c5fdde9
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-29T19:02:03+08:00
tls: fix OpenSSL 1.1.1 engine keys
Cherry-pick from e535cc5eb2
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/f53c6b49e158203ba0783ec6a6fbadd76c5fdde9.diff
Patch:
https://github.com/kamailio/kamailio/commit/f53c6b49e158203ba0783ec6a6fbadd76c5fdde9.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 550a1bcc2b5..322be20bd8e 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -728,6 +728,7 @@ static int tls_engine_init()
* We are in the child process and the global engine linked-list
* is initialized in the parent.
*/
+ ENGINE_load_builtin_engines();
e = ENGINE_by_id("dynamic");
if(!e) {
err = "Error loading dynamic engine";
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:e535cc5e: tls: fix OpenSSL 1.1.1 engine keys
Module: kamailio
Branch: master
Commit: e535cc5eb2d81a67d00931bb53328953ec8ef492
URL:
https://github.com/kamailio/kamailio/commit/e535cc5eb2d81a67d00931bb53328953ec8ef492
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-29T19:01:14+08:00
tls: fix OpenSSL 1.1.1 engine keys
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/e535cc5eb2d81a67d00931bb53328953ec8ef492.diff
Patch:
https://github.com/kamailio/kamailio/commit/e535cc5eb2d81a67d00931bb53328953ec8ef492.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 550a1bcc2b5..322be20bd8e 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -728,6 +728,7 @@ static int tls_engine_init()
* We are in the child process and the global engine linked-list
* is initialized in the parent.
*/
+ ENGINE_load_builtin_engines();
e = ENGINE_by_id("dynamic");
if(!e) {
err = "Error loading dynamic engine";
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:e66915b9: tls: fix OpenSSL 1.1.1 engine keys
Module: kamailio
Branch: 5.7
Commit: e66915b95fda66ab9d2981854894707813e331ee
URL:
https://github.com/kamailio/kamailio/commit/e66915b95fda66ab9d2981854894707813e331ee
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-29T19:05:57+08:00
tls: fix OpenSSL 1.1.1 engine keys
Cherry-pick from e535cc5eb2
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/e66915b95fda66ab9d2981854894707813e331ee.diff
Patch:
https://github.com/kamailio/kamailio/commit/e66915b95fda66ab9d2981854894707813e331ee.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 664e35f7c33..85a1fc4cd9e 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -728,6 +728,7 @@ static int tls_engine_init()
* We are in the child process and the global engine linked-list
* is initialized in the parent.
*/
+ ENGINE_load_builtin_engines();
e = ENGINE_by_id("dynamic");
if(!e) {
err = "Error loading dynamic engine";
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:1d9ea67e: http_async_client: libssl refactor thread executors for curl
Module: kamailio
Branch: 5.7
Commit: 1d9ea67eb29b4fd45c00a00581e7b73a9b42c8ce
URL:
https://github.com/kamailio/kamailio/commit/1d9ea67eb29b4fd45c00a00581e7b73a9b42c8ce
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T12:40:11+08:00
http_async_client: libssl refactor thread executors for curl
Cherry-pick from 6a0c86bba8
---
Modified: src/modules/http_async_client/http_async_client_mod.c
Modified: src/modules/http_async_client/http_multi.c
---
Diff:
https://github.com/kamailio/kamailio/commit/1d9ea67eb29b4fd45c00a00581e7b73a9b42c8ce.diff
Patch:
https://github.com/kamailio/kamailio/commit/1d9ea67eb29b4fd45c00a00581e7b73a9b42c8ce.patch
---
diff --git a/src/modules/http_async_client/http_async_client_mod.c
b/src/modules/http_async_client/http_async_client_mod.c
index e9f6cb0d26b..4b984d3efdc 100644
--- a/src/modules/http_async_client/http_async_client_mod.c
+++ b/src/modules/http_async_client/http_async_client_mod.c
@@ -50,6 +50,9 @@
#include "../../core/cfg/cfg_struct.h"
#include "../../core/fmsg.h"
#include "../../core/kemi.h"
+#define KSR_RTHREAD_NEED_V
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "../../modules/tm/tm_load.h"
#include "../../modules/pv/pv_api.h"
@@ -285,7 +288,7 @@ static int mod_init(void)
return -1;
}
- set_curl_mem_callbacks();
+ run_threadV((_thread_protoV)&set_curl_mem_callbacks);
/* init faked sip msg */
if(faked_msg_init() < 0) {
diff --git a/src/modules/http_async_client/http_multi.c
b/src/modules/http_async_client/http_multi.c
index a0ee1c877cf..a57aba9c951 100644
--- a/src/modules/http_async_client/http_multi.c
+++ b/src/modules/http_async_client/http_multi.c
@@ -32,9 +32,6 @@
#include "../../core/mem/mem.h"
#include "../../core/ut.h"
#include "../../core/hashes.h"
-#define KSR_RTHREAD_NEED_4L
-#define KSR_RTHREAD_SKIP_P
-#include "../../core/rthreads.h"
#include "http_multi.h"
extern int hash_size;
@@ -392,8 +389,7 @@ void set_curl_mem_callbacks(void)
break;
case 1:
LM_DBG("Initilizing cURL with sys malloc\n");
- rc = run_thread4L(
- (_thread_proto4L)curl_global_init,
CURL_GLOBAL_ALL);
+ rc = curl_global_init(CURL_GLOBAL_ALL);
if(rc != 0) {
LM_ERR("Cannot initialize cURL: %d\n", rc);
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:bc4c2069: http_async_client: libssl refactor thread executors for curl
Module: kamailio
Branch: 5.8
Commit: bc4c206999094ed74e77c73f5537e857111d0a30
URL:
https://github.com/kamailio/kamailio/commit/bc4c206999094ed74e77c73f5537e857111d0a30
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T12:39:52+08:00
http_async_client: libssl refactor thread executors for curl
Cherry-pick from 6a0c86bba8
---
Modified: src/modules/http_async_client/http_async_client_mod.c
Modified: src/modules/http_async_client/http_multi.c
---
Diff:
https://github.com/kamailio/kamailio/commit/bc4c206999094ed74e77c73f5537e857111d0a30.diff
Patch:
https://github.com/kamailio/kamailio/commit/bc4c206999094ed74e77c73f5537e857111d0a30.patch
---
diff --git a/src/modules/http_async_client/http_async_client_mod.c
b/src/modules/http_async_client/http_async_client_mod.c
index 983a9e387f1..97a5c5dd420 100644
--- a/src/modules/http_async_client/http_async_client_mod.c
+++ b/src/modules/http_async_client/http_async_client_mod.c
@@ -50,6 +50,9 @@
#include "../../core/cfg/cfg_struct.h"
#include "../../core/fmsg.h"
#include "../../core/kemi.h"
+#define KSR_RTHREAD_NEED_V
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "../../modules/tm/tm_load.h"
#include "../../modules/pv/pv_api.h"
@@ -285,7 +288,7 @@ static int mod_init(void)
return -1;
}
- set_curl_mem_callbacks();
+ run_threadV((_thread_protoV)&set_curl_mem_callbacks);
/* init faked sip msg */
if(faked_msg_init() < 0) {
diff --git a/src/modules/http_async_client/http_multi.c
b/src/modules/http_async_client/http_multi.c
index a0ee1c877cf..a57aba9c951 100644
--- a/src/modules/http_async_client/http_multi.c
+++ b/src/modules/http_async_client/http_multi.c
@@ -32,9 +32,6 @@
#include "../../core/mem/mem.h"
#include "../../core/ut.h"
#include "../../core/hashes.h"
-#define KSR_RTHREAD_NEED_4L
-#define KSR_RTHREAD_SKIP_P
-#include "../../core/rthreads.h"
#include "http_multi.h"
extern int hash_size;
@@ -392,8 +389,7 @@ void set_curl_mem_callbacks(void)
break;
case 1:
LM_DBG("Initilizing cURL with sys malloc\n");
- rc = run_thread4L(
- (_thread_proto4L)curl_global_init,
CURL_GLOBAL_ALL);
+ rc = curl_global_init(CURL_GLOBAL_ALL);
if(rc != 0) {
LM_ERR("Cannot initialize cURL: %d\n", rc);
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:6a0c86bb: http_async_client: libssl refactor thread executors for curl
Module: kamailio
Branch: master
Commit: 6a0c86bba8ff1200b8fe9197f2a76688a9948808
URL:
https://github.com/kamailio/kamailio/commit/6a0c86bba8ff1200b8fe9197f2a76688a9948808
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T12:38:09+08:00
http_async_client: libssl refactor thread executors for curl
---
Modified: src/modules/http_async_client/http_async_client_mod.c
Modified: src/modules/http_async_client/http_multi.c
---
Diff:
https://github.com/kamailio/kamailio/commit/6a0c86bba8ff1200b8fe9197f2a76688a9948808.diff
Patch:
https://github.com/kamailio/kamailio/commit/6a0c86bba8ff1200b8fe9197f2a76688a9948808.patch
---
diff --git a/src/modules/http_async_client/http_async_client_mod.c
b/src/modules/http_async_client/http_async_client_mod.c
index 983a9e387f1..97a5c5dd420 100644
--- a/src/modules/http_async_client/http_async_client_mod.c
+++ b/src/modules/http_async_client/http_async_client_mod.c
@@ -50,6 +50,9 @@
#include "../../core/cfg/cfg_struct.h"
#include "../../core/fmsg.h"
#include "../../core/kemi.h"
+#define KSR_RTHREAD_NEED_V
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "../../modules/tm/tm_load.h"
#include "../../modules/pv/pv_api.h"
@@ -285,7 +288,7 @@ static int mod_init(void)
return -1;
}
- set_curl_mem_callbacks();
+ run_threadV((_thread_protoV)&set_curl_mem_callbacks);
/* init faked sip msg */
if(faked_msg_init() < 0) {
diff --git a/src/modules/http_async_client/http_multi.c
b/src/modules/http_async_client/http_multi.c
index a0ee1c877cf..a57aba9c951 100644
--- a/src/modules/http_async_client/http_multi.c
+++ b/src/modules/http_async_client/http_multi.c
@@ -32,9 +32,6 @@
#include "../../core/mem/mem.h"
#include "../../core/ut.h"
#include "../../core/hashes.h"
-#define KSR_RTHREAD_NEED_4L
-#define KSR_RTHREAD_SKIP_P
-#include "../../core/rthreads.h"
#include "http_multi.h"
extern int hash_size;
@@ -392,8 +389,7 @@ void set_curl_mem_callbacks(void)
break;
case 1:
LM_DBG("Initilizing cURL with sys malloc\n");
- rc = run_thread4L(
- (_thread_proto4L)curl_global_init,
CURL_GLOBAL_ALL);
+ rc = curl_global_init(CURL_GLOBAL_ALL);
if(rc != 0) {
LM_ERR("Cannot initialize cURL: %d\n", rc);
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:8098136c: xcap_client: libssl thread executor for curl_global_init()
Module: kamailio
Branch: 5.7
Commit: 8098136ccbe2050b499d3d962c44d58203afc370
URL:
https://github.com/kamailio/kamailio/commit/8098136ccbe2050b499d3d962c44d58203afc370
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:11:36+08:00
xcap_client: libssl thread executor for curl_global_init()
Cherry-pick from f5164b39c8
---
Modified: src/modules/xcap_client/xcap_client.c
---
Diff:
https://github.com/kamailio/kamailio/commit/8098136ccbe2050b499d3d962c44d58203afc370.diff
Patch:
https://github.com/kamailio/kamailio/commit/8098136ccbe2050b499d3d962c44d58203afc370.patch
---
diff --git a/src/modules/xcap_client/xcap_client.c
b/src/modules/xcap_client/xcap_client.c
index ac77228bfde..4de2d367b63 100644
--- a/src/modules/xcap_client/xcap_client.c
+++ b/src/modules/xcap_client/xcap_client.c
@@ -41,6 +41,9 @@
#include "../../core/mem/shm_mem.h"
#include "../../core/rpc.h"
#include "../../core/rpc_lookup.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "../presence/utils_func.h"
#include "xcap_functions.h"
#include "xcap_client.h"
@@ -140,7 +143,7 @@ static int mod_init(void)
xcap_dbf.close(xcap_db);
xcap_db = NULL;
- curl_global_init(CURL_GLOBAL_ALL);
+ run_thread4L((_thread_proto4L)curl_global_init, CURL_GLOBAL_ALL);
if(periodical_query) {
register_timer(query_xcap_update, 0, query_period);
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:d9285fc7: http_client: libssl thread executor for curl_global_init()
Module: kamailio
Branch: 5.7
Commit: d9285fc741c2a3c3995e037c23393df108e94bf1
URL:
https://github.com/kamailio/kamailio/commit/d9285fc741c2a3c3995e037c23393df108e94bf1
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:11:33+08:00
http_client: libssl thread executor for curl_global_init()
Cherry-pick from f58225950c
---
Modified: src/modules/http_client/http_client.c
---
Diff:
https://github.com/kamailio/kamailio/commit/d9285fc741c2a3c3995e037c23393df108e94bf1.diff
Patch:
https://github.com/kamailio/kamailio/commit/d9285fc741c2a3c3995e037c23393df108e94bf1.patch
---
diff --git a/src/modules/http_client/http_client.c
b/src/modules/http_client/http_client.c
index 430933e23d2..3cf662820f5 100644
--- a/src/modules/http_client/http_client.c
+++ b/src/modules/http_client/http_client.c
@@ -64,6 +64,9 @@
#include "../../core/lvalue.h"
#include "../../core/pt.h" /* Process table */
#include "../../core/kemi.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "functions.h"
#include "curlcon.h"
@@ -278,7 +281,7 @@ static int mod_init(void)
LM_DBG("init curl module\n");
/* Initialize curl */
- if(curl_global_init(CURL_GLOBAL_ALL)) {
+ if(run_thread4L((_thread_proto4L)&curl_global_init, CURL_GLOBAL_ALL)) {
LM_ERR("curl_global_init failed\n");
return -1;
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:d01b6e22: http_async_client: libssl thread executor for curl_global_init()
Module: kamailio
Branch: 5.7
Commit: d01b6e22e083c6fab457f8fbe1c8ac2526a37d30
URL:
https://github.com/kamailio/kamailio/commit/d01b6e22e083c6fab457f8fbe1c8ac2526a37d30
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:11:23+08:00
http_async_client: libssl thread executor for curl_global_init()
Cherry-pick from 514635dc3e
---
Modified: src/modules/http_async_client/http_multi.c
---
Diff:
https://github.com/kamailio/kamailio/commit/d01b6e22e083c6fab457f8fbe1c8ac2526a37d30.diff
Patch:
https://github.com/kamailio/kamailio/commit/d01b6e22e083c6fab457f8fbe1c8ac2526a37d30.patch
---
diff --git a/src/modules/http_async_client/http_multi.c
b/src/modules/http_async_client/http_multi.c
index a57aba9c951..a0ee1c877cf 100644
--- a/src/modules/http_async_client/http_multi.c
+++ b/src/modules/http_async_client/http_multi.c
@@ -32,6 +32,9 @@
#include "../../core/mem/mem.h"
#include "../../core/ut.h"
#include "../../core/hashes.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "http_multi.h"
extern int hash_size;
@@ -389,7 +392,8 @@ void set_curl_mem_callbacks(void)
break;
case 1:
LM_DBG("Initilizing cURL with sys malloc\n");
- rc = curl_global_init(CURL_GLOBAL_ALL);
+ rc = run_thread4L(
+ (_thread_proto4L)curl_global_init,
CURL_GLOBAL_ALL);
if(rc != 0) {
LM_ERR("Cannot initialize cURL: %d\n", rc);
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:f850f4ee: Revert ed9d7bc58b - split into per module commits
Module: kamailio
Branch: 5.7
Commit: f850f4eef66b6461bb93ede9bf67b52458e18856
URL:
https://github.com/kamailio/kamailio/commit/f850f4eef66b6461bb93ede9bf67b52458e18856
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:07:27+08:00
Revert ed9d7bc58b - split into per module commits
---
Modified: src/core/rthreads.h
Modified: src/modules/http_async_client/http_multi.c
Modified: src/modules/http_client/http_client.c
Modified: src/modules/xcap_client/xcap_client.c
---
Diff:
https://github.com/kamailio/kamailio/commit/f850f4eef66b6461bb93ede9bf67b52458e18856.diff
Patch:
https://github.com/kamailio/kamailio/commit/f850f4eef66b6461bb93ede9bf67b52458e18856.patch
---
diff --git a/src/core/rthreads.h b/src/core/rthreads.h
index 0f4f0cf8b8a..e96f45c9395 100644
--- a/src/core/rthreads.h
+++ b/src/core/rthreads.h
@@ -254,41 +254,3 @@ static int run_thread4P5I2P2(_thread_proto4P5I2P2 fn, void
*arg1, void *arg2,
#endif
}
#endif
-
-/*
- * prototype: CURLcode curl_global_init(long flags) { ... }
- */
-#ifdef KSR_RTHREAD_NEED_4L
-typedef int (*_thread_proto4L)(long);
-struct _thread_args4L
-{
- _thread_proto4L fn;
- long arg1;
- int *ret;
-};
-static void *run_thread_wrap4L(struct _thread_args4L *args)
-{
- *args->ret = (*args->fn)(args->arg1);
- return NULL;
-}
-
-static int run_thread4L(_thread_proto4L fn, long arg1)
-{
-#ifdef USE_TLS
- pthread_t tid;
- int ret;
-
- if(likely(ksr_tls_threads_mode == 0
- || (ksr_tls_threads_mode == 1 && process_no > 0))) {
- return fn(arg1);
- }
- pthread_create(&tid, NULL, (_thread_proto)run_thread_wrap4L,
- &(struct _thread_args4L){fn, arg1, &ret});
- pthread_join(tid, NULL);
-
- return ret;
-#else
- return fn(arg1)
-#endif
-}
-#endif
diff --git a/src/modules/http_async_client/http_multi.c
b/src/modules/http_async_client/http_multi.c
index a0ee1c877cf..a57aba9c951 100644
--- a/src/modules/http_async_client/http_multi.c
+++ b/src/modules/http_async_client/http_multi.c
@@ -32,9 +32,6 @@
#include "../../core/mem/mem.h"
#include "../../core/ut.h"
#include "../../core/hashes.h"
-#define KSR_RTHREAD_NEED_4L
-#define KSR_RTHREAD_SKIP_P
-#include "../../core/rthreads.h"
#include "http_multi.h"
extern int hash_size;
@@ -392,8 +389,7 @@ void set_curl_mem_callbacks(void)
break;
case 1:
LM_DBG("Initilizing cURL with sys malloc\n");
- rc = run_thread4L(
- (_thread_proto4L)curl_global_init,
CURL_GLOBAL_ALL);
+ rc = curl_global_init(CURL_GLOBAL_ALL);
if(rc != 0) {
LM_ERR("Cannot initialize cURL: %d\n", rc);
}
diff --git a/src/modules/http_client/http_client.c
b/src/modules/http_client/http_client.c
index 3cf662820f5..430933e23d2 100644
--- a/src/modules/http_client/http_client.c
+++ b/src/modules/http_client/http_client.c
@@ -64,9 +64,6 @@
#include "../../core/lvalue.h"
#include "../../core/pt.h" /* Process table */
#include "../../core/kemi.h"
-#define KSR_RTHREAD_NEED_4L
-#define KSR_RTHREAD_SKIP_P
-#include "../../core/rthreads.h"
#include "functions.h"
#include "curlcon.h"
@@ -281,7 +278,7 @@ static int mod_init(void)
LM_DBG("init curl module\n");
/* Initialize curl */
- if(run_thread4L((_thread_proto4L)&curl_global_init, CURL_GLOBAL_ALL)) {
+ if(curl_global_init(CURL_GLOBAL_ALL)) {
LM_ERR("curl_global_init failed\n");
return -1;
}
diff --git a/src/modules/xcap_client/xcap_client.c
b/src/modules/xcap_client/xcap_client.c
index 4de2d367b63..ac77228bfde 100644
--- a/src/modules/xcap_client/xcap_client.c
+++ b/src/modules/xcap_client/xcap_client.c
@@ -41,9 +41,6 @@
#include "../../core/mem/shm_mem.h"
#include "../../core/rpc.h"
#include "../../core/rpc_lookup.h"
-#define KSR_RTHREAD_NEED_4L
-#define KSR_RTHREAD_SKIP_P
-#include "../../core/rthreads.h"
#include "../presence/utils_func.h"
#include "xcap_functions.h"
#include "xcap_client.h"
@@ -143,7 +140,7 @@ static int mod_init(void)
xcap_dbf.close(xcap_db);
xcap_db = NULL;
- run_thread4L((_thread_proto4L)curl_global_init, CURL_GLOBAL_ALL);
+ curl_global_init(CURL_GLOBAL_ALL);
if(periodical_query) {
register_timer(query_xcap_update, 0, query_period);
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:0f1d78a2: core/rthreads.h: add thread executor for curl_global_init()
Module: kamailio
Branch: 5.7
Commit: 0f1d78a22aeefef7601d0cf646ec154f5e52c175
URL:
https://github.com/kamailio/kamailio/commit/0f1d78a22aeefef7601d0cf646ec154f5e52c175
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:11:08+08:00
core/rthreads.h: add thread executor for curl_global_init()
Cherry-pick from db05449932
---
Modified: src/core/rthreads.h
---
Diff:
https://github.com/kamailio/kamailio/commit/0f1d78a22aeefef7601d0cf646ec154f5e52c175.diff
Patch:
https://github.com/kamailio/kamailio/commit/0f1d78a22aeefef7601d0cf646ec154f5e52c175.patch
---
diff --git a/src/core/rthreads.h b/src/core/rthreads.h
index e96f45c9395..0f4f0cf8b8a 100644
--- a/src/core/rthreads.h
+++ b/src/core/rthreads.h
@@ -254,3 +254,41 @@ static int run_thread4P5I2P2(_thread_proto4P5I2P2 fn, void
*arg1, void *arg2,
#endif
}
#endif
+
+/*
+ * prototype: CURLcode curl_global_init(long flags) { ... }
+ */
+#ifdef KSR_RTHREAD_NEED_4L
+typedef int (*_thread_proto4L)(long);
+struct _thread_args4L
+{
+ _thread_proto4L fn;
+ long arg1;
+ int *ret;
+};
+static void *run_thread_wrap4L(struct _thread_args4L *args)
+{
+ *args->ret = (*args->fn)(args->arg1);
+ return NULL;
+}
+
+static int run_thread4L(_thread_proto4L fn, long arg1)
+{
+#ifdef USE_TLS
+ pthread_t tid;
+ int ret;
+
+ if(likely(ksr_tls_threads_mode == 0
+ || (ksr_tls_threads_mode == 1 && process_no > 0))) {
+ return fn(arg1);
+ }
+ pthread_create(&tid, NULL, (_thread_proto)run_thread_wrap4L,
+ &(struct _thread_args4L){fn, arg1, &ret});
+ pthread_join(tid, NULL);
+
+ return ret;
+#else
+ return fn(arg1)
+#endif
+}
+#endif
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:49c3290f: http_client: libssl thread executor for curl_global_init()
Module: kamailio
Branch: 5.8
Commit: 49c3290fc6eb50de0b08661c50ff42663ff3de6b
URL:
https://github.com/kamailio/kamailio/commit/49c3290fc6eb50de0b08661c50ff42663ff3de6b
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:05:40+08:00
http_client: libssl thread executor for curl_global_init()
Cherry-pick from f58225950c
---
Modified: src/modules/http_client/http_client.c
---
Diff:
https://github.com/kamailio/kamailio/commit/49c3290fc6eb50de0b08661c50ff42663ff3de6b.diff
Patch:
https://github.com/kamailio/kamailio/commit/49c3290fc6eb50de0b08661c50ff42663ff3de6b.patch
---
diff --git a/src/modules/http_client/http_client.c
b/src/modules/http_client/http_client.c
index 48844246984..ca605ec1729 100644
--- a/src/modules/http_client/http_client.c
+++ b/src/modules/http_client/http_client.c
@@ -64,6 +64,9 @@
#include "../../core/lvalue.h"
#include "../../core/pt.h" /* Process table */
#include "../../core/kemi.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "functions.h"
#include "curlcon.h"
@@ -76,8 +79,10 @@ MODULE_VERSION
#define CURL_USER_AGENT_LEN (sizeof(CURL_USER_AGENT) - 1)
/* Module parameter variables */
-unsigned int default_connection_timeout = 0; /*!< 0 = not user configured -
the default (4 seconds) will be used */
-unsigned int timeout_mode = 1; /*!< 0 = timeout disabled, 1 (default) =
timeout in seconds, 2 = timeout in ms */
+unsigned int default_connection_timeout =
+ 0; /*!< 0 = not user configured - the default (4 seconds) will
be used */
+unsigned int timeout_mode =
+ 1; /*!< 0 = timeout disabled, 1 (default) = timeout in seconds,
2 = timeout in ms */
char *default_tls_cacert =
NULL; /*!< File name: Default CA cert to use for curl TLS
connection */
str default_tls_clientcert =
@@ -280,7 +285,7 @@ static int mod_init(void)
LM_DBG("init curl module\n");
/* Initialize curl */
- if(curl_global_init(CURL_GLOBAL_ALL)) {
+ if(run_thread4L((_thread_proto4L)&curl_global_init, CURL_GLOBAL_ALL)) {
LM_ERR("curl_global_init failed\n");
return -1;
}
@@ -317,16 +322,16 @@ static int mod_init(void)
* - 1 (default) : timeout value is in seconds.
* - 2 : timeout value is in milliseconds.
*/
- if (!(timeout_mode == 1 || timeout_mode == 2)) {
- if (default_connection_timeout > 0) {
+ if(!(timeout_mode == 1 || timeout_mode == 2)) {
+ if(default_connection_timeout > 0) {
LM_WARN("configured connection_timeout is ignored "
- "because timeouts are disabled
(timeout_mode)\n");
+ "because timeouts are disabled
(timeout_mode)\n");
}
- } else if (default_connection_timeout == 0) {
+ } else if(default_connection_timeout == 0) {
LM_INFO("curl connection timeout set to zero. Using default 4
secs\n");
- if (timeout_mode == 1) { /* timeout is in seconds (default) */
+ if(timeout_mode == 1) { /* timeout is in seconds (default) */
default_connection_timeout = 4;
- } else if (timeout_mode == 2) { /* timeout is in milliseconds */
+ } else if(timeout_mode == 2) { /* timeout is in milliseconds */
default_connection_timeout = 4000;
}
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:ce17fee3: core/rthreads.h: add thread executor for curl_global_init()
Module: kamailio
Branch: 5.8
Commit: ce17fee304e9ffa5046194a0827f771742113640
URL:
https://github.com/kamailio/kamailio/commit/ce17fee304e9ffa5046194a0827f771742113640
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:04:59+08:00
core/rthreads.h: add thread executor for curl_global_init()
Cherry-pick from db05449932
---
Modified: src/core/rthreads.h
---
Diff:
https://github.com/kamailio/kamailio/commit/ce17fee304e9ffa5046194a0827f771742113640.diff
Patch:
https://github.com/kamailio/kamailio/commit/ce17fee304e9ffa5046194a0827f771742113640.patch
---
diff --git a/src/core/rthreads.h b/src/core/rthreads.h
index e96f45c9395..0f4f0cf8b8a 100644
--- a/src/core/rthreads.h
+++ b/src/core/rthreads.h
@@ -254,3 +254,41 @@ static int run_thread4P5I2P2(_thread_proto4P5I2P2 fn, void
*arg1, void *arg2,
#endif
}
#endif
+
+/*
+ * prototype: CURLcode curl_global_init(long flags) { ... }
+ */
+#ifdef KSR_RTHREAD_NEED_4L
+typedef int (*_thread_proto4L)(long);
+struct _thread_args4L
+{
+ _thread_proto4L fn;
+ long arg1;
+ int *ret;
+};
+static void *run_thread_wrap4L(struct _thread_args4L *args)
+{
+ *args->ret = (*args->fn)(args->arg1);
+ return NULL;
+}
+
+static int run_thread4L(_thread_proto4L fn, long arg1)
+{
+#ifdef USE_TLS
+ pthread_t tid;
+ int ret;
+
+ if(likely(ksr_tls_threads_mode == 0
+ || (ksr_tls_threads_mode == 1 && process_no > 0))) {
+ return fn(arg1);
+ }
+ pthread_create(&tid, NULL, (_thread_proto)run_thread_wrap4L,
+ &(struct _thread_args4L){fn, arg1, &ret});
+ pthread_join(tid, NULL);
+
+ return ret;
+#else
+ return fn(arg1)
+#endif
+}
+#endif
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:53398940: xcap_client: libssl thread executor for curl_global_init()
Module: kamailio
Branch: 5.8
Commit: 533989406d0fa1e57ff007fd8d7f702f5831dacd
URL:
https://github.com/kamailio/kamailio/commit/533989406d0fa1e57ff007fd8d7f702f5831dacd
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:05:54+08:00
xcap_client: libssl thread executor for curl_global_init()
Cherry-pick from f5164b39c8
---
Modified: src/modules/xcap_client/xcap_client.c
---
Diff:
https://github.com/kamailio/kamailio/commit/533989406d0fa1e57ff007fd8d7f702f5831dacd.diff
Patch:
https://github.com/kamailio/kamailio/commit/533989406d0fa1e57ff007fd8d7f702f5831dacd.patch
---
diff --git a/src/modules/xcap_client/xcap_client.c
b/src/modules/xcap_client/xcap_client.c
index ac77228bfde..4de2d367b63 100644
--- a/src/modules/xcap_client/xcap_client.c
+++ b/src/modules/xcap_client/xcap_client.c
@@ -41,6 +41,9 @@
#include "../../core/mem/shm_mem.h"
#include "../../core/rpc.h"
#include "../../core/rpc_lookup.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "../presence/utils_func.h"
#include "xcap_functions.h"
#include "xcap_client.h"
@@ -140,7 +143,7 @@ static int mod_init(void)
xcap_dbf.close(xcap_db);
xcap_db = NULL;
- curl_global_init(CURL_GLOBAL_ALL);
+ run_thread4L((_thread_proto4L)curl_global_init, CURL_GLOBAL_ALL);
if(periodical_query) {
register_timer(query_xcap_update, 0, query_period);
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:5d4fae5c: http_async_client: libssl thread executor for curl_global_init()
Module: kamailio
Branch: 5.8
Commit: 5d4fae5c24eb4f13d585e1af4cb1753ea5a784c5
URL:
https://github.com/kamailio/kamailio/commit/5d4fae5c24eb4f13d585e1af4cb1753ea5a784c5
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:05:20+08:00
http_async_client: libssl thread executor for curl_global_init()
Cherry-pick from 514635dc3e
---
Modified: src/modules/http_async_client/http_multi.c
---
Diff:
https://github.com/kamailio/kamailio/commit/5d4fae5c24eb4f13d585e1af4cb1753ea5a784c5.diff
Patch:
https://github.com/kamailio/kamailio/commit/5d4fae5c24eb4f13d585e1af4cb1753ea5a784c5.patch
---
diff --git a/src/modules/http_async_client/http_multi.c
b/src/modules/http_async_client/http_multi.c
index a57aba9c951..a0ee1c877cf 100644
--- a/src/modules/http_async_client/http_multi.c
+++ b/src/modules/http_async_client/http_multi.c
@@ -32,6 +32,9 @@
#include "../../core/mem/mem.h"
#include "../../core/ut.h"
#include "../../core/hashes.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "http_multi.h"
extern int hash_size;
@@ -389,7 +392,8 @@ void set_curl_mem_callbacks(void)
break;
case 1:
LM_DBG("Initilizing cURL with sys malloc\n");
- rc = curl_global_init(CURL_GLOBAL_ALL);
+ rc = run_thread4L(
+ (_thread_proto4L)curl_global_init,
CURL_GLOBAL_ALL);
if(rc != 0) {
LM_ERR("Cannot initialize cURL: %d\n", rc);
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:b1a30880: Revert ac4f1be039 - split into per module commits
Module: kamailio Branch: 5.8 Commit: b1a308801430a5561c4c13c1d4602fe5d5542cf8 URL: https://github.com/kamailio/kamailio/commit/b1a308801430a5561c4c13c1d4602fe5d5542cf8 Author: S-P Chan Committer: S-P Chan Date: 2024-02-27T05:03:10+08:00 Revert ac4f1be039 - split into per module commits --- Modified: src/core/rthreads.h Modified: src/modules/http_async_client/http_multi.c Modified: src/modules/http_client/http_client.c Modified: src/modules/xcap_client/xcap_client.c --- Diff: https://github.com/kamailio/kamailio/commit/b1a308801430a5561c4c13c1d4602fe5d5542cf8.diff Patch: https://github.com/kamailio/kamailio/commit/b1a308801430a5561c4c13c1d4602fe5d5542cf8.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:514635dc: http_async_client: libssl thread executor for curl_global_init()
Module: kamailio
Branch: master
Commit: 514635dc3e6182ff0daaebe548ed613edc2de61f
URL:
https://github.com/kamailio/kamailio/commit/514635dc3e6182ff0daaebe548ed613edc2de61f
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:01:14+08:00
http_async_client: libssl thread executor for curl_global_init()
---
Modified: src/modules/http_async_client/http_multi.c
---
Diff:
https://github.com/kamailio/kamailio/commit/514635dc3e6182ff0daaebe548ed613edc2de61f.diff
Patch:
https://github.com/kamailio/kamailio/commit/514635dc3e6182ff0daaebe548ed613edc2de61f.patch
---
diff --git a/src/modules/http_async_client/http_multi.c
b/src/modules/http_async_client/http_multi.c
index a57aba9c951..a0ee1c877cf 100644
--- a/src/modules/http_async_client/http_multi.c
+++ b/src/modules/http_async_client/http_multi.c
@@ -32,6 +32,9 @@
#include "../../core/mem/mem.h"
#include "../../core/ut.h"
#include "../../core/hashes.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "http_multi.h"
extern int hash_size;
@@ -389,7 +392,8 @@ void set_curl_mem_callbacks(void)
break;
case 1:
LM_DBG("Initilizing cURL with sys malloc\n");
- rc = curl_global_init(CURL_GLOBAL_ALL);
+ rc = run_thread4L(
+ (_thread_proto4L)curl_global_init,
CURL_GLOBAL_ALL);
if(rc != 0) {
LM_ERR("Cannot initialize cURL: %d\n", rc);
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:db054499: core/rthreads.h: add thread executor for curl_global_init()
Module: kamailio
Branch: master
Commit: db05449932b1753d4b705f88445533bbe1ed6475
URL:
https://github.com/kamailio/kamailio/commit/db05449932b1753d4b705f88445533bbe1ed6475
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:00:35+08:00
core/rthreads.h: add thread executor for curl_global_init()
---
Modified: src/core/rthreads.h
---
Diff:
https://github.com/kamailio/kamailio/commit/db05449932b1753d4b705f88445533bbe1ed6475.diff
Patch:
https://github.com/kamailio/kamailio/commit/db05449932b1753d4b705f88445533bbe1ed6475.patch
---
diff --git a/src/core/rthreads.h b/src/core/rthreads.h
index e96f45c9395..0f4f0cf8b8a 100644
--- a/src/core/rthreads.h
+++ b/src/core/rthreads.h
@@ -254,3 +254,41 @@ static int run_thread4P5I2P2(_thread_proto4P5I2P2 fn, void
*arg1, void *arg2,
#endif
}
#endif
+
+/*
+ * prototype: CURLcode curl_global_init(long flags) { ... }
+ */
+#ifdef KSR_RTHREAD_NEED_4L
+typedef int (*_thread_proto4L)(long);
+struct _thread_args4L
+{
+ _thread_proto4L fn;
+ long arg1;
+ int *ret;
+};
+static void *run_thread_wrap4L(struct _thread_args4L *args)
+{
+ *args->ret = (*args->fn)(args->arg1);
+ return NULL;
+}
+
+static int run_thread4L(_thread_proto4L fn, long arg1)
+{
+#ifdef USE_TLS
+ pthread_t tid;
+ int ret;
+
+ if(likely(ksr_tls_threads_mode == 0
+ || (ksr_tls_threads_mode == 1 && process_no > 0))) {
+ return fn(arg1);
+ }
+ pthread_create(&tid, NULL, (_thread_proto)run_thread_wrap4L,
+ &(struct _thread_args4L){fn, arg1, &ret});
+ pthread_join(tid, NULL);
+
+ return ret;
+#else
+ return fn(arg1)
+#endif
+}
+#endif
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:f5822595: http_client: libssl thread executor for curl_global_init()
Module: kamailio
Branch: master
Commit: f58225950cc2bfa63a230a3bc8460bbcbfa7738e
URL:
https://github.com/kamailio/kamailio/commit/f58225950cc2bfa63a230a3bc8460bbcbfa7738e
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:01:31+08:00
http_client: libssl thread executor for curl_global_init()
---
Modified: src/modules/http_client/http_client.c
---
Diff:
https://github.com/kamailio/kamailio/commit/f58225950cc2bfa63a230a3bc8460bbcbfa7738e.diff
Patch:
https://github.com/kamailio/kamailio/commit/f58225950cc2bfa63a230a3bc8460bbcbfa7738e.patch
---
diff --git a/src/modules/http_client/http_client.c
b/src/modules/http_client/http_client.c
index 48844246984..ca605ec1729 100644
--- a/src/modules/http_client/http_client.c
+++ b/src/modules/http_client/http_client.c
@@ -64,6 +64,9 @@
#include "../../core/lvalue.h"
#include "../../core/pt.h" /* Process table */
#include "../../core/kemi.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "functions.h"
#include "curlcon.h"
@@ -76,8 +79,10 @@ MODULE_VERSION
#define CURL_USER_AGENT_LEN (sizeof(CURL_USER_AGENT) - 1)
/* Module parameter variables */
-unsigned int default_connection_timeout = 0; /*!< 0 = not user configured -
the default (4 seconds) will be used */
-unsigned int timeout_mode = 1; /*!< 0 = timeout disabled, 1 (default) =
timeout in seconds, 2 = timeout in ms */
+unsigned int default_connection_timeout =
+ 0; /*!< 0 = not user configured - the default (4 seconds) will
be used */
+unsigned int timeout_mode =
+ 1; /*!< 0 = timeout disabled, 1 (default) = timeout in seconds,
2 = timeout in ms */
char *default_tls_cacert =
NULL; /*!< File name: Default CA cert to use for curl TLS
connection */
str default_tls_clientcert =
@@ -280,7 +285,7 @@ static int mod_init(void)
LM_DBG("init curl module\n");
/* Initialize curl */
- if(curl_global_init(CURL_GLOBAL_ALL)) {
+ if(run_thread4L((_thread_proto4L)&curl_global_init, CURL_GLOBAL_ALL)) {
LM_ERR("curl_global_init failed\n");
return -1;
}
@@ -317,16 +322,16 @@ static int mod_init(void)
* - 1 (default) : timeout value is in seconds.
* - 2 : timeout value is in milliseconds.
*/
- if (!(timeout_mode == 1 || timeout_mode == 2)) {
- if (default_connection_timeout > 0) {
+ if(!(timeout_mode == 1 || timeout_mode == 2)) {
+ if(default_connection_timeout > 0) {
LM_WARN("configured connection_timeout is ignored "
- "because timeouts are disabled
(timeout_mode)\n");
+ "because timeouts are disabled
(timeout_mode)\n");
}
- } else if (default_connection_timeout == 0) {
+ } else if(default_connection_timeout == 0) {
LM_INFO("curl connection timeout set to zero. Using default 4
secs\n");
- if (timeout_mode == 1) { /* timeout is in seconds (default) */
+ if(timeout_mode == 1) { /* timeout is in seconds (default) */
default_connection_timeout = 4;
- } else if (timeout_mode == 2) { /* timeout is in milliseconds */
+ } else if(timeout_mode == 2) { /* timeout is in milliseconds */
default_connection_timeout = 4000;
}
}
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:f5164b39: xcap_client: libssl thread executor for curl_global_init()
Module: kamailio
Branch: master
Commit: f5164b39c8b61792e9cf396cfcd0fe3ba567bb86
URL:
https://github.com/kamailio/kamailio/commit/f5164b39c8b61792e9cf396cfcd0fe3ba567bb86
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-27T05:01:45+08:00
xcap_client: libssl thread executor for curl_global_init()
---
Modified: src/modules/xcap_client/xcap_client.c
---
Diff:
https://github.com/kamailio/kamailio/commit/f5164b39c8b61792e9cf396cfcd0fe3ba567bb86.diff
Patch:
https://github.com/kamailio/kamailio/commit/f5164b39c8b61792e9cf396cfcd0fe3ba567bb86.patch
---
diff --git a/src/modules/xcap_client/xcap_client.c
b/src/modules/xcap_client/xcap_client.c
index ac77228bfde..4de2d367b63 100644
--- a/src/modules/xcap_client/xcap_client.c
+++ b/src/modules/xcap_client/xcap_client.c
@@ -41,6 +41,9 @@
#include "../../core/mem/shm_mem.h"
#include "../../core/rpc.h"
#include "../../core/rpc_lookup.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "../presence/utils_func.h"
#include "xcap_functions.h"
#include "xcap_client.h"
@@ -140,7 +143,7 @@ static int mod_init(void)
xcap_dbf.close(xcap_db);
xcap_db = NULL;
- curl_global_init(CURL_GLOBAL_ALL);
+ run_thread4L((_thread_proto4L)curl_global_init, CURL_GLOBAL_ALL);
if(periodical_query) {
register_timer(query_xcap_update, 0, query_period);
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:272a4e08: Revert 8b2573c1f7 - split into per module commits
Module: kamailio Branch: master Commit: 272a4e08be61870cd7788c8cd8dd9be29b50753f URL: https://github.com/kamailio/kamailio/commit/272a4e08be61870cd7788c8cd8dd9be29b50753f Author: S-P Chan Committer: S-P Chan Date: 2024-02-27T04:58:40+08:00 Revert 8b2573c1f7 - split into per module commits --- Modified: src/core/rthreads.h Modified: src/modules/http_async_client/http_multi.c Modified: src/modules/http_client/http_client.c Modified: src/modules/xcap_client/xcap_client.c --- Diff: https://github.com/kamailio/kamailio/commit/272a4e08be61870cd7788c8cd8dd9be29b50753f.diff Patch: https://github.com/kamailio/kamailio/commit/272a4e08be61870cd7788c8cd8dd9be29b50753f.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:ed9d7bc5: OpenSSL integration: manage curl_global_init(...) used by modules
Module: kamailio
Branch: 5.7
Commit: ed9d7bc58b1896652f2526daa524531a0945b7b3
URL:
https://github.com/kamailio/kamailio/commit/ed9d7bc58b1896652f2526daa524531a0945b7b3
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-26T10:45:02+08:00
OpenSSL integration: manage curl_global_init(...) used by modules
- http_client, http_async_client, xcap_client use libcurl
- call curl_global_init in a thread executor as it invokes
OpenSSL functions on Debian 12
- clang-format
Cherry-pick from ac4f1be039
---
Modified: src/core/rthreads.h
Modified: src/modules/http_async_client/http_multi.c
Modified: src/modules/http_client/http_client.c
Modified: src/modules/xcap_client/xcap_client.c
---
Diff:
https://github.com/kamailio/kamailio/commit/ed9d7bc58b1896652f2526daa524531a0945b7b3.diff
Patch:
https://github.com/kamailio/kamailio/commit/ed9d7bc58b1896652f2526daa524531a0945b7b3.patch
---
diff --git a/src/core/rthreads.h b/src/core/rthreads.h
index e96f45c9395..0f4f0cf8b8a 100644
--- a/src/core/rthreads.h
+++ b/src/core/rthreads.h
@@ -254,3 +254,41 @@ static int run_thread4P5I2P2(_thread_proto4P5I2P2 fn, void
*arg1, void *arg2,
#endif
}
#endif
+
+/*
+ * prototype: CURLcode curl_global_init(long flags) { ... }
+ */
+#ifdef KSR_RTHREAD_NEED_4L
+typedef int (*_thread_proto4L)(long);
+struct _thread_args4L
+{
+ _thread_proto4L fn;
+ long arg1;
+ int *ret;
+};
+static void *run_thread_wrap4L(struct _thread_args4L *args)
+{
+ *args->ret = (*args->fn)(args->arg1);
+ return NULL;
+}
+
+static int run_thread4L(_thread_proto4L fn, long arg1)
+{
+#ifdef USE_TLS
+ pthread_t tid;
+ int ret;
+
+ if(likely(ksr_tls_threads_mode == 0
+ || (ksr_tls_threads_mode == 1 && process_no > 0))) {
+ return fn(arg1);
+ }
+ pthread_create(&tid, NULL, (_thread_proto)run_thread_wrap4L,
+ &(struct _thread_args4L){fn, arg1, &ret});
+ pthread_join(tid, NULL);
+
+ return ret;
+#else
+ return fn(arg1)
+#endif
+}
+#endif
diff --git a/src/modules/http_async_client/http_multi.c
b/src/modules/http_async_client/http_multi.c
index a57aba9c951..a0ee1c877cf 100644
--- a/src/modules/http_async_client/http_multi.c
+++ b/src/modules/http_async_client/http_multi.c
@@ -32,6 +32,9 @@
#include "../../core/mem/mem.h"
#include "../../core/ut.h"
#include "../../core/hashes.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "http_multi.h"
extern int hash_size;
@@ -389,7 +392,8 @@ void set_curl_mem_callbacks(void)
break;
case 1:
LM_DBG("Initilizing cURL with sys malloc\n");
- rc = curl_global_init(CURL_GLOBAL_ALL);
+ rc = run_thread4L(
+ (_thread_proto4L)curl_global_init,
CURL_GLOBAL_ALL);
if(rc != 0) {
LM_ERR("Cannot initialize cURL: %d\n", rc);
}
diff --git a/src/modules/http_client/http_client.c
b/src/modules/http_client/http_client.c
index 430933e23d2..3cf662820f5 100644
--- a/src/modules/http_client/http_client.c
+++ b/src/modules/http_client/http_client.c
@@ -64,6 +64,9 @@
#include "../../core/lvalue.h"
#include "../../core/pt.h" /* Process table */
#include "../../core/kemi.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "functions.h"
#include "curlcon.h"
@@ -278,7 +281,7 @@ static int mod_init(void)
LM_DBG("init curl module\n");
/* Initialize curl */
- if(curl_global_init(CURL_GLOBAL_ALL)) {
+ if(run_thread4L((_thread_proto4L)&curl_global_init, CURL_GLOBAL_ALL)) {
LM_ERR("curl_global_init failed\n");
return -1;
}
diff --git a/src/modules/xcap_client/xcap_client.c
b/src/modules/xcap_client/xcap_client.c
index ac77228bfde..4de2d367b63 100644
--- a/src/modules/xcap_client/xcap_client.c
+++ b/src/modules/xcap_client/xcap_client.c
@@ -41,6 +41,9 @@
#include "../../core/mem/shm_mem.h"
#include "../../core/rpc.h"
#include "../../core/rpc_lookup.h"
+#define KSR_RTHREAD_NEED_4L
+#define KSR_RTHREAD_SKIP_P
+#include "../../core/rthreads.h"
#include "../presence/utils_func.h"
#include "xcap_functions.h"
#include "xcap_client.h"
@@ -140,7 +143,7 @@ static int mod_init(void)
xcap_dbf.close(xcap_db);
xcap_db = NULL;
- curl_global_init(CURL_GLOBAL_ALL);
+ run_thread4L((_thread_proto4L)curl_global_init, CURL_GLOBAL_ALL);
if(periodical_query) {
register_timer(query_xcap_update, 0, query_period);
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:8b2573c1: OpenSSL integration: manage curl_global_init(...) used by modules
Module: kamailio Branch: master Commit: 8b2573c1f7c5e4bed24f8c5ca09817f613641a03 URL: https://github.com/kamailio/kamailio/commit/8b2573c1f7c5e4bed24f8c5ca09817f613641a03 Author: S-P Chan Committer: S-P Chan Date: 2024-02-26T10:40:19+08:00 OpenSSL integration: manage curl_global_init(...) used by modules - http_client, http_async_client, xcap_client use libcurl - call curl_global_init in a thread executor as it invokes OpenSSL functions on Debian 12 - clang-format --- Modified: src/core/rthreads.h Modified: src/modules/http_async_client/http_multi.c Modified: src/modules/http_client/http_client.c Modified: src/modules/xcap_client/xcap_client.c --- Diff: https://github.com/kamailio/kamailio/commit/8b2573c1f7c5e4bed24f8c5ca09817f613641a03.diff Patch: https://github.com/kamailio/kamailio/commit/8b2573c1f7c5e4bed24f8c5ca09817f613641a03.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:ac4f1be0: OpenSSL integration: manage curl_global_init(...) used by modules
Module: kamailio Branch: 5.8 Commit: ac4f1be039809d68483fe39e94b0803da1661a48 URL: https://github.com/kamailio/kamailio/commit/ac4f1be039809d68483fe39e94b0803da1661a48 Author: S-P Chan Committer: S-P Chan Date: 2024-02-26T10:36:36+08:00 OpenSSL integration: manage curl_global_init(...) used by modules - http_client, http_async_client, xcap_client use libcurl - call curl_global_init in a thread executor as it invokes OpenSSL functions on Debian 12 - clang-format --- Modified: src/core/rthreads.h Modified: src/modules/http_async_client/http_multi.c Modified: src/modules/http_client/http_client.c Modified: src/modules/xcap_client/xcap_client.c --- Diff: https://github.com/kamailio/kamailio/commit/ac4f1be039809d68483fe39e94b0803da1661a48.diff Patch: https://github.com/kamailio/kamailio/commit/ac4f1be039809d68483fe39e94b0803da1661a48.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:191efd64: tls: fix OpenSSL 1.1.1 compatibility
Module: kamailio
Branch: master
Commit: 191efd6485989de64713d0644368c2f58d984f5e
URL:
https://github.com/kamailio/kamailio/commit/191efd6485989de64713d0644368c2f58d984f5e
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-25T20:43:55+08:00
tls: fix OpenSSL 1.1.1 compatibility
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/191efd6485989de64713d0644368c2f58d984f5e.diff
Patch:
https://github.com/kamailio/kamailio/commit/191efd6485989de64713d0644368c2f58d984f5e.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 136f0e2deb2..550a1bcc2b5 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -688,6 +688,14 @@ int mod_register(char *path, int *dlflags, void *p1, void
*p2)
* GH #3695: OpenSSL 1.1.1 historical note: it is no longer
* needed to replace RAND with cryptorand
*/
+#if OPENSSL_VERSION_NUMBER >= 0x1010L \
+ && OPENSSL_VERSION_NUMBER < 0x03000L
+ if(ksr_tls_threads_mode == 0) {
+ LM_WARN("OpenSSL 1.1.1 setting cryptorand random engine\n");
+ RAND_set_rand_method(RAND_ksr_cryptorand_method());
+ }
+#endif
+
sr_kemi_modules_add(sr_kemi_tls_exports);
return 0;
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:b98718c2: tls: fix OpenSSL 1.1.1 compatibility
Module: kamailio
Branch: 5.8
Commit: b98718c28f72b1372a62b17174b43c403fa6b729
URL:
https://github.com/kamailio/kamailio/commit/b98718c28f72b1372a62b17174b43c403fa6b729
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-25T20:42:14+08:00
tls: fix OpenSSL 1.1.1 compatibility
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/b98718c28f72b1372a62b17174b43c403fa6b729.diff
Patch:
https://github.com/kamailio/kamailio/commit/b98718c28f72b1372a62b17174b43c403fa6b729.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 136f0e2deb2..550a1bcc2b5 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -688,6 +688,14 @@ int mod_register(char *path, int *dlflags, void *p1, void
*p2)
* GH #3695: OpenSSL 1.1.1 historical note: it is no longer
* needed to replace RAND with cryptorand
*/
+#if OPENSSL_VERSION_NUMBER >= 0x1010L \
+ && OPENSSL_VERSION_NUMBER < 0x03000L
+ if(ksr_tls_threads_mode == 0) {
+ LM_WARN("OpenSSL 1.1.1 setting cryptorand random engine\n");
+ RAND_set_rand_method(RAND_ksr_cryptorand_method());
+ }
+#endif
+
sr_kemi_modules_add(sr_kemi_tls_exports);
return 0;
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:88e1dce9: tls: fix restore early init
Module: kamailio
Branch: 5.7
Commit: 88e1dce91b2db99bf24a01e910dc5f2d78e62e1a
URL:
https://github.com/kamailio/kamailio/commit/88e1dce91b2db99bf24a01e910dc5f2d78e62e1a
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-25T12:59:22+08:00
tls: fix restore early init
Cherry-pick from a02ca644e8
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/88e1dce91b2db99bf24a01e910dc5f2d78e62e1a.diff
Patch:
https://github.com/kamailio/kamailio/commit/88e1dce91b2db99bf24a01e910dc5f2d78e62e1a.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 6058592aa01..664e35f7c33 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -468,19 +468,13 @@ static int mod_child(int rank)
if(tls_disable || (tls_domains_cfg == 0))
return 0;
-#if OPENSSL_VERSION_NUMBER >= 0x010101000L
/*
* OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor
-* to avoid init of libssl in thread#1
+* to avoid init of libssl in thread#1: ksr_tls_threads_mode = 1
*/
- if(rank == PROC_INIT && ksr_tls_threads_mode != 0) {
- return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
- }
-#else
if(rank == PROC_INIT) {
- return mod_child_hook(&rank, NULL);
+ return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
}
-#endif /* OPENSSL_VERSION_NUMBER */
#ifndef OPENSSL_NO_ENGINE
/*
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:aa8fcf9e: tls: fix restore early init
Module: kamailio
Branch: 5.8
Commit: aa8fcf9ec76e7c4543db22de6de5ef62374c80be
URL:
https://github.com/kamailio/kamailio/commit/aa8fcf9ec76e7c4543db22de6de5ef62374c80be
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-25T12:57:19+08:00
tls: fix restore early init
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/aa8fcf9ec76e7c4543db22de6de5ef62374c80be.diff
Patch:
https://github.com/kamailio/kamailio/commit/aa8fcf9ec76e7c4543db22de6de5ef62374c80be.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 463814720b8..136f0e2deb2 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -468,19 +468,13 @@ static int mod_child(int rank)
if(tls_disable || (tls_domains_cfg == 0))
return 0;
-#if OPENSSL_VERSION_NUMBER >= 0x010101000L
/*
* OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor
- * to avoid init of libssl in thread#1
+ * to avoid init of libssl in thread#1: ksr_tls_threads_mode = 1
*/
- if(rank == PROC_INIT && ksr_tls_threads_mode != 0) {
- return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
- }
-#else
if(rank == PROC_INIT) {
- return mod_child_hook(&rank, NULL);
+ return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
}
-#endif /* OPENSSL_VERSION_NUMBER */
#ifndef OPENSSL_NO_ENGINE
/*
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:a02ca644: tls: fix restore early init
Module: kamailio
Branch: master
Commit: a02ca644e889d011dd63acbabfc5550904ff7d4d
URL:
https://github.com/kamailio/kamailio/commit/a02ca644e889d011dd63acbabfc5550904ff7d4d
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-25T12:56:19+08:00
tls: fix restore early init
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/a02ca644e889d011dd63acbabfc5550904ff7d4d.diff
Patch:
https://github.com/kamailio/kamailio/commit/a02ca644e889d011dd63acbabfc5550904ff7d4d.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 463814720b8..136f0e2deb2 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -468,19 +468,13 @@ static int mod_child(int rank)
if(tls_disable || (tls_domains_cfg == 0))
return 0;
-#if OPENSSL_VERSION_NUMBER >= 0x010101000L
/*
* OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor
- * to avoid init of libssl in thread#1
+ * to avoid init of libssl in thread#1: ksr_tls_threads_mode = 1
*/
- if(rank == PROC_INIT && ksr_tls_threads_mode != 0) {
- return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
- }
-#else
if(rank == PROC_INIT) {
- return mod_child_hook(&rank, NULL);
+ return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
}
-#endif /* OPENSSL_VERSION_NUMBER */
#ifndef OPENSSL_NO_ENGINE
/*
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:73b19da1: tls: restore early init for other modules that use TLS
Module: kamailio
Branch: 5.7
Commit: 73b19da1e0dd512f9eb77ca0606092c545e8fb99
URL:
https://github.com/kamailio/kamailio/commit/73b19da1e0dd512f9eb77ca0606092c545e8fb99
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-25T11:04:27+08:00
tls: restore early init for other modules that use TLS
Client modules (e.g. dispatcher) that require outbound TLS
may race if tls init is too late.
Restore tls init to PROC_INIT with a thread executor.
Addresses GH #3765
Cherry-pick from 706d7b7ff3
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/73b19da1e0dd512f9eb77ca0606092c545e8fb99.diff
Patch:
https://github.com/kamailio/kamailio/commit/73b19da1e0dd512f9eb77ca0606092c545e8fb99.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 0d8ea3df4c5..6058592aa01 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -42,6 +42,10 @@
#include "../../core/dprint.h"
#include "../../core/mod_fix.h"
#include "../../core/kemi.h"
+
+#define KSR_RTHREAD_SKIP_P
+#define KSR_RTHREAD_NEED_4PP
+#include "../../core/rthreads.h"
#include "tls_init.h"
#include "tls_server.h"
#include "tls_domain.h"
@@ -443,6 +447,22 @@ int tls_fix_engine_keys(tls_domains_cfg_t *, tls_domain_t
*, tls_domain_t *);
*
* EC operations do not use pthread_self(), so could use shared SSL_CTX
*/
+static int mod_child_hook(int *rank, void *dummy)
+{
+ LM_DBG("Loading SSL_CTX in process_no=%d rank=%d "
+ "ksr_tls_threads_mode=%d\n",
+ process_no, *rank, ksr_tls_threads_mode);
+ if(cfg_get(tls, tls_cfg, config_file).s) {
+ if(tls_fix_domains_cfg(*tls_domains_cfg, &srv_defaults,
&cli_defaults)
+ < 0)
+ return -1;
+ } else {
+ if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params,
&mod_params) < 0)
+ return -1;
+ }
+ return 0;
+}
+
static int mod_child(int rank)
{
if(tls_disable || (tls_domains_cfg == 0))
@@ -450,29 +470,17 @@ static int mod_child(int rank)
#if OPENSSL_VERSION_NUMBER >= 0x010101000L
/*
- * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in worker to avoid init of
- * libssl in rank 0(thread#1). Requires tls_threads_mode = 1 config.
- */
- if((rank == PROC_SIPINIT && ksr_tls_threads_mode)
- || (rank == PROC_INIT && !ksr_tls_threads_mode)) {
+* OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor
+* to avoid init of libssl in thread#1
+*/
+ if(rank == PROC_INIT && ksr_tls_threads_mode != 0) {
+ return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
+ }
#else
if(rank == PROC_INIT) {
-#endif
- LM_DBG("Loading SSL_CTX in process_no=%d rank=%d "
- "ksr_tls_threads_mode=%d\n",
- process_no, rank, ksr_tls_threads_mode);
- if(cfg_get(tls, tls_cfg, config_file).s) {
- if(tls_fix_domains_cfg(
- *tls_domains_cfg, &srv_defaults,
&cli_defaults)
- < 0)
- return -1;
- } else {
- if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params,
&mod_params)
- < 0)
- return -1;
- }
- return 0;
+ return mod_child_hook(&rank, NULL);
}
+#endif /* OPENSSL_VERSION_NUMBER */
#ifndef OPENSSL_NO_ENGINE
/*
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.8:49a9d8a4: tls: restore early init for other modules that use TLS
Module: kamailio
Branch: 5.8
Commit: 49a9d8a4fb2f8a03d478aed2a405f812d2c2c5e8
URL:
https://github.com/kamailio/kamailio/commit/49a9d8a4fb2f8a03d478aed2a405f812d2c2c5e8
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-25T10:58:33+08:00
tls: restore early init for other modules that use TLS
Client modules (e.g. dispatcher) that require outbound TLS
may race if tls init is too late.
Restore tls init to PROC_INIT with a thread executor.
Addresses GH #3765
Cherry-pick from 706d7b7ff3
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/49a9d8a4fb2f8a03d478aed2a405f812d2c2c5e8.diff
Patch:
https://github.com/kamailio/kamailio/commit/49a9d8a4fb2f8a03d478aed2a405f812d2c2c5e8.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index beaf1b7b70b..463814720b8 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -42,6 +42,10 @@
#include "../../core/dprint.h"
#include "../../core/mod_fix.h"
#include "../../core/kemi.h"
+
+#define KSR_RTHREAD_SKIP_P
+#define KSR_RTHREAD_NEED_4PP
+#include "../../core/rthreads.h"
#include "tls_init.h"
#include "tls_server.h"
#include "tls_domain.h"
@@ -443,32 +447,40 @@ int tls_fix_engine_keys(tls_domains_cfg_t *, tls_domain_t
*, tls_domain_t *);
*
* EC operations do not use pthread_self(), so could use shared SSL_CTX
*/
+static int mod_child_hook(int *rank, void *dummy)
+{
+ LM_DBG("Loading SSL_CTX in process_no=%d rank=%d "
+ "ksr_tls_threads_mode=%d\n",
+ process_no, *rank, ksr_tls_threads_mode);
+ if(cfg_get(tls, tls_cfg, config_file).s) {
+ if(tls_fix_domains_cfg(*tls_domains_cfg, &srv_defaults,
&cli_defaults)
+ < 0)
+ return -1;
+ } else {
+ if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params,
&mod_params) < 0)
+ return -1;
+ }
+ return 0;
+}
+
static int mod_child(int rank)
{
if(tls_disable || (tls_domains_cfg == 0))
return 0;
#if OPENSSL_VERSION_NUMBER >= 0x010101000L
-/*
- * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in worker to avoid init of
- * libssl in rank 0(thread#1)
+ /*
+ * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor
+ * to avoid init of libssl in thread#1
*/
-if(rank == PROC_SIPINIT) {
+ if(rank == PROC_INIT && ksr_tls_threads_mode != 0) {
+ return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
+ }
#else
-if(rank == PROC_INIT) {
-#endif
- if(cfg_get(tls, tls_cfg, config_file).s) {
- if(tls_fix_domains_cfg(
- *tls_domains_cfg, &srv_defaults,
&cli_defaults)
- < 0)
- return -1;
- } else {
- if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params,
&mod_params)
- < 0)
- return -1;
- }
- return 0;
+ if(rank == PROC_INIT) {
+ return mod_child_hook(&rank, NULL);
}
+#endif /* OPENSSL_VERSION_NUMBER */
#ifndef OPENSSL_NO_ENGINE
/*
@@ -678,7 +690,7 @@ int mod_register(char *path, int *dlflags, void *p1, void
*p2)
register_tls_hooks(&tls_h);
-/*
+ /*
* GH #3695: OpenSSL 1.1.1 historical note: it is no longer
* needed to replace RAND with cryptorand
*/
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:706d7b7f: tls: restore early init for other modules that use TLS
Module: kamailio
Branch: master
Commit: 706d7b7ff3bc2723614de328611c2100d19bf742
URL:
https://github.com/kamailio/kamailio/commit/706d7b7ff3bc2723614de328611c2100d19bf742
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-25T10:41:18+08:00
tls: restore early init for other modules that use TLS
Client modules (e.g. dispatcher) that require outbound TLS
may race if tls init is too late.
Restore tls init to PROC_INIT with a thread executor.
Addresses GH #3765
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/706d7b7ff3bc2723614de328611c2100d19bf742.diff
Patch:
https://github.com/kamailio/kamailio/commit/706d7b7ff3bc2723614de328611c2100d19bf742.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index beaf1b7b70b..463814720b8 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -42,6 +42,10 @@
#include "../../core/dprint.h"
#include "../../core/mod_fix.h"
#include "../../core/kemi.h"
+
+#define KSR_RTHREAD_SKIP_P
+#define KSR_RTHREAD_NEED_4PP
+#include "../../core/rthreads.h"
#include "tls_init.h"
#include "tls_server.h"
#include "tls_domain.h"
@@ -443,32 +447,40 @@ int tls_fix_engine_keys(tls_domains_cfg_t *, tls_domain_t
*, tls_domain_t *);
*
* EC operations do not use pthread_self(), so could use shared SSL_CTX
*/
+static int mod_child_hook(int *rank, void *dummy)
+{
+ LM_DBG("Loading SSL_CTX in process_no=%d rank=%d "
+ "ksr_tls_threads_mode=%d\n",
+ process_no, *rank, ksr_tls_threads_mode);
+ if(cfg_get(tls, tls_cfg, config_file).s) {
+ if(tls_fix_domains_cfg(*tls_domains_cfg, &srv_defaults,
&cli_defaults)
+ < 0)
+ return -1;
+ } else {
+ if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params,
&mod_params) < 0)
+ return -1;
+ }
+ return 0;
+}
+
static int mod_child(int rank)
{
if(tls_disable || (tls_domains_cfg == 0))
return 0;
#if OPENSSL_VERSION_NUMBER >= 0x010101000L
-/*
- * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in worker to avoid init of
- * libssl in rank 0(thread#1)
+ /*
+ * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor
+ * to avoid init of libssl in thread#1
*/
-if(rank == PROC_SIPINIT) {
+ if(rank == PROC_INIT && ksr_tls_threads_mode != 0) {
+ return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank,
NULL);
+ }
#else
-if(rank == PROC_INIT) {
-#endif
- if(cfg_get(tls, tls_cfg, config_file).s) {
- if(tls_fix_domains_cfg(
- *tls_domains_cfg, &srv_defaults,
&cli_defaults)
- < 0)
- return -1;
- } else {
- if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params,
&mod_params)
- < 0)
- return -1;
- }
- return 0;
+ if(rank == PROC_INIT) {
+ return mod_child_hook(&rank, NULL);
}
+#endif /* OPENSSL_VERSION_NUMBER */
#ifndef OPENSSL_NO_ENGINE
/*
@@ -678,7 +690,7 @@ int mod_register(char *path, int *dlflags, void *p1, void
*p2)
register_tls_hooks(&tls_h);
-/*
+ /*
* GH #3695: OpenSSL 1.1.1 historical note: it is no longer
* needed to replace RAND with cryptorand
*/
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:46c0db15: db_mysql: libssl thread guard for db_mysql_query (and libmysqlclient)
Module: kamailio
Branch: 5.7
Commit: 46c0db156ab12a94419324947b806176b6cc14a8
URL:
https://github.com/kamailio/kamailio/commit/46c0db156ab12a94419324947b806176b6cc14a8
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-24T23:19:04+08:00
db_mysql: libssl thread guard for db_mysql_query (and libmysqlclient)
This function is observed to call SSL_read() when compiled with
libmysqlclient.so.21 (but not libmariadb.so.3).
Apply a thread executor just in case.
Cherry-pick from 1e42364451
---
Modified: src/modules/db_mysql/km_dbase.c
---
Diff:
https://github.com/kamailio/kamailio/commit/46c0db156ab12a94419324947b806176b6cc14a8.diff
Patch:
https://github.com/kamailio/kamailio/commit/46c0db156ab12a94419324947b806176b6cc14a8.patch
---
diff --git a/src/modules/db_mysql/km_dbase.c b/src/modules/db_mysql/km_dbase.c
index 7b65c0a012c..91ace58df5b 100644
--- a/src/modules/db_mysql/km_dbase.c
+++ b/src/modules/db_mysql/km_dbase.c
@@ -41,6 +41,7 @@
#define KSR_RTHREAD_NEED_4PP
#define KSR_RTHREAD_NEED_0P
+#define KSR_RTHREAD_NEED_4P5I2P2
#include "../../core/rthreads.h"
#include "../../lib/srdb1/db_query.h"
#include "../../lib/srdb1/db_ut.h"
@@ -348,12 +349,26 @@ int db_mysql_free_result(const db1_con_t *_h, db1_res_t
*_r)
* \param _r pointer to a structure representing the result
* \return zero on success, negative value on failure
*/
+
+/*
+ * this function observed to invoke SSL_read() under libmysqlclient.so.21
+ * but not libmariadb.so.3; apply libssl guard
+ */
+static int db_mysql_query_impl(const db1_con_t *_h, const db_key_t *_k,
+ const db_op_t *_op, const db_val_t *_v, const db_key_t *_c,
+ const int _n, const int _nc, const db_key_t _o, db1_res_t **_r)
+{
+ return db_do_query(_h, _k, _op, _v, _c, _n, _nc, _o, _r,
db_mysql_val2str,
+ db_mysql_submit_query, db_mysql_store_result);
+}
+
int db_mysql_query(const db1_con_t *_h, const db_key_t *_k, const db_op_t *_op,
const db_val_t *_v, const db_key_t *_c, const int _n, const int
_nc,
const db_key_t _o, db1_res_t **_r)
{
- return db_do_query(_h, _k, _op, _v, _c, _n, _nc, _o, _r,
db_mysql_val2str,
- db_mysql_submit_query, db_mysql_store_result);
+ return run_thread4P5I2P2((_thread_proto4P5I2P2)&db_mysql_query_impl,
+ (void *)_h, (void *)_k, (void *)_op, (void *)_v, (void
*)_c, _n,
+ _nc, (void *)_o, (void *)_r);
}
/**
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:2c082bd1: db_mysql: update docs for opt_ssl_ca
Module: kamailio
Branch: 5.7
Commit: 2c082bd135203382855b297de736b22fbedee672
URL:
https://github.com/kamailio/kamailio/commit/2c082bd135203382855b297de736b22fbedee672
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-24T23:18:56+08:00
db_mysql: update docs for opt_ssl_ca
Cherry-pick from eafd93f057
---
Modified: src/modules/db_mysql/doc/db_mysql_admin.xml
---
Diff:
https://github.com/kamailio/kamailio/commit/2c082bd135203382855b297de736b22fbedee672.diff
Patch:
https://github.com/kamailio/kamailio/commit/2c082bd135203382855b297de736b22fbedee672.patch
---
diff --git a/src/modules/db_mysql/doc/db_mysql_admin.xml
b/src/modules/db_mysql/doc/db_mysql_admin.xml
index 51c9b5b728d..dceb8253eb7 100644
--- a/src/modules/db_mysql/doc/db_mysql_admin.xml
+++ b/src/modules/db_mysql/doc/db_mysql_admin.xml
@@ -211,6 +211,30 @@ modparam("db_mysql", "update_affected_found", 1)
...
modparam("db_mysql", "opt_ssl_mode", 1)
...
+
+
+
+
+ opt_ssl_ca (string)
+
+ Configures the CA certs used to verify the MySQL server cert
when
+ SSL is enabled.
+
+
+ Required when opt_ssl_mode = 4 or 5 and db_mysql is built
+ with libmysqlclient.
+
+
+
+ Default value is NULL (NULL - not configured).
+
+
+
+ Set opt_ssl_ca parameter
+
+...
+modparam("db_mysql", "opt_ssl_ca", "/etc/ssl/certs/mysql-ca.pem")
+...
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:29f848c9: db_mysql: new module param opt_ssl_ca to configure CA certs
Module: kamailio
Branch: 5.7
Commit: 29f848c9a658af33b6a9693d709edf3a340c95d0
URL:
https://github.com/kamailio/kamailio/commit/29f848c9a658af33b6a9693d709edf3a340c95d0
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-24T23:18:31+08:00
db_mysql: new module param opt_ssl_ca to configure CA certs
ERROR: db_mysql [km_my_con.c:200]: db_mysql_new_connection():
driver error: SSL connection error: CA certificate is required
if ssl-mode is VERIFY_CA or VERIFY_IDENTITY
When opt_ssl_mode = 4 | 5 libmysqlclient.so.21
requires that the trusted CAs be configured.
Fixed with:
mysql_options(ptr->con, MYSQL_OPT_SSL_CA, (void *)db_mysql_opt_ssl_ca)
Note: libmariadb.so.3 doesn't require this setting
and uses the system trust store.
Cherry-pick from ea81e6cb8b
---
Modified: src/modules/db_mysql/db_mysql.c
Modified: src/modules/db_mysql/km_my_con.c
---
Diff:
https://github.com/kamailio/kamailio/commit/29f848c9a658af33b6a9693d709edf3a340c95d0.diff
Patch:
https://github.com/kamailio/kamailio/commit/29f848c9a658af33b6a9693d709edf3a340c95d0.patch
---
diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c
index 1a698329bac..9a7aa8673b5 100644
--- a/src/modules/db_mysql/db_mysql.c
+++ b/src/modules/db_mysql/db_mysql.c
@@ -47,6 +47,7 @@ unsigned int my_server_timezone =
unsigned long my_client_ver = 0;
int db_mysql_unsigned_type = 0;
int db_mysql_opt_ssl_mode = 0;
+char *db_mysql_opt_ssl_ca = NULL;
struct mysql_counters_h mysql_cnts_h;
counter_def_t mysql_cnt_defs[] = {
@@ -100,6 +101,7 @@ static param_export_t params[] = {
{"insert_delayed", INT_PARAM, &db_mysql_insert_all_delayed},
{"update_affected_found", INT_PARAM,
&db_mysql_update_affected_found},
{"unsigned_type", PARAM_INT, &db_mysql_unsigned_type},
+ {"opt_ssl_ca", PARAM_STRING, &db_mysql_opt_ssl_ca},
{"opt_ssl_mode", PARAM_INT, &db_mysql_opt_ssl_mode}, {0, 0, 0}};
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index b4c4dca33b0..226d724f1ae 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -41,6 +41,7 @@
#include "db_mysql.h"
extern int db_mysql_opt_ssl_mode;
+extern char *db_mysql_opt_ssl_ca;
/*! \brief
* Create a new connection structure,
@@ -167,6 +168,9 @@ struct my_con *db_mysql_new_connection(const struct db_id
*id)
}
#endif /* MYSQL_VERSION_ID */
#endif /* MARIADB_BASE_VERSION */
+ if(db_mysql_opt_ssl_ca)
+ mysql_options(
+ ptr->con, MYSQL_OPT_SSL_CA, (const void
*)db_mysql_opt_ssl_ca);
#if MYSQL_VERSION_ID > 50012
/* set reconnect flag if enabled */
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:1e423644: db_mysql: libssl thread guard for db_mysql_query (and libmysqlclient)
Module: kamailio
Branch: master
Commit: 1e4236445167d837a89d54ce6bee5ef14aef568e
URL:
https://github.com/kamailio/kamailio/commit/1e4236445167d837a89d54ce6bee5ef14aef568e
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-14T19:49:10+08:00
db_mysql: libssl thread guard for db_mysql_query (and libmysqlclient)
This function is observed to call SSL_read() when compiled with
libmysqlclient.so.21 (but not libmariadb.so.3).
Apply a thread executor just in case.
---
Modified: src/modules/db_mysql/km_dbase.c
---
Diff:
https://github.com/kamailio/kamailio/commit/1e4236445167d837a89d54ce6bee5ef14aef568e.diff
Patch:
https://github.com/kamailio/kamailio/commit/1e4236445167d837a89d54ce6bee5ef14aef568e.patch
---
diff --git a/src/modules/db_mysql/km_dbase.c b/src/modules/db_mysql/km_dbase.c
index 7b65c0a012c..91ace58df5b 100644
--- a/src/modules/db_mysql/km_dbase.c
+++ b/src/modules/db_mysql/km_dbase.c
@@ -41,6 +41,7 @@
#define KSR_RTHREAD_NEED_4PP
#define KSR_RTHREAD_NEED_0P
+#define KSR_RTHREAD_NEED_4P5I2P2
#include "../../core/rthreads.h"
#include "../../lib/srdb1/db_query.h"
#include "../../lib/srdb1/db_ut.h"
@@ -348,12 +349,26 @@ int db_mysql_free_result(const db1_con_t *_h, db1_res_t
*_r)
* \param _r pointer to a structure representing the result
* \return zero on success, negative value on failure
*/
+
+/*
+ * this function observed to invoke SSL_read() under libmysqlclient.so.21
+ * but not libmariadb.so.3; apply libssl guard
+ */
+static int db_mysql_query_impl(const db1_con_t *_h, const db_key_t *_k,
+ const db_op_t *_op, const db_val_t *_v, const db_key_t *_c,
+ const int _n, const int _nc, const db_key_t _o, db1_res_t **_r)
+{
+ return db_do_query(_h, _k, _op, _v, _c, _n, _nc, _o, _r,
db_mysql_val2str,
+ db_mysql_submit_query, db_mysql_store_result);
+}
+
int db_mysql_query(const db1_con_t *_h, const db_key_t *_k, const db_op_t *_op,
const db_val_t *_v, const db_key_t *_c, const int _n, const int
_nc,
const db_key_t _o, db1_res_t **_r)
{
- return db_do_query(_h, _k, _op, _v, _c, _n, _nc, _o, _r,
db_mysql_val2str,
- db_mysql_submit_query, db_mysql_store_result);
+ return run_thread4P5I2P2((_thread_proto4P5I2P2)&db_mysql_query_impl,
+ (void *)_h, (void *)_k, (void *)_op, (void *)_v, (void
*)_c, _n,
+ _nc, (void *)_o, (void *)_r);
}
/**
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:c89fe41b: db_mysql: fix typos
Module: kamailio
Branch: master
Commit: c89fe41b1583af74cdf7e20d2357d7c90990839f
URL:
https://github.com/kamailio/kamailio/commit/c89fe41b1583af74cdf7e20d2357d7c90990839f
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-14T15:20:35+08:00
db_mysql: fix typos
The option opt_ssl_ca is a string not integer.
The comment for ea81e6cb should show the code fix as
mysql_options(ptr->con, MYSQL_OPT_SSL_CA, (void *)db_mysql_opt_ssl_ca)
---
Modified: src/modules/db_mysql/doc/db_mysql_admin.xml
---
Diff:
https://github.com/kamailio/kamailio/commit/c89fe41b1583af74cdf7e20d2357d7c90990839f.diff
Patch:
https://github.com/kamailio/kamailio/commit/c89fe41b1583af74cdf7e20d2357d7c90990839f.patch
---
diff --git a/src/modules/db_mysql/doc/db_mysql_admin.xml
b/src/modules/db_mysql/doc/db_mysql_admin.xml
index 7297f2d1b15..18c703838ce 100644
--- a/src/modules/db_mysql/doc/db_mysql_admin.xml
+++ b/src/modules/db_mysql/doc/db_mysql_admin.xml
@@ -219,7 +219,7 @@ modparam("db_mysql", "opt_ssl_mode", 1)
- opt_ssl_ca (integer)
+ opt_ssl_ca (string)
Configures the CA certs used to verify the MySQL server cert
when
SSL is enabled.
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:eafd93f0: db_mysql: update docs for opt_ssl_ca
Module: kamailio
Branch: master
Commit: eafd93f0576504ea03fe6b5e3898506072218cef
URL:
https://github.com/kamailio/kamailio/commit/eafd93f0576504ea03fe6b5e3898506072218cef
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-14T15:09:24+08:00
db_mysql: update docs for opt_ssl_ca
---
Modified: src/modules/db_mysql/doc/db_mysql_admin.xml
---
Diff:
https://github.com/kamailio/kamailio/commit/eafd93f0576504ea03fe6b5e3898506072218cef.diff
Patch:
https://github.com/kamailio/kamailio/commit/eafd93f0576504ea03fe6b5e3898506072218cef.patch
---
diff --git a/src/modules/db_mysql/doc/db_mysql_admin.xml
b/src/modules/db_mysql/doc/db_mysql_admin.xml
index f1ff53df0ed..7297f2d1b15 100644
--- a/src/modules/db_mysql/doc/db_mysql_admin.xml
+++ b/src/modules/db_mysql/doc/db_mysql_admin.xml
@@ -215,6 +215,30 @@ modparam("db_mysql", "update_affected_found", 1)
...
modparam("db_mysql", "opt_ssl_mode", 1)
...
+
+
+
+
+ opt_ssl_ca (integer)
+
+ Configures the CA certs used to verify the MySQL server cert
when
+ SSL is enabled.
+
+
+ Required when opt_ssl_mode = 4 or 5 and db_mysql is built
+ with libmysqlclient.
+
+
+
+ Default value is NULL (NULL - not configured).
+
+
+
+ Set opt_ssl_ca parameter
+
+...
+modparam("db_mysql", "opt_ssl_ca", "/etc/ssl/certs/mysql-ca.pem")
+...
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:master:ea81e6cb: db_mysql: new module param opt_ssl_ca to configure CA certs
Module: kamailio
Branch: master
Commit: ea81e6cb8b2b2d896de7a07ce191876f9f182673
URL:
https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876f9f182673
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-14T15:08:56+08:00
db_mysql: new module param opt_ssl_ca to configure CA certs
ERROR: db_mysql [km_my_con.c:200]: db_mysql_new_connection():
driver error: SSL connection error: CA certificate is required
if ssl-mode is VERIFY_CA or VERIFY_IDENTITY
When opt_ssl_mode = 4 | 5 libmysqclient
requires that the trusted CAs be configured.
Fixed with:
mysql_options(ptr->con, MYSQL_OPT_SSL_CA, (void *)db_mysql_opt_ssl_mode)
Note: libmariadb3 doesn't require this setting
and uses the system trust store.
---
Modified: src/modules/db_mysql/db_mysql.c
Modified: src/modules/db_mysql/km_my_con.c
---
Diff:
https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876f9f182673.diff
Patch:
https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876f9f182673.patch
---
diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c
index 1a698329bac..9a7aa8673b5 100644
--- a/src/modules/db_mysql/db_mysql.c
+++ b/src/modules/db_mysql/db_mysql.c
@@ -47,6 +47,7 @@ unsigned int my_server_timezone =
unsigned long my_client_ver = 0;
int db_mysql_unsigned_type = 0;
int db_mysql_opt_ssl_mode = 0;
+char *db_mysql_opt_ssl_ca = NULL;
struct mysql_counters_h mysql_cnts_h;
counter_def_t mysql_cnt_defs[] = {
@@ -100,6 +101,7 @@ static param_export_t params[] = {
{"insert_delayed", INT_PARAM, &db_mysql_insert_all_delayed},
{"update_affected_found", INT_PARAM,
&db_mysql_update_affected_found},
{"unsigned_type", PARAM_INT, &db_mysql_unsigned_type},
+ {"opt_ssl_ca", PARAM_STRING, &db_mysql_opt_ssl_ca},
{"opt_ssl_mode", PARAM_INT, &db_mysql_opt_ssl_mode}, {0, 0, 0}};
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index b4c4dca33b0..226d724f1ae 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -41,6 +41,7 @@
#include "db_mysql.h"
extern int db_mysql_opt_ssl_mode;
+extern char *db_mysql_opt_ssl_ca;
/*! \brief
* Create a new connection structure,
@@ -167,6 +168,9 @@ struct my_con *db_mysql_new_connection(const struct db_id
*id)
}
#endif /* MYSQL_VERSION_ID */
#endif /* MARIADB_BASE_VERSION */
+ if(db_mysql_opt_ssl_ca)
+ mysql_options(
+ ptr->con, MYSQL_OPT_SSL_CA, (const void
*)db_mysql_opt_ssl_ca);
#if MYSQL_VERSION_ID > 50012
/* set reconnect flag if enabled */
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:a0dfb8cb: tls: raise logging level of early messages in mod_register
Module: kamailio
Branch: 5.7
Commit: a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd
URL:
https://github.com/kamailio/kamailio/commit/a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-13T19:11:20+08:00
tls: raise logging level of early messages in mod_register
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd.diff
Patch:
https://github.com/kamailio/kamailio/commit/a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 905ca6f2411..0d8ea3df4c5 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -689,7 +689,7 @@ int mod_register(char *path, int *dlflags, void *p1, void
*p2)
#if OPENSSL_VERSION_NUMBER >= 0x1010L \
&& OPENSSL_VERSION_NUMBER < 0x03000L
if(ksr_tls_threads_mode == 0) {
- LM_DBG("setting cryptorand random engine\n");
+ LM_WARN("OpenSSL 1.1.1 setting cryptorand random engine\n");
RAND_set_rand_method(RAND_ksr_cryptorand_method());
}
#endif
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:5d7d7ea5: tls: add logging
Module: kamailio
Branch: 5.7
Commit: 5d7d7ea54c908cae333ed3cafd4a2cc93cacd4db
URL:
https://github.com/kamailio/kamailio/commit/5d7d7ea54c908cae333ed3cafd4a2cc93cacd4db
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-13T17:23:31+08:00
tls: add logging
---
Modified: src/modules/tls/tls_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/5d7d7ea54c908cae333ed3cafd4a2cc93cacd4db.diff
Patch:
https://github.com/kamailio/kamailio/commit/5d7d7ea54c908cae333ed3cafd4a2cc93cacd4db.patch
---
diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 5d3982b64d9..905ca6f2411 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -458,6 +458,9 @@ static int mod_child(int rank)
#else
if(rank == PROC_INIT) {
#endif
+ LM_DBG("Loading SSL_CTX in process_no=%d rank=%d "
+ "ksr_tls_threads_mode=%d\n",
+ process_no, rank, ksr_tls_threads_mode);
if(cfg_get(tls, tls_cfg, config_file).s) {
if(tls_fix_domains_cfg(
*tls_domains_cfg, &srv_defaults,
&cli_defaults)
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:eb7aa576: tls: restore some function calls in non-threaded mode
Module: kamailio Branch: 5.7 Commit: eb7aa57676f48f16cc66a16c511ed45ac9c8f62e URL: https://github.com/kamailio/kamailio/commit/eb7aa57676f48f16cc66a16c511ed45ac9c8f62e Author: S-P Chan Committer: S-P Chan Date: 2024-02-13T11:08:29+08:00 tls: restore some function calls in non-threaded mode In the case that tls_threads_mode = 0 we restore the earlier behaviour of 5.7.3. - OpenSSL 1.1.1: restore early call to RAND_set_rand_method - OpenSSL 3.x: restore enable locking on EVP_RAND_CTX --- Modified: src/modules/tls/tls_init.c Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/eb7aa57676f48f16cc66a16c511ed45ac9c8f62e.diff Patch: https://github.com/kamailio/kamailio/commit/eb7aa57676f48f16cc66a16c511ed45ac9c8f62e.patch ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] git:5.7:0936b6b7: db_postgres: libssl thread guard for db_postgres_close
Module: kamailio
Branch: 5.7
Commit: 0936b6b70efe2e9d05766ce925ca10e4ff4bf7be
URL:
https://github.com/kamailio/kamailio/commit/0936b6b70efe2e9d05766ce925ca10e4ff4bf7be
Author: S-P Chan
Committer: S-P Chan
Date: 2024-02-08T14:28:12+08:00
db_postgres: libssl thread guard for db_postgres_close
---
Modified: src/modules/db_postgres/km_dbase.c
---
Diff:
https://github.com/kamailio/kamailio/commit/0936b6b70efe2e9d05766ce925ca10e4ff4bf7be.diff
Patch:
https://github.com/kamailio/kamailio/commit/0936b6b70efe2e9d05766ce925ca10e4ff4bf7be.patch
---
diff --git a/src/modules/db_postgres/km_dbase.c
b/src/modules/db_postgres/km_dbase.c
index 7948ff0075f..e8dce6e09ea 100644
--- a/src/modules/db_postgres/km_dbase.c
+++ b/src/modules/db_postgres/km_dbase.c
@@ -45,6 +45,7 @@
#include "../../core/clist.h"
#define KSR_RTHREAD_NEED_PI
#define KSR_RTHREAD_NEED_4PP
+#define KSR_RTHREAD_NEED_0P
#include "../../core/rthreads.h"
#include "km_dbase.h"
#include "km_pg_con.h"
@@ -147,11 +148,16 @@ db1_con_t *db_postgres_init2(const str *_url,
db_pooling_t pooling)
* \param _h closed connection, as returned from db_postgres_init
* \note free all memory and resources
*/
-void db_postgres_close(db1_con_t *_h)
+static void db_postgres_close_impl(db1_con_t *_h)
{
db_do_close(_h, db_postgres_free_connection);
}
+void db_postgres_close(db1_con_t *_h)
+{
+ run_thread0P((_thread_proto0P)db_postgres_close_impl, _h);
+}
+
/*!
* \brief Submit_query, run a query
___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
