### Description
On systems running libssl 1.1+, the compile flag `TLS_PTHREAD_MUTEX_SHARED` is
set to avoid an issue with deadlocks. However, if the system does not have
`pkg-config` installed, the build completes successfully without setting this
compile flag. As such, users with this particular configuration are at risk of
TLS-related deadlocks.
### Troubleshooting
This scenario arose for me when I experienced suspected TLS-related deadlocks
in Kamailio 5.4.1. Particularly, in a simple configuration, multiple UDP
workers were using t_relay to near-simultaneously connect to the same TLS host.
After some time, the UDP workers stopped responding while executing this simple
route block. I cannot definitively conclude this issue was the same deadlock
bug. The compile flag `TLS_PTHREAD_MUTEX_SHARED` was not set and `pkg-config`
was not installed.
I found [this mailing list
thread](https://lists.kamailio.org/pipermail/sr-users/2019-December/107759.html)
discussing TLS deadlocks and the build process and the user was running
Kamailio 5.3.1, libssl 1.1 but did not have `TLS_PTHREAD_MUTEX_SHARED` set.
This issue may explain how this user ended up in that situation.
#### Reproduction
Tested against Kamailio 5.4.1 and latest master.
On a system with libssl 1.1+, build (including the `tls` module) with
`pkg-config` installed and run `kamailio -I`. `TLS_PTHREAD_MUTEX_SHARED` flag
is set.
```
Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e
Default config: /usr/local/etc/kamailio/kamailio.cfg
Default paths to modules: /usr/local/lib64/kamailio/modules
Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS,
DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE,
Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX,
FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
```
Uninstall `pkg-config` and rebuild. `TLS_PTHREAD_MUTEX_SHARED` flag is not set.
```
Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e
Default config: /usr/local/etc/kamailio/kamailio.cfg
Default paths to modules: /usr/local/lib64/kamailio/modules
Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS,
DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE,
Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX,
FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLOCKLIST, HAVE_RESOLV_RES
```
When `pkg-config` is not installed, the build also outputs the following log
lines, however the build does not fail.
```
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
```
### Possible Solutions
Some thoughts about options:
1. It looks like effort has been applied in other areas to support the absence
of `pkg-config`, so potentially support libssl 1.1+ detection without
`pkg-config`.
2. Require `pkg-config` on build and fail without it.
3. Enable `TLS_PTHREAD_MUTEX_SHARED` by default as I assume most people are
running libssl 1.1+ these days, and disable it if libssl < 1.1 detected.
Personally I have installed `pkg-config` and rebuilt, however I think for the
safety of others building from source that the compile flag should be correctly
set or the build should fail.
### Operating System
```
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
Linux debian-kamailio 4.19.0-20-amd64 #1 SMP Debian 4.19.235-1 (2022-03-17)
x86_64 GNU/Linux
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3384
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3...@github.com>
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
