Module: kamailio Branch: master Commit: 29007ada5bc9e07ede3cdbce285f04d1298c0612 URL: https://github.com/kamailio/kamailio/commit/29007ada5bc9e07ede3cdbce285f04d1298c0612
Author: S-P Chan <shihping.c...@gmail.com> Committer: S-P Chan <shihping.c...@gmail.com> Date: 2024-01-11T08:03:07+08:00 tls: historical code comment on repeating SSL_CTX per worker --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/29007ada5bc9e07ede3cdbce285f04d1298c0612.diff Patch: https://github.com/kamailio/kamailio/commit/29007ada5bc9e07ede3cdbce285f04d1298c0612.patch --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 7cad1b046e4..beaf1b7b70b 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -433,6 +433,16 @@ static int tls_engine_init(); int tls_fix_engine_keys(tls_domains_cfg_t *, tls_domain_t *, tls_domain_t *); #endif +/* + * OpenSSL 1.1.1+: SSL_CTX is repeated in each worker + * + * OpenSSL RSA blinding works in single-process multi-threaded mode + * and depends on pthread_self() to separate threads. In Kamailio multi-process workers + * pthread_self() will not necessarily be unique, this will result in incorrect BN + * operations???hence we create a separate SSL_CTX for each worker + * + * EC operations do not use pthread_self(), so could use shared SSL_CTX + */ static int mod_child(int rank) { if(tls_disable || (tls_domains_cfg == 0))
_______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
