The code is in `tls_domain.c` where `d->ctx` is an **array of SSL_CTX**
instead of a single SSL_CTX.
Each worker has a personal copy of the SSL_CTX and uses `d->ctx[process_no]` .
In theory for each domain we could use a single SSL_CTX instead of duplicating
it max_procs times, so this issue answers the question : Why is `d->ctx` an
array of the same SSL_CTX instead of a single copy of an SSL_CTX?
The roots of this go back 1.1.1 where OpenSSL removed the ability of
`CRYPTO_set_id_callback` (from 1.0.2). Then a process could generate a unique
ID and "pretend" to be a different thread.
In OpenSSL 1.1.1+ the id is reported using `pthread_self()` - while this is
unique within a process it is not unique across multiple workers.
> Do you refer to the next code block?
>
> *
> https://github.com/kamailio/kamailio/blob/master/src/modules/tls/tls_mod.c#L451-L471
>
>
> If yes, as I can see it, the `tls_fix_domains_cfg()` is executed for `rank ==
> PROC_SIPINIT` when libssl is >=1.1.x, which means it is done only for the
> first SIP worker process (with the rank 1).
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3709#issuecomment-1888131406
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3709/1888131...@github.com>
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
