Module: kamailio Branch: 5.8 Commit: 49a9d8a4fb2f8a03d478aed2a405f812d2c2c5e8 URL: https://github.com/kamailio/kamailio/commit/49a9d8a4fb2f8a03d478aed2a405f812d2c2c5e8
Author: S-P Chan <shihping.c...@gmail.com> Committer: S-P Chan <shihping.c...@gmail.com> Date: 2024-02-25T10:58:33+08:00 tls: restore early init for other modules that use TLS Client modules (e.g. dispatcher) that require outbound TLS may race if tls init is too late. Restore tls init to PROC_INIT with a thread executor. Addresses GH #3765 Cherry-pick from 706d7b7ff3 --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/49a9d8a4fb2f8a03d478aed2a405f812d2c2c5e8.diff Patch: https://github.com/kamailio/kamailio/commit/49a9d8a4fb2f8a03d478aed2a405f812d2c2c5e8.patch --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index beaf1b7b70b..463814720b8 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -42,6 +42,10 @@ #include "../../core/dprint.h" #include "../../core/mod_fix.h" #include "../../core/kemi.h" + +#define KSR_RTHREAD_SKIP_P +#define KSR_RTHREAD_NEED_4PP +#include "../../core/rthreads.h" #include "tls_init.h" #include "tls_server.h" #include "tls_domain.h" @@ -443,32 +447,40 @@ int tls_fix_engine_keys(tls_domains_cfg_t *, tls_domain_t *, tls_domain_t *); * * EC operations do not use pthread_self(), so could use shared SSL_CTX */ +static int mod_child_hook(int *rank, void *dummy) +{ + LM_DBG("Loading SSL_CTX in process_no=%d rank=%d " + "ksr_tls_threads_mode=%d\n", + process_no, *rank, ksr_tls_threads_mode); + if(cfg_get(tls, tls_cfg, config_file).s) { + if(tls_fix_domains_cfg(*tls_domains_cfg, &srv_defaults, &cli_defaults) + < 0) + return -1; + } else { + if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params, &mod_params) < 0) + return -1; + } + return 0; +} + static int mod_child(int rank) { if(tls_disable || (tls_domains_cfg == 0)) return 0; #if OPENSSL_VERSION_NUMBER >= 0x010101000L - /* - * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in worker to avoid init of - * libssl in rank 0(thread#1) + /* + * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor + * to avoid init of libssl in thread#1 */ - if(rank == PROC_SIPINIT) { + if(rank == PROC_INIT && ksr_tls_threads_mode != 0) { + return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank, NULL); + } #else - if(rank == PROC_INIT) { -#endif - if(cfg_get(tls, tls_cfg, config_file).s) { - if(tls_fix_domains_cfg( - *tls_domains_cfg, &srv_defaults, &cli_defaults) - < 0) - return -1; - } else { - if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params, &mod_params) - < 0) - return -1; - } - return 0; + if(rank == PROC_INIT) { + return mod_child_hook(&rank, NULL); } +#endif /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ENGINE /* @@ -678,7 +690,7 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) register_tls_hooks(&tls_h); - /* + /* * GH #3695: OpenSSL 1.1.1 historical note: it is no longer * needed to replace RAND with cryptorand */ _______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
