|Summary:||net/kamailio: Crashes with TLS enabled with OpenSSL 1.1|
|Product:||Ports & Packages||Reporter:||Nathan Whitehorn <nwhitehorn>|
|Component:||Individual Port(s)||Assignee:||Kurt Jaeger <pi>|
|Severity:||Affects Some People||Keywords:||needs-qa|
Description Nathan Whitehorn 2019-04-23 17:47:02 UTC
Kamailio seg faults periodically when built against OpenSSL 1.1 (https://github.com/kamailio/kamailio/issues/1860) and TLS is enabled. To avoid this on FreeBSD 12 and up, it should probably be built against OpenSSL 1.0 from ports until the underlying bug is fixed (this is the recommendation in the GitHub bug above).
Comment 1 Nathan Whitehorn 2019-06-04 04:36:09 UTC
There is also a workaround in the Kamailio repository here that fixes at least some of the problems: https://github.com/kamailio/kamailio/tree/master/src/modules/tls/utils/openssl_mutex_shared It's not perfect, but it reduces the time between crashes from ~ 12 hours to ~ 2 weeks. Maybe this could at least be enabled by default?
Comment 2 Kurt Jaeger 2019-08-23 10:11:03 UTC
With r509639 kamilio was updated to 5.2.4, please retest, if it is fixed.
Comment 3 Nathan Whitehorn 2019-09-17 14:31:49 UTC
(In reply to Kurt Jaeger from comment #2) It seems not to be. Per the upstream bug, a full solution will wait until 5.3.0. With 5.2.4, LD_PRELOAD of their openssl_mutex_shared module fixes the problem completely, however. It would be nice if that could be included in the port.
Comment 4 Nathan Whitehorn 2020-02-18 20:33:26 UTC
This is fixed in 5.3.0.