Bug 237503 - net/kamailio: Crashes with TLS enabled with OpenSSL 1.1
Summary: net/kamailio: Crashes with TLS enabled with OpenSSL 1.1
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kurt Jaeger
URL:
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2019-04-23 17:47 UTC by Nathan Whitehorn
Modified: 2019-09-17 14:31 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (pi)
koobs: merge-quarterly?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nathan Whitehorn freebsd_committer 2019-04-23 17:47:02 UTC
Kamailio seg faults periodically when built against OpenSSL 1.1 (https://github.com/kamailio/kamailio/issues/1860) and TLS is enabled. To avoid this on FreeBSD 12 and up, it should probably be built against OpenSSL 1.0 from ports until the underlying bug is fixed (this is the recommendation in the GitHub bug above).
Comment 1 Nathan Whitehorn freebsd_committer 2019-06-04 04:36:09 UTC
There is also a workaround in the Kamailio repository here that fixes at least some of the problems: https://github.com/kamailio/kamailio/tree/master/src/modules/tls/utils/openssl_mutex_shared

It's not perfect, but it reduces the time between crashes from ~ 12 hours to ~ 2 weeks. Maybe this could at least be enabled by default?
Comment 2 Kurt Jaeger freebsd_committer 2019-08-23 10:11:03 UTC
With r509639 kamilio was updated to 5.2.4, please retest, if it is fixed.
Comment 3 Nathan Whitehorn freebsd_committer 2019-09-17 14:31:49 UTC
(In reply to Kurt Jaeger from comment #2)

It seems not to be. Per the upstream bug, a full solution will wait until 5.3.0. With 5.2.4, LD_PRELOAD of their openssl_mutex_shared module fixes the problem completely, however. It would be nice if that could be included in the port.