Observation: most of these faults are in `tls_accept()` even before the `SSL *`
object is shared and used by multiple workers (in the steady state) — this is
strange as we normally associate OpenSSL “problems” with using `SSL *` in
multiple processes.
It seems to be related to (1) error handling and/or (2) handshaking with
asymmetric keys.
If anyone is in a position to try with PSK it would be an interesting data
point (not sure if kamailio's `tls.so` can be used with PSK though...).
I have reproduced similar crashes with OpenSSL 3.0.x and most of them occur
in `tls_accept()` in various places with both RSA/ECDSA keys.
For workarounds: you can try `tls_wolfssl` (disclaimer: I am the contributor of
this module) or `tlsa/OpenSSL 1.1.1`. I don't recommend `tlsa/OpenSSL 3.x.x`
as I can reproduce such crashes in that scenario. For 5.7.2/3 you would have to
build these modules yourself.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3635#issuecomment-1831111699
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3635/1831111...@github.com>
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
