Locking fix so that SSL_shutdown and SSL_write are not called at same time

[creslin2877]

Adds locking to prevent simultaneous execution of SSL_write and SSL_shutdown. OpenSSL documentation says that multiple threads simultaneously calling SSL_* related functions on the same SSL object is not supported.

It'd be nice if this bug fix got into 2.13.x as well.

Fix for #3575

[CLAassistant]

All committers have signed the CLA.

[creslin2877]

Any chance of this making it into a 2.13.x release?

[sauwming]

Coincidentally, we have been planning to release 2.13.1 to include the recent security fixes: https://github.com/pjsip/pjproject/security/advisories

So yes, we can include this as well (and probably #3577 too?)

[creslin2877]

That sounds good. Just to update, so far I haven't seen any crashes in this code on our 30'ish Asterisk instances it's deployed to so far (and we'd have seen a few by now), so I think it's pretty safe. This is also good, as it strongly looks like this bug was probably causing general heap/memory corruption as well, which can manifest itself as lots of weird bugs.

I didn't see any response in #3577 about not calling SSL_shutdown when reading an SSL_ERROR_SSL from an SSL_read() call (in the openssl adapter code for TLS connected SIP). Should I make a separate code review to fix that issue or is @trengginas going to take care of that?

[sauwming]

Sorry for the delay, I have merged your fix with #3577.

One more thing, I usually inform George Joseph or Joshua Colp prior to any release, so I take it you will be the one informing them?

[creslin2877]

Probably yes - deepest apologies - I actually don't work at Sangoma/Digium anymore, so it might be best to do any pre-release discussions you typically have with them without me.