Summary: | ASTERISK-25043: [patch] Avoiding ERR_remove_state in OpenSSL | ||
Reporter: | Alexander Traud (traud) | Labels: | |
Date Opened: | 2015-05-01 07:54:02 | Date Closed: | 2015-05-07 14:43:29 |
Priority: | Minor | Regression? | |
Status: | Closed/Complete | Components: | Channels/chan_sip/TCP-TLS |
Versions: | SVN | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Attachments: | ( 0) asterisk_with_BoringSSL.patch | |
Description: | Since OpenSSL 1.0.0, the symbol _ERR_remove_state_ is [deprecated|https://www.openssl.org/docs/crypto/ERR_remove_state.html]. Already, some forks of OpenSSL do not ship with that symbol anymore and compiling fails (sometimes linking fails, sometimes fail at runtime).
The same with _ERR_load_SSL_strings_ which is called by {{SSL_load_error_strings}}, since OpenSSL 0.9.6 (or even earlier). _ERR_load_BIO_strings_ is called by _ERR_load_crypto_strings_ which is called by _ERR_load_SSL_strings_, again since 0.9.6 or even earlier. Consequently, these calls can be removed without any side effects. This patch was tested with BoringSSL (2311) on Ubuntu (14.04.2 LTS): {noformat}sudo apt-get install cmake git golang-go cd /usr/src/ git clone https://boringssl.googlesource.com/boringssl cd boringssl/ cmake -DBUILD_SHARED_LIBS=1 ./ make mkdir lib cp ./crypto/libcrypto.so ./ cp ./crypto/libcrypto.so ./lib/ cp ./ssl/libssl.so ./ cp ./ssl/libssl.so ./lib cd /usr/src/asterisk* make distclean LDFLAGS='-Wl,-rpath,/usr/src/boringssl' ./configure --with-ssl='/usr/src/boringssl' make sudo make install{noformat} | ||
Comments: | By: Rusty Newton (rnewton) 2015-05-03 08:40:00.120-0500 Once you've followed the Code Review process [1] and submitted your code to Gerrit [2] be sure to edit this JIRA issue and add the Gerrit review URL in the appropriate field. Thanks! [1] https://wiki.asterisk.org/wiki/display/AST/Code+Review [2] https://wiki.asterisk.org/wiki/display/AST/Gerrit+Usage |