ASTERISK-27880: [patch] pjproject_bundled: Repair ./configure --with-ssl=PATH.

[Home]

Summary: ASTERISK-27880: [patch] pjproject_bundled: Repair ./configure --with-ssl=PATH.

Reporter: Alexander Traud (traud) Labels: patch pjsip

Date Opened: 2018-05-29 09:25:30 Date Closed: 2018-07-18 15:20:34

Priority: Major Regression?

Status: Closed/Complete Components: Third-Party/pjproject

Versions: 13.21.0 15.4.0 Frequency of
Occurrence

Related
Issues:

Environment: Attachments: ( 0) with-ssl_pjproject.patch

Description: With the upcoming [TLS 1.3|https://tools.ietf.org/html/draft-ietf-tls-tls13] and 3DES being [disabled|https://www.openssl.org/blog/blog/2016/08/24/sweet32/] in OpenSSL 1.1.x, using a custom build OpenSSL library for SIP-over-TLS might be interesting.

This is sequel 3 of a larger fix, which started in ASTERISK-27865. Asterisk uses PJProject for many things like ICE in chan_sip and even for its own new SIP channel driver chan_pjsip. Although PJProject (can) use a lot of external libraries, Asterisk does not use _any_ of them except for OpenSSL, to enable SIP-over-TLS. Consequently, Asterisk comes with a bundled PJProject and disables _all_ its external features except OpenSSL.

However, when Asterisk is told to use a different OpenSSL than the one provided by the underlying platform, this is not told to the bundled PJProject. The attached patch fixes this.

*Steps to Reproduce* (Ubuntu 18.04 LTS)
{code}sudo apt install build-essential pkg-config libedit-dev libjansson-dev libsqlite3-dev uuid-dev libxslt1-dev
sudo apt remove libssl-dev
cd ~/Downloads
wget www.openssl.org/source/openssl-1.1.1-pre6.tar.gz
tar -zxf ./openssl-*.tar.gz
cd ./openssl-*
./config shared enable-weak-ssl-ciphers
make
mkdir ./lib
cp --verbose ./lib*.so ./lib
export SSL_HOME=$PWD
cd ~/Downloads
wget downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar -zxf ./asterisk-*.tar.gz
cd ./asterisk-*
LDFLAGS="-Wl,-rpath $SSL_HOME" ./configure --with-pjproject-bundled --enable-dev-mode=noisy --with-crypto=$SSL_HOME --with-ssl=$SSL_HOME{code}*Expected Result*
SIP-over-TLS can be used in chan_pjsip.

*Actual Result*
{{** OpenSSL libraries not found, disabling SSL support **}}
is printed by the configure script of PJProject already. SIP-over-TLS cannot be used in chan_pjsip, only in chan_sip.

*Workaround*
Install OpenSSL in the system, for example in Ubuntu via
{{sudo apt install libssl-dev}}
but do not expect any additional feature of your custom build of OpenSSL.

*Notes*
Asterisk allows the shared libraries ({{.so}}) in the root of the specified path and in a subfolder called {{lib}}. Currently (2.7.2), PJProject is expecting libraries only in that subfolder {{lib}}. Consequently as additional workaround, I had to move the libraries in the example above. To fix this, I submitted a patch to Teluu already. Currently (2.7.2), PJProject is going to print {{checking openssl/ssl.h presence... no}}. This is because Teluu puts the inclusion headers ({{-I}}) not in CPPFLAGS but CFLAGS. To avoid this warning—which is just cosmetic—I submitted a patch to Teluu already as well.

The attached patch was tested without and with OpenSSL, inside the system and outside of the system.

Comments: By: Asterisk Team (asteriskteam) 2018-05-29 09:25:31.893-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].
By: Friendly Automation (friendly-automation) 2018-07-18 15:20:35.226-0500

Change 9064 merged by George Joseph:
pjproject_bundled: Repair ./configure --with-ssl=PATH.

[https://gerrit.asterisk.org/9064|https://gerrit.asterisk.org/9064]
By: Friendly Automation (friendly-automation) 2018-07-18 15:20:48.147-0500

Change 9065 merged by George Joseph:
pjproject_bundled: Repair ./configure --with-ssl=PATH.

[https://gerrit.asterisk.org/9065|https://gerrit.asterisk.org/9065]
By: Friendly Automation (friendly-automation) 2018-07-18 15:21:00.204-0500

Change 9063 merged by George Joseph:
pjproject_bundled: Repair ./configure --with-ssl=PATH.

[https://gerrit.asterisk.org/9063|https://gerrit.asterisk.org/9063]