Summary: | ASTERISK-27905: [patch] res_srtp: Repair ./configure --with-ssl=PATH. | ||
Reporter: | Alexander Traud (traud) | Labels: | patch |
Date Opened: | 2018-06-08 02:19:42 | Date Closed: | 2018-06-12 07:46:27 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | Resources/res_srtp |
Versions: | 13.21.0 15.4.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Attachments: | ( 0) with-ssl_srtp.patch | |
Description: | With the upcoming [TLS 1.3|https://tools.ietf.org/html/draft-ietf-tls-tls13] and 3DES being [disabled|https://www.openssl.org/blog/blog/2016/08/24/sweet32/] in OpenSSL 1.1.x, using a custom build OpenSSL library for SIP-over-TLS might be interesting.
This is sequel 4 of a larger fix, which started in ASTERISK-27865. Commit [5212020|https://github.com/asterisk/asterisk/commit/52120204c9a538e00679461ec5404d04a07e57f4] (ASTERISK-24436) introduced this issue here. Consequently, I introduced this issue myself. When a source file includes a header from an optional package (for example OpenSSL), one has to specify either A) {{xyz.o: _ASTCFLAGS+=$(OPENSSL_INCLUDE)}} in its Makefile, or B) {{<depend>openssl</depend>}} in its {{MODULEINFO}}, or C) {{<use type="external">openssl</use>}} in its {{MODULEINFO}}. The latter is for modules which can be used/built without that external library. When OpenSSL was detected by the script {{./configure}}, the build system of Asterisk adds the required include path. Without, the path of {{--with-ssl}} is not honored and those headers are searched within the system only. *Steps to Reproduce* (Ubuntu 18.04 LTS) {code}sudo apt install build-essential pkg-config libedit-dev libjansson-dev libsqlite3-dev uuid-dev libxslt1-dev sudo apt install libsrtp2-dev sudo apt remove libssl-dev cd ~/Downloads wget www.openssl.org/source/openssl-1.1.1-pre6.tar.gz tar -zxf ./openssl-*.tar.gz cd ./openssl-* ./config shared enable-weak-ssl-ciphers make export SSL_HOME=$PWD cd ~/Downloads wget downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz tar -zxf ./asterisk-*.tar.gz cd ./asterisk-* LDFLAGS="-Wl,-rpath $SSL_HOME" ./configure --enable-dev-mode=noisy --with-crypto=$SSL_HOME --with-ssl=$SSL_HOME make{code}*Expected Result* Should build without any problem. *Actual Result* {{fatal error: 'openssl/rand.h' file not found}} *Workaround* Install headers of OpenSSL in the system, for example in Ubuntu via {{sudo apt install libssl-dev}} *Notes* Thanks to the 'noisy' developer mode (see the configure option), the cause was found quite fast. | ||
Comments: | By: Asterisk Team (asteriskteam) 2018-06-08 02:19:44.224-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Friendly Automation (friendly-automation) 2018-06-12 07:46:28.351-0500 Change 9139 merged by Jenkins2: res_srtp: Repair ./configure --with-ssl=PATH. [https://gerrit.asterisk.org/9139|https://gerrit.asterisk.org/9139] By: Friendly Automation (friendly-automation) 2018-06-12 08:04:13.128-0500 Change 9138 merged by Jenkins2: res_srtp: Repair ./configure --with-ssl=PATH. [https://gerrit.asterisk.org/9138|https://gerrit.asterisk.org/9138] By: Friendly Automation (friendly-automation) 2018-06-12 08:28:52.322-0500 Change 9140 merged by Joshua Colp: res_srtp: Repair ./configure --with-ssl=PATH. [https://gerrit.asterisk.org/9140|https://gerrit.asterisk.org/9140] |