[asterisk-bugs] [JIRA] (ASTERISK-25043) [patch] Avoiding ERR_remove_state in OpenSSL
Alexander Traud (JIRA)
noreply at issues.asterisk.org
Mon Aug 10 03:27:32 CDT 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-25043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Traud updated ASTERISK-25043:
---------------------------------------
Description:
Since OpenSSL 1.0.0, the symbol _ERR_remove_state_ is [deprecated|https://www.openssl.org/docs/crypto/ERR_remove_state.html]. Already, some forks of OpenSSL do not ship with that symbol anymore and compiling fails (sometimes linking fails, sometimes fail at runtime).
The same with _ERR_load_SSL_strings_ which is called by {{SSL_load_error_strings}}, since OpenSSL 0.9.6 (or even earlier). _ERR_load_BIO_strings_ is called by _ERR_load_crypto_strings_ which is called by _ERR_load_SSL_strings_, again since 0.9.6 or even earlier. Consequently, these calls can be removed without any side effects.
This patch was tested with BoringSSL (2311) on Ubuntu (14.04.2 LTS):
{noformat}sudo apt-get install cmake git golang-go
cd /usr/src/
git clone https://boringssl.googlesource.com/boringssl
cd boringssl/
cmake -DBUILD_SHARED_LIBS=1 ./
make
mkdir lib
cp ./crypto/libcrypto.so ./
cp ./crypto/libcrypto.so ./lib/
cp ./ssl/libssl.so ./
cp ./ssl/libssl.so ./lib
cd /usr/src/asterisk*
make distclean
LDFLAGS='-Wl,-rpath,/usr/src/boringssl' ./configure --with-ssl='/usr/src/boringssl'
make
sudo make install{noformat}
was:
Since OpenSSL 1.0.0, the symbol _ERR_remove_state_ is [deprecated|https://www.openssl.org/docs/crypto/ERR_remove_state.html]. Already, some forks of OpenSSL do not ship with that symbol anymore and compiling fails (sometimes linking fails, sometimes fail at runtime).
The same with _ERR_load_SSL_strings_ which is called by {{SSL_load_error_strings}}, since OpenSSL 0.9.6 (or even earlier). _ERR_load_BIO_strings_ is called by _ERR_load_crypto_strings_ which is called by _ERR_load_SSL_strings_, again since 0.9.6 or even earlier. Consequently, these calls can be removed without any side effects.
This patch was tested with BoringSSL (2311) on Ubuntu (14.04.2 LTS):
{noformat}sudo apt-get install cmake git golang-go
cd /usr/src/
git clone https://boringssl.googlesource.com/boringssl
cd boringssl/
cmake -DBUILD_SHARED_LIBS=1 ./
make
mkdir lib
cp ./crypto/libcrypto.so ./
cp ./crypto/libcrypto.so ./lib/
cp ./ssl/libssl.so ./
cp ./ssl/libssl.so ./lib
cd /usr/src/asterisk*
make distclean
LDFLAGS='-Wl,-rpath /usr/src/boringssl' ./configure --with-ssl='/usr/src/boringssl'
make
sudo make install{noformat}
> [patch] Avoiding ERR_remove_state in OpenSSL
> --------------------------------------------
>
> Key: ASTERISK-25043
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25043
> Project: Asterisk
> Issue Type: Improvement
> Security Level: None
> Components: Channels/chan_sip/TCP-TLS
> Affects Versions: SVN
> Reporter: Alexander Traud
> Severity: Minor
> Target Release: 11.18.0, 13.4.0
>
> Attachments: asterisk_with_BoringSSL.patch
>
>
> Since OpenSSL 1.0.0, the symbol _ERR_remove_state_ is [deprecated|https://www.openssl.org/docs/crypto/ERR_remove_state.html]. Already, some forks of OpenSSL do not ship with that symbol anymore and compiling fails (sometimes linking fails, sometimes fail at runtime).
> The same with _ERR_load_SSL_strings_ which is called by {{SSL_load_error_strings}}, since OpenSSL 0.9.6 (or even earlier). _ERR_load_BIO_strings_ is called by _ERR_load_crypto_strings_ which is called by _ERR_load_SSL_strings_, again since 0.9.6 or even earlier. Consequently, these calls can be removed without any side effects.
> This patch was tested with BoringSSL (2311) on Ubuntu (14.04.2 LTS):
> {noformat}sudo apt-get install cmake git golang-go
> cd /usr/src/
> git clone https://boringssl.googlesource.com/boringssl
> cd boringssl/
> cmake -DBUILD_SHARED_LIBS=1 ./
> make
> mkdir lib
> cp ./crypto/libcrypto.so ./
> cp ./crypto/libcrypto.so ./lib/
> cp ./ssl/libssl.so ./
> cp ./ssl/libssl.so ./lib
> cd /usr/src/asterisk*
> make distclean
> LDFLAGS='-Wl,-rpath,/usr/src/boringssl' ./configure --with-ssl='/usr/src/boringssl'
> make
> sudo make install{noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list