[asterisk-bugs] [JIRA] (ASTERISK-27865) [patch]: tcptls: Repair ./configure --with-ssl=PATH.
Alexander Traud (JIRA)
noreply at issues.asterisk.org
Fri Jun 8 01:40:54 CDT 2018
[ https://issues.asterisk.org/jira/browse/ASTERISK-27865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Traud updated ASTERISK-27865:
---------------------------------------
Description:
This issue was caused by Commit [3b426a8|https://github.com/asterisk/asterisk/commit/3b426a8b09c127941b29600271184583f2199a19] (no issue report), which tried to fix Commit [0de74fa|https://github.com/asterisk/asterisk/commit/0de74fad5597ba12ec68bcc935330a612ee255d6] (ASTERISK-24972). However, that change broke {{./configure --with-ssl=PATH}} because {{AST_C_DEFINE_CHECK}} does not chase the PATH. Consequently, the header {{openssl/ssl.h}} must exist in the system and that header must be from OpenSSL 1.0.1 or newer.
*Steps to Reproduce* (Ubuntu 18.04 LTS)
{code}
sudo apt install build-essential pkg-config libedit-dev libjansson-dev libsqlite3-dev uuid-dev libxslt1-dev
sudo apt remove libssl-dev
cd ~/Downloads
wget www.openssl.org/source/openssl-1.1.1-pre6.tar.gz
tar -zxf ./openssl-*.tar.gz
cd ./openssl-*
./config shared
make
export SSL_HOME=$PWD
cd ~/Downloads
wget downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar -zxf ./asterisk-*.tar.gz
cd ./asterisk-*
LDFLAGS="-Wl,-rpath $SSL_HOME" ./configure --with-crypto=$SSL_HOME --with-ssl=$SSL_HOME
{code}
*Expected Result*
checking for SSL_OP_NO_TLSv1_2 in openssl/ssl.h... _yes_
*Actual Result*
checking for SSL_OP_NO_TLSv1_2 in openssl/ssl.h... _no_
The file {{config.log}} shows that the script {{./configure}} went not for the set PATH but searched the system.
*Workaround*
Install headers of OpenSSL 1.0.1 (or newer) in the system, for example in Ubuntu via
{{sudo apt install libssl-dev}}
*Notes*
The attached patch was tested with OpenSSL 1.1.0h, 1.0.2o, 1.0.1u, 1.0.0s, and 0.9.8zh. When OpenSSL was {{./config shared no-deprecated}}, more is broken: {{make}} is going to error, because
* {{CRYPTO_set_id_callback}} is deprecated since OpenSSL 1.0.0 and
* {{openssl/dh.h}} and {{openssl/rsa.h}} must be included explicitly.
When it comes to Asterisk {{./configure --with-ssl=PATH}}, more is broken: {{make}} is going to error because several source-code files include an OpenSSL header (implicitly via other Asterisk headers) but look for OpenSSL just in the system path.
I fixed both issues to confirm the patch is working. However, for those two issues, I am going to create separate reports.
was:
This issue was caused by Commit [3b426a8|https://github.com/asterisk/asterisk/commit/3b426a8b09c127941b29600271184583f2199a19] (no issue report), which tried to fix Commit [0de74fa|https://github.com/asterisk/asterisk/commit/0de74fad5597ba12ec68bcc935330a612ee255d6] (ASTERISK-24972). However, that change broke {{./configure --with-ssl=PATH}} because {{AST_C_DEFINE_CHECK}} does not chase the PATH. Consequently, the header {{openssl/ssl.h}} must exist in the system and that header must be from OpenSSL 1.0.1 or newer.
*Steps to Reproduce* (Ubuntu 18.04 LTS)
{code}
sudo apt install build-essential pkg-config libedit-dev libjansson-dev libsqlite3-dev uuid-dev libxslt1-dev
sudo apt remove libssl-dev
cd ~/Downloads
wget www.openssl.org/source/openssl-1.1.1-pre6.tar.gz
tar -zxf ./openssl-*.tar.gz
cd ./openssl-*
./config shared
make
export SSL_HOME=$PWD
cd ~/Downloads
wget downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar -zxf ./asterisk-*.tar.gz
cd ./asterisk-*
LDFLAGS="Wl,-rpath $SSL_HOME" ./configure --with-crypto=$SSL_HOME --with-ssl=$SSL_HOME
{code}
*Expected Result*
checking for SSL_OP_NO_TLSv1_2 in openssl/ssl.h... _yes_
*Actual Result*
checking for SSL_OP_NO_TLSv1_2 in openssl/ssl.h... _no_
The file {{config.log}} shows that the script {{./configure}} went not for the set PATH but searched the system.
*Workaround*
Install headers of OpenSSL 1.0.1 (or newer) in the system, for example in Ubuntu via
{{sudo apt install libssl-dev}}
*Notes*
The attached patch was tested with OpenSSL 1.1.0h, 1.0.2o, 1.0.1u, 1.0.0s, and 0.9.8zh. When OpenSSL was {{./config shared no-deprecated}}, more is broken: {{make}} is going to error, because
* {{CRYPTO_set_id_callback}} is deprecated since OpenSSL 1.0.0 and
* {{openssl/dh.h}} and {{openssl/rsa.h}} must be included explicitly.
When it comes to Asterisk {{./configure --with-ssl=PATH}}, more is broken: {{make}} is going to error because several source-code files include an OpenSSL header (implicitly via other Asterisk headers) but look for OpenSSL just in the system path.
I fixed both issues to confirm the patch is working. However, for those two issues, I am going to create separate reports.
> [patch]: tcptls: Repair ./configure --with-ssl=PATH.
> ----------------------------------------------------
>
> Key: ASTERISK-27865
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27865
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/General
> Affects Versions: 13.21.0, 15.4.0
> Reporter: Alexander Traud
> Assignee: Alexander Traud
> Labels: patch
> Attachments: OpenSSL_DEFINE.patch
>
>
> This issue was caused by Commit [3b426a8|https://github.com/asterisk/asterisk/commit/3b426a8b09c127941b29600271184583f2199a19] (no issue report), which tried to fix Commit [0de74fa|https://github.com/asterisk/asterisk/commit/0de74fad5597ba12ec68bcc935330a612ee255d6] (ASTERISK-24972). However, that change broke {{./configure --with-ssl=PATH}} because {{AST_C_DEFINE_CHECK}} does not chase the PATH. Consequently, the header {{openssl/ssl.h}} must exist in the system and that header must be from OpenSSL 1.0.1 or newer.
> *Steps to Reproduce* (Ubuntu 18.04 LTS)
> {code}
> sudo apt install build-essential pkg-config libedit-dev libjansson-dev libsqlite3-dev uuid-dev libxslt1-dev
> sudo apt remove libssl-dev
> cd ~/Downloads
> wget www.openssl.org/source/openssl-1.1.1-pre6.tar.gz
> tar -zxf ./openssl-*.tar.gz
> cd ./openssl-*
> ./config shared
> make
> export SSL_HOME=$PWD
> cd ~/Downloads
> wget downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
> tar -zxf ./asterisk-*.tar.gz
> cd ./asterisk-*
> LDFLAGS="-Wl,-rpath $SSL_HOME" ./configure --with-crypto=$SSL_HOME --with-ssl=$SSL_HOME
> {code}
> *Expected Result*
> checking for SSL_OP_NO_TLSv1_2 in openssl/ssl.h... _yes_
> *Actual Result*
> checking for SSL_OP_NO_TLSv1_2 in openssl/ssl.h... _no_
> The file {{config.log}} shows that the script {{./configure}} went not for the set PATH but searched the system.
> *Workaround*
> Install headers of OpenSSL 1.0.1 (or newer) in the system, for example in Ubuntu via
> {{sudo apt install libssl-dev}}
> *Notes*
> The attached patch was tested with OpenSSL 1.1.0h, 1.0.2o, 1.0.1u, 1.0.0s, and 0.9.8zh. When OpenSSL was {{./config shared no-deprecated}}, more is broken: {{make}} is going to error, because
> * {{CRYPTO_set_id_callback}} is deprecated since OpenSSL 1.0.0 and
> * {{openssl/dh.h}} and {{openssl/rsa.h}} must be included explicitly.
> When it comes to Asterisk {{./configure --with-ssl=PATH}}, more is broken: {{make}} is going to error because several source-code files include an OpenSSL header (implicitly via other Asterisk headers) but look for OpenSSL just in the system path.
> I fixed both issues to confirm the patch is working. However, for those two issues, I am going to create separate reports.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list