[asterisk-bugs] [JIRA] (ASTERISK-27867) [patch] libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated.
Alexander Traud (JIRA)
noreply at issues.asterisk.org
Fri Jun 8 01:42:54 CDT 2018
[ https://issues.asterisk.org/jira/browse/ASTERISK-27867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Traud updated ASTERISK-27867:
---------------------------------------
Description:
When OpenSSL is built from source, options can be configured. One option is to build without anything deprecated. This is the best option to test forward compatibility. In case of Asterisk only the symbol {{CRYPTO_set_id_callback}} is affected.
*Steps to reproduce* (Ubuntu 18.04 LTS){code}
sudo apt install build-essential pkg-config libedit-dev libjansson-dev libsqlite3-dev uuid-dev libxslt1-dev
sudo apt install libssl-dev
cd ~/Downloads
wget www.openssl.org/source/openssl-1.0.2o.tar.gz
tar -zxf ./openssl-*.tar.gz
cd ./openssl-*
./config shared no-deprecated
make
export SSL_HOME=$PWD
cd ~/Downloads
wget downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar -zxf ./asterisk-*.tar.gz
cd ./asterisk-*
LDFLAGS="-Wl,-rpath $SSL_HOME" ./configure --with-crypto=$SSL_HOME --with-ssl=$SSL_HOME
make{code}OpenSSL headers in the system were required {{sudo apt install libssl-dev}} because in Asterisk {{--with-ssl}} does not work correctly, yet. See ASTERISK-27865 and its section Notes whether this is still needed.
The attached patch follows the approach several others:
* [FFmpeg|https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2011-November/043136.html]
* [Libav|https://patches.libav.org/patch/11479/] (same author)
* [Asio C++ Library|https://github.com/chriskohlhoff/asio/issues/126] (same source)
* [OpenSSL Users mailing list|https://www.mail-archive.com/openssl-users@openssl.org/msg69328.html]
As side effects, this patch:
* adds the header file for OPENSSL_VERSION_NUMBER
* updates the header includes with the help of [iwyu|https://issues.asterisk.org/jira/browse/ASTERISK-25591] (added pthread and asterisk/logger)
* removes {{defined(OPENSSL_VERSION_NUMBER)}} because that is a left-over from commit [2c8d076|https://github.com/asterisk/asterisk/commit/2c8d0764de87037ce52656e13b36de5d9876aeaa]
* moves {{LIBRESSL_VERSION_NUMBER}} to first position because LibreSSL changed its {{OPENSSL_VERSION_NUMBER}} several times
* removes MODULEINFO, because libasteriskssl is not a module
* updates the copyright to the current year
*Notes*
The attached patch was tested with OpenSSL 1.1.0h, 1.0.2o, 1.0.1u, 1.0.0s, and 0.9.8zh, both variants (no-deprecated and enable-deprecated). This patch changes only the file {{main/libasteriskssl.c}}. Other files must be touched to get {{no-deprecated}} working, see ASTERISK-27865 and its section Notes for details.
was:
When OpenSSL is built from source, options can be configured. One option is to build without anything deprecated. This is the best option to test forward compatibility. In case of Asterisk only the symbol {{CRYPTO_set_id_callback}} is affected.
*Steps to reproduce* (Ubuntu 18.04 LTS){code}
sudo apt install build-essential pkg-config libedit-dev libjansson-dev libsqlite3-dev uuid-dev libxslt1-dev
sudo apt install libssl-dev
cd ~/Downloads
wget www.openssl.org/source/openssl-1.0.2o.tar.gz
tar -zxf ./openssl-*.tar.gz
cd ./openssl-*
./config shared no-deprecated
make
export SSL_HOME=$PWD
cd ~/Downloads
wget downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar -zxf ./asterisk-*.tar.gz
cd ./asterisk-*
LDFLAGS="Wl,-rpath $SSL_HOME" ./configure --with-crypto=$SSL_HOME --with-ssl=$SSL_HOME
make{code}OpenSSL headers in the system were required {{sudo apt install libssl-dev}} because in Asterisk {{--with-ssl}} does not work correctly, yet. See ASTERISK-27865 and its section Notes whether this is still needed.
The attached patch follows the approach several others:
* [FFmpeg|https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2011-November/043136.html]
* [Libav|https://patches.libav.org/patch/11479/] (same author)
* [Asio C++ Library|https://github.com/chriskohlhoff/asio/issues/126] (same source)
* [OpenSSL Users mailing list|https://www.mail-archive.com/openssl-users@openssl.org/msg69328.html]
As side effects, this patch:
* adds the header file for OPENSSL_VERSION_NUMBER
* updates the header includes with the help of [iwyu|https://issues.asterisk.org/jira/browse/ASTERISK-25591] (added pthread and asterisk/logger)
* removes {{defined(OPENSSL_VERSION_NUMBER)}} because that is a left-over from commit [2c8d076|https://github.com/asterisk/asterisk/commit/2c8d0764de87037ce52656e13b36de5d9876aeaa]
* moves {{LIBRESSL_VERSION_NUMBER}} to first position because LibreSSL changed its {{OPENSSL_VERSION_NUMBER}} several times
* removes MODULEINFO, because libasteriskssl is not a module
* updates the copyright to the current year
*Notes*
The attached patch was tested with OpenSSL 1.1.0h, 1.0.2o, 1.0.1u, 1.0.0s, and 0.9.8zh, both variants (no-deprecated and enable-deprecated). This patch changes only the file {{main/libasteriskssl.c}}. Other files must be touched to get {{no-deprecated}} working, see ASTERISK-27865 and its section Notes for details.
> [patch] libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated.
> --------------------------------------------------------------------------
>
> Key: ASTERISK-27867
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27867
> Project: Asterisk
> Issue Type: Improvement
> Security Level: None
> Components: Core/General
> Affects Versions: 13.21.0, 15.4.0
> Reporter: Alexander Traud
> Assignee: Alexander Traud
> Severity: Minor
> Labels: patch
> Attachments: libasteriskssl_13.patch, libasteriskssl_15.patch
>
>
> When OpenSSL is built from source, options can be configured. One option is to build without anything deprecated. This is the best option to test forward compatibility. In case of Asterisk only the symbol {{CRYPTO_set_id_callback}} is affected.
> *Steps to reproduce* (Ubuntu 18.04 LTS){code}
> sudo apt install build-essential pkg-config libedit-dev libjansson-dev libsqlite3-dev uuid-dev libxslt1-dev
> sudo apt install libssl-dev
> cd ~/Downloads
> wget www.openssl.org/source/openssl-1.0.2o.tar.gz
> tar -zxf ./openssl-*.tar.gz
> cd ./openssl-*
> ./config shared no-deprecated
> make
> export SSL_HOME=$PWD
> cd ~/Downloads
> wget downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
> tar -zxf ./asterisk-*.tar.gz
> cd ./asterisk-*
> LDFLAGS="-Wl,-rpath $SSL_HOME" ./configure --with-crypto=$SSL_HOME --with-ssl=$SSL_HOME
> make{code}OpenSSL headers in the system were required {{sudo apt install libssl-dev}} because in Asterisk {{--with-ssl}} does not work correctly, yet. See ASTERISK-27865 and its section Notes whether this is still needed.
> The attached patch follows the approach several others:
> * [FFmpeg|https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2011-November/043136.html]
> * [Libav|https://patches.libav.org/patch/11479/] (same author)
> * [Asio C++ Library|https://github.com/chriskohlhoff/asio/issues/126] (same source)
> * [OpenSSL Users mailing list|https://www.mail-archive.com/openssl-users@openssl.org/msg69328.html]
> As side effects, this patch:
> * adds the header file for OPENSSL_VERSION_NUMBER
> * updates the header includes with the help of [iwyu|https://issues.asterisk.org/jira/browse/ASTERISK-25591] (added pthread and asterisk/logger)
> * removes {{defined(OPENSSL_VERSION_NUMBER)}} because that is a left-over from commit [2c8d076|https://github.com/asterisk/asterisk/commit/2c8d0764de87037ce52656e13b36de5d9876aeaa]
> * moves {{LIBRESSL_VERSION_NUMBER}} to first position because LibreSSL changed its {{OPENSSL_VERSION_NUMBER}} several times
> * removes MODULEINFO, because libasteriskssl is not a module
> * updates the copyright to the current year
> *Notes*
> The attached patch was tested with OpenSSL 1.1.0h, 1.0.2o, 1.0.1u, 1.0.0s, and 0.9.8zh, both variants (no-deprecated and enable-deprecated). This patch changes only the file {{main/libasteriskssl.c}}. Other files must be touched to get {{no-deprecated}} working, see ASTERISK-27865 and its section Notes for details.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list