[asterisk-bugs] [JIRA] (ASTERISK-27905) [patch] res_srtp: Repair ./configure --with-ssl=PATH.

Alexander Traud (JIRA) noreply at issues.asterisk.org
Fri Jun 8 02:19:54 CDT 2018 

Alexander Traud created ASTERISK-27905:
------------------------------------------

             Summary: [patch] res_srtp: Repair ./configure --with-ssl=PATH.
                 Key: ASTERISK-27905
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27905
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_srtp
    Affects Versions: 15.4.0, 13.21.0
            Reporter: Alexander Traud


With the upcoming [TLS 1.3|https://tools.ietf.org/html/draft-ietf-tls-tls13] and 3DES being [disabled|https://www.openssl.org/blog/blog/2016/08/24/sweet32/] in OpenSSL 1.1.x, using a custom build OpenSSL library for SIP-over-TLS might be interesting.

This is sequel 4 of a larger fix, which started in ASTERISK-27865. Commit 5212020 (ASTERISK-24436) introduced this issue here. Consequently, I introduced this issue myself. When a source file includes a header from an optional package (for example OpenSSL), one has to specify either

A) {{xyz.o: _ASTCFLAGS+=$(OPENSSL_INCLUDE)}} in its Makefile, or
B) {{<depend>openssl</depend>}} in its {{MODULEINFO}}, or
C) {{<use type="external">openssl</use>}} in its {{MODULEINFO}}.

The latter is for modules which can be used/built without that external library. When OpenSSL was detected by the script {{./configure}}, the build system of Asterisk adds the required include path. Without, the path of {{--with-ssl}} is not honored and those headers are searched within the system only.

*Steps to Reproduce* (Ubuntu 18.04 LTS)
{code}sudo apt install build-essential pkg-config libedit-dev libjansson-dev libsqlite3-dev uuid-dev libxslt1-dev
sudo apt install libsrtp2-dev
sudo apt remove libssl-dev
cd ~/Downloads
wget www.openssl.org/source/openssl-1.1.1-pre6.tar.gz
tar -zxf ./openssl-*.tar.gz
cd ./openssl-*
./config shared enable-weak-ssl-ciphers
make
export SSL_HOME=$PWD
cd ~/Downloads
wget downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz
tar -zxf ./asterisk-*.tar.gz
cd ./asterisk-*
LDFLAGS="-Wl,-rpath $SSL_HOME" ./configure --enable-dev-mode=noisy --with-crypto=$SSL_HOME --with-ssl=$SSL_HOME
make{code}*Expected Result*
Should build without any problem.

*Actual Result*
{{fatal error: 'openssl/rand.h' file not found}}

*Workaround*
Install headers of OpenSSL in the system, for example in Ubuntu via
{{sudo apt install libssl-dev}}

*Notes*
Thanks to the 'noisy' developer mode (see the configure option), the cause was found quite fast.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list