[asterisk-users] Problems linking asterisk against self-compiled openssl on CentOS 5

Alex Villací­s Lasso a_villacis at palosanto.com
Tue Dec 23 11:19:13 CST 2014 

I am trying to enable full WebRTC support on asterisk-11.15 for installation on a CentOS 5 machine. Currently the distro cannot be upgraded to any later CentOS series. This CentOS series ships with openssl-0.9.8e, which lacks DTLS-SRTP support required for 
WebRTC. So I decided to build a parallel install of openssl. I chose the Fedora 21 package, openssl-1.0.1j, and built it on CentOS 5. The libraries now reside at /opt/openssl101/usr/lib with header files at /opt/openssl101/usr/include/openssl/ . There are 
symbolic links at /usr/lib64/libssl.so.10 and /usr/lib64/libcrypto.so.10 pointing into my upgraded openssl.

Now I am trying to compile asterisk and link it with my openssl. My configure invocation is as follows:

./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share 
--includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --with-misdn --with-sounds-cache=no --with-srtp --with-ssl=/opt/openssl101/usr 
--with-crypto=/opt/openssl101/usr

Note the --with-ssl and --with-crypto options at the end, pointing to my openssl directory.

After this I compile, but I am getting these messages when compilation reaches res/res_rtp_asterisk.c:

a - output/pjlib-x86_64-redhat-linux-gnu/sock_qos_bsd.o
a - output/pjlib-x86_64-redhat-linux-gnu/ssl_sock_common.o
a - output/pjlib-x86_64-redhat-linux-gnu/ssl_sock_ossl.o
a - output/pjlib-x86_64-redhat-linux-gnu/ssl_sock_dump.o
a - output/pjlib-x86_64-redhat-linux-gnu/string.o
a - output/pjlib-x86_64-redhat-linux-gnu/timer.o
a - output/pjlib-x86_64-redhat-linux-gnu/types.o
    [CC] res_rtp_asterisk.c -> res_rtp_asterisk.o
res_rtp_asterisk.c: In function 'ast_rtp_dtls_set_configuration':
res_rtp_asterisk.c:1278: warning: implicit declaration of function 'SSL_CTX_set_tlsext_use_srtp'
res_rtp_asterisk.c: In function 'dtls_srtp_handle_timeout':
res_rtp_asterisk.c:1765: warning: implicit declaration of function 'DTLSv1_handle_timeout'
res_rtp_asterisk.c: In function 'dtls_srtp_check_pending':
res_rtp_asterisk.c:1817: warning: implicit declaration of function 'DTLSv1_get_timeout'
res_rtp_asterisk.c: In function 'dtls_srtp_setup':
res_rtp_asterisk.c:1904: warning: implicit declaration of function 'SSL_export_keying_material'
    [LD] res_rtp_asterisk.o -> res_rtp_asterisk.so
    [CC] res_rtp_multicast.c -> res_rtp_multicast.o
    [LD] res_rtp_multicast.o -> res_rtp_multicast.so

After this, res_rtp_asterisk.so cannot be loaded because it is linked to the system openssl but requests the symbols from the upgraded openssl:

[2014-12-22 20:19:41] WARNING[25901] loader.c: Error loading module 'res_rtp_asterisk.so': /usr/lib64/asterisk/modules/res_rtp_asterisk.so: undefined symbol: DTLSv1_handle_timeout

[root at rpmbuild64-2 ~]# ldd /usr/lib64/asterisk/modules/res_rtp_asterisk.so
     linux-vdso.so.1 =>  (0x00007fff431fd000)
     libuuid.so.1 => /lib64/libuuid.so.1 (0x00002b3f92461000)
     libm.so.6 => /lib64/libm.so.6 (0x00002b3f92665000)
     libnsl.so.1 => /lib64/libnsl.so.1 (0x00002b3f928e9000)
     librt.so.1 => /lib64/librt.so.1 (0x00002b3f92b01000)
     libpthread.so.0 => /lib64/libpthread.so.0 (0x00002b3f92d0a000)
     libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002b3f92f27000)
     libssl.so.6 => /lib64/libssl.so.6 (0x00002b3f93278000)
     libc.so.6 => /lib64/libc.so.6 (0x00002b3f934c6000)
     /lib64/ld-linux-x86-64.so.2 (0x00000037c2400000)
     libdl.so.2 => /lib64/libdl.so.2 (0x00002b3f93820000)
     libz.so.1 => /lib64/libz.so.1 (0x00002b3f93a24000)
     libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002b3f93c38000)
     libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002b3f93e67000)
     libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002b3f940fc000)
     libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002b3f942fe000)
     libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002b3f94524000)
     libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002b3f9472c000)
     libresolv.so.2 => /lib64/libresolv.so.2 (0x00002b3f9492e000)
     libselinux.so.1 => /lib64/libselinux.so.1 (0x00002b3f94b44000)
     libsepol.so.1 => /lib64/libsepol.so.1 (0x00002b3f94d5c000)
(using libcrypto.so.6 and libssl.so.6 from system openssl)

However, libasteriskssl.so is correctly linked against my upgraded openssl:

[root at rpmbuild64-2 ~]# ldd /usr/lib64/libasteriskssl.so.1
     linux-vdso.so.1 =>  (0x00007fffac390000)
     libssl.so.10 => /usr/lib64/libssl.so.10 (0x00002aef0cfb4000)
     libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00002aef0d21d000)
     libpthread.so.0 => /lib64/libpthread.so.0 (0x00002aef0d5f2000)
     libc.so.6 => /lib64/libc.so.6 (0x00002aef0d80e000)
     libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002aef0db67000)
     libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aef0dd96000)
     libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aef0e02b000)
     libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aef0e22d000)
     libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aef0e453000)
     libdl.so.2 => /lib64/libdl.so.2 (0x00002aef0e668000)
     libz.so.1 => /lib64/libz.so.1 (0x00002aef0e86c000)
     /lib64/ld-linux-x86-64.so.2 (0x00000037c2400000)
     libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002aef0ea81000)
     libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aef0ec89000)
     libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aef0ee8c000)
     libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aef0f0a4000)
[root at rpmbuild64-2 ~]# ls -l /usr/lib64/libcrypto.so.10 /usr/lib64/libssl.so.10
lrwxrwxrwx 1 root root 45 dic 22 19:15 /usr/lib64/libcrypto.so.10 -> ../..//opt/openssl101/usr/lib/libcrypto.so.10
lrwxrwxrwx 1 root root 42 dic 22 19:15 /usr/lib64/libssl.so.10 -> ../..//opt/openssl101/usr/lib/libssl.so.10

(using libcrypto.so.10 and libssl.so.10 from upgraded openssl)

I have searched in Google, but I cannot find any mention of this issue before, nor any attempt to compile asterisk against a non-system openssl.

How can I proceed to solve the linking issue? My guess is that include and link flags are not being correctly set when compiling res_rtp_asterisk.c , but I could be wrong. What else should I check?

If this message should be sent to asterisk-devel instead, please tell me.

More information about the asterisk-users mailing list