[asterisk-users] res_jabber over OpenSSL ready for testing

Philippe Sultan philippe.sultan at gmail.com
Mon Jun 18 10:11:55 CDT 2007


Hi everybody,

I'd like to have the feedback from the community regarding this patch
: http://bugs.digium.com/view.php?id=9972

res_jabber currently relies on the iksemel API to handle TLS
connections, which assumes GnuTLS to be installed on the system.  The
basic idea of the proposed modifications is to bypass iksemel's API
when sending/receiving TLS secured data and use OpenSSL instead.

What you'll need on your system :
- OpenSSL installed (tested version 0.9.8b) ;
- iksemel installed (tested version 1.2), with or without GnuTLS.

I was able to have this patched res_jabber working with Google's
Jabber server (TLS required), as well as with our jabberd2 server
(with or without TLS) at INRIA.

On reason why we should consider moving to OpenSSL is because other
modules in Asterisk use it to secure connections. Also, the iksemel
API does not deal with TLS connections properly, which leads
res_jabber to misbehave when TLS is activated (for example, see bug
#9738 : http://bugs.digium.com/view.php?id=9738).

Note : the proposed patch applies to the SVN trunk branch.

Thanks for your help!

Philippe



More information about the asterisk-users mailing list