Summary: | ASTERISK-27865: [patch]: tcptls: Repair ./configure --with-ssl=PATH. | ||
Reporter: | Alexander Traud (traud) | Labels: | patch |
Date Opened: | 2018-05-19 08:07:23 | Date Closed: | 2018-05-24 05:59:20 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | Core/General |
Versions: | 13.21.0 15.4.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Attachments: | ( 0) OpenSSL_DEFINE.patch | |
Description: | This issue was caused by Commit [3b426a8|https://github.com/asterisk/asterisk/commit/3b426a8b09c127941b29600271184583f2199a19] (no issue report), which tried to fix Commit [0de74fa|https://github.com/asterisk/asterisk/commit/0de74fad5597ba12ec68bcc935330a612ee255d6] (ASTERISK-24972). However, that change broke {{./configure --with-ssl=PATH}} because {{AST_C_DEFINE_CHECK}} does not chase the PATH. Consequently, the header {{openssl/ssl.h}} must exist in the system and that header must be from OpenSSL 1.0.1 or newer.
*Steps to Reproduce* (Ubuntu 18.04 LTS) {code} sudo apt install build-essential pkg-config libedit-dev libjansson-dev libsqlite3-dev uuid-dev libxslt1-dev sudo apt remove libssl-dev cd ~/Downloads wget www.openssl.org/source/openssl-1.1.1-pre6.tar.gz tar -zxf ./openssl-*.tar.gz cd ./openssl-* ./config shared make export SSL_HOME=$PWD cd ~/Downloads wget downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar.gz tar -zxf ./asterisk-*.tar.gz cd ./asterisk-* LDFLAGS="-Wl,-rpath $SSL_HOME" ./configure --with-crypto=$SSL_HOME --with-ssl=$SSL_HOME {code} *Expected Result* checking for SSL_OP_NO_TLSv1_2 in openssl/ssl.h... _yes_ *Actual Result* checking for SSL_OP_NO_TLSv1_2 in openssl/ssl.h... _no_ The file {{config.log}} shows that the script {{./configure}} went not for the set PATH but searched the system. *Workaround* Install headers of OpenSSL 1.0.1 (or newer) in the system, for example in Ubuntu via {{sudo apt install libssl-dev}} *Notes* The attached patch was tested with OpenSSL 1.1.0h, 1.0.2o, 1.0.1u, 1.0.0s, and 0.9.8zh. When OpenSSL was {{./config shared no-deprecated}}, more is broken: {{make}} is going to error, because * {{CRYPTO_set_id_callback}} is deprecated since OpenSSL 1.0.0 and * {{openssl/dh.h}} and {{openssl/rsa.h}} must be included explicitly. When it comes to Asterisk {{./configure --with-ssl=PATH}}, more is broken: {{make}} is going to error because several source-code files include an OpenSSL header (implicitly via other Asterisk headers) but look for OpenSSL just in the system path. I fixed both issues to confirm the patch is working. However, for those two issues, I am going to create separate reports. | ||
Comments: | By: Asterisk Team (asteriskteam) 2018-05-19 08:07:25.859-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Friendly Automation (friendly-automation) 2018-05-24 05:59:21.983-0500 Change 9018 merged by Joshua Colp: tcptls: Repair ./configure --with-ssl=PATH. [https://gerrit.asterisk.org/9018|https://gerrit.asterisk.org/9018] By: Friendly Automation (friendly-automation) 2018-05-24 06:08:18.854-0500 Change 9017 merged by Joshua Colp: tcptls: Repair ./configure --with-ssl=PATH. [https://gerrit.asterisk.org/9017|https://gerrit.asterisk.org/9017] By: Friendly Automation (friendly-automation) 2018-05-24 06:21:16.812-0500 Change 9016 merged by Joshua Colp: tcptls: Repair ./configure --with-ssl=PATH. [https://gerrit.asterisk.org/9016|https://gerrit.asterisk.org/9016] |