VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
a_villacis at palosant...
Guest
|
 Posted: Tue Dec 23, 2014 12:19 pm Post subject: [asterisk-users] Problems linking asterisk against self-comp |
 |
|
I am trying to enable full WebRTC support on asterisk-11.15 for installation on a CentOS 5 machine. Currently the distro cannot be upgraded to any later CentOS series. This CentOS series ships with openssl-0.9.8e, which lacks DTLS-SRTP support required for
WebRTC. So I decided to build a parallel install of openssl. I chose the Fedora 21 package, openssl-1.0.1j, and built it on CentOS 5. The libraries now reside at /opt/openssl101/usr/lib with header files at /opt/openssl101/usr/include/openssl/ . There are
symbolic links at /usr/lib64/libssl.so.10 and /usr/lib64/libcrypto.so.10 pointing into my upgraded openssl.
Now I am trying to compile asterisk and link it with my openssl. My configure invocation is as follows:
./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
--includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --with-misdn --with-sounds-cache=no --with-srtp --with-ssl=/opt/openssl101/usr
--with-crypto=/opt/openssl101/usr
Note the --with-ssl and --with-crypto options at the end, pointing to my openssl directory.
After this I compile, but I am getting these messages when compilation reaches res/res_rtp_asterisk.c:
a - output/pjlib-x86_64-redhat-linux-gnu/sock_qos_bsd.o
a - output/pjlib-x86_64-redhat-linux-gnu/ssl_sock_common.o
a - output/pjlib-x86_64-redhat-linux-gnu/ssl_sock_ossl.o
a - output/pjlib-x86_64-redhat-linux-gnu/ssl_sock_dump.o
a - output/pjlib-x86_64-redhat-linux-gnu/string.o
a - output/pjlib-x86_64-redhat-linux-gnu/timer.o
a - output/pjlib-x86_64-redhat-linux-gnu/types.o
[CC] res_rtp_asterisk.c -> res_rtp_asterisk.o
res_rtp_asterisk.c: In function 'ast_rtp_dtls_set_configuration':
res_rtp_asterisk.c:1278: warning: implicit declaration of function 'SSL_CTX_set_tlsext_use_srtp'
res_rtp_asterisk.c: In function 'dtls_srtp_handle_timeout':
res_rtp_asterisk.c:1765: warning: implicit declaration of function 'DTLSv1_handle_timeout'
res_rtp_asterisk.c: In function 'dtls_srtp_check_pending':
res_rtp_asterisk.c:1817: warning: implicit declaration of function 'DTLSv1_get_timeout'
res_rtp_asterisk.c: In function 'dtls_srtp_setup':
res_rtp_asterisk.c:1904: warning: implicit declaration of function 'SSL_export_keying_material'
[LD] res_rtp_asterisk.o -> res_rtp_asterisk.so
[CC] res_rtp_multicast.c -> res_rtp_multicast.o
[LD] res_rtp_multicast.o -> res_rtp_multicast.so
After this, res_rtp_asterisk.so cannot be loaded because it is linked to the system openssl but requests the symbols from the upgraded openssl:
[2014-12-22 20:19:41] WARNING[25901] loader.c: Error loading module 'res_rtp_asterisk.so': /usr/lib64/asterisk/modules/res_rtp_asterisk.so: undefined symbol: DTLSv1_handle_timeout
[root@rpmbuild64-2 ~]# ldd /usr/lib64/asterisk/modules/res_rtp_asterisk.so
linux-vdso.so.1 => (0x00007fff431fd000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00002b3f92461000)
libm.so.6 => /lib64/libm.so.6 (0x00002b3f92665000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x00002b3f928e9000)
librt.so.1 => /lib64/librt.so.1 (0x00002b3f92b01000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00002b3f92d0a000)
libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002b3f92f27000)
libssl.so.6 => /lib64/libssl.so.6 (0x00002b3f93278000)
libc.so.6 => /lib64/libc.so.6 (0x00002b3f934c6000)
/lib64/ld-linux-x86-64.so.2 (0x00000037c2400000)
libdl.so.2 => /lib64/libdl.so.2 (0x00002b3f93820000)
libz.so.1 => /lib64/libz.so.1 (0x00002b3f93a24000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002b3f93c38000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002b3f93e67000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002b3f940fc000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002b3f942fe000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002b3f94524000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002b3f9472c000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00002b3f9492e000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00002b3f94b44000)
libsepol.so.1 => /lib64/libsepol.so.1 (0x00002b3f94d5c000)
(using libcrypto.so.6 and libssl.so.6 from system openssl)
However, libasteriskssl.so is correctly linked against my upgraded openssl:
[root@rpmbuild64-2 ~]# ldd /usr/lib64/libasteriskssl.so.1
linux-vdso.so.1 => (0x00007fffac390000)
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00002aef0cfb4000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00002aef0d21d000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00002aef0d5f2000)
libc.so.6 => /lib64/libc.so.6 (0x00002aef0d80e000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002aef0db67000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aef0dd96000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aef0e02b000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aef0e22d000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aef0e453000)
libdl.so.2 => /lib64/libdl.so.2 (0x00002aef0e668000)
libz.so.1 => /lib64/libz.so.1 (0x00002aef0e86c000)
/lib64/ld-linux-x86-64.so.2 (0x00000037c2400000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002aef0ea81000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aef0ec89000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aef0ee8c000)
libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aef0f0a4000)
[root@rpmbuild64-2 ~]# ls -l /usr/lib64/libcrypto.so.10 /usr/lib64/libssl.so.10
lrwxrwxrwx 1 root root 45 dic 22 19:15 /usr/lib64/libcrypto.so.10 -> ../..//opt/openssl101/usr/lib/libcrypto.so.10
lrwxrwxrwx 1 root root 42 dic 22 19:15 /usr/lib64/libssl.so.10 -> ../..//opt/openssl101/usr/lib/libssl.so.10
(using libcrypto.so.10 and libssl.so.10 from upgraded openssl)
I have searched in Google, but I cannot find any mention of this issue before, nor any attempt to compile asterisk against a non-system openssl.
How can I proceed to solve the linking issue? My guess is that include and link flags are not being correctly set when compiling res_rtp_asterisk.c , but I could be wrong. What else should I check?
If this message should be sent to asterisk-devel instead, please tell me.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
 |
a_villacis at palosant...
Guest
|
| Posted: Tue Dec 23, 2014 4:38 pm Post subject: [asterisk-users] Problems linking asterisk against self-comp |
|
|
El 23/12/14 a las 12:19, Alex Villacís Lasso escribió:
| Quote: | I am trying to enable full WebRTC support on asterisk-11.15 for installation on a CentOS 5 machine. Currently the distro cannot be upgraded to any later CentOS series. This CentOS series ships with openssl-0.9.8e, which lacks DTLS-SRTP support required
for WebRTC. So I decided to build a parallel install of openssl. I chose the Fedora 21 package, openssl-1.0.1j, and built it on CentOS 5. The libraries now reside at /opt/openssl101/usr/lib with header files at /opt/openssl101/usr/include/openssl/ .
There are symbolic links at /usr/lib64/libssl.so.10 and /usr/lib64/libcrypto.so.10 pointing into my upgraded openssl.
Now I am trying to compile asterisk and link it with my openssl. My configure invocation is as follows:
./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
--includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --with-misdn --with-sounds-cache=no --with-srtp --with-ssl=/opt/openssl101/usr
--with-crypto=/opt/openssl101/usr
Note the --with-ssl and --with-crypto options at the end, pointing to my openssl directory.
After this I compile, but I am getting these messages when compilation reaches res/res_rtp_asterisk.c:
a - output/pjlib-x86_64-redhat-linux-gnu/sock_qos_bsd.o
a - output/pjlib-x86_64-redhat-linux-gnu/ssl_sock_common.o
a - output/pjlib-x86_64-redhat-linux-gnu/ssl_sock_ossl.o
a - output/pjlib-x86_64-redhat-linux-gnu/ssl_sock_dump.o
a - output/pjlib-x86_64-redhat-linux-gnu/string.o
a - output/pjlib-x86_64-redhat-linux-gnu/timer.o
a - output/pjlib-x86_64-redhat-linux-gnu/types.o
[CC] res_rtp_asterisk.c -> res_rtp_asterisk.o
res_rtp_asterisk.c: In function 'ast_rtp_dtls_set_configuration':
res_rtp_asterisk.c:1278: warning: implicit declaration of function 'SSL_CTX_set_tlsext_use_srtp'
res_rtp_asterisk.c: In function 'dtls_srtp_handle_timeout':
res_rtp_asterisk.c:1765: warning: implicit declaration of function 'DTLSv1_handle_timeout'
res_rtp_asterisk.c: In function 'dtls_srtp_check_pending':
res_rtp_asterisk.c:1817: warning: implicit declaration of function 'DTLSv1_get_timeout'
res_rtp_asterisk.c: In function 'dtls_srtp_setup':
res_rtp_asterisk.c:1904: warning: implicit declaration of function 'SSL_export_keying_material'
[LD] res_rtp_asterisk.o -> res_rtp_asterisk.so
[CC] res_rtp_multicast.c -> res_rtp_multicast.o
[LD] res_rtp_multicast.o -> res_rtp_multicast.so
After this, res_rtp_asterisk.so cannot be loaded because it is linked to the system openssl but requests the symbols from the upgraded openssl:
[2014-12-22 20:19:41] WARNING[25901] loader.c: Error loading module 'res_rtp_asterisk.so': /usr/lib64/asterisk/modules/res_rtp_asterisk.so: undefined symbol: DTLSv1_handle_timeout
[root@rpmbuild64-2 ~]# ldd /usr/lib64/asterisk/modules/res_rtp_asterisk.so
linux-vdso.so.1 => (0x00007fff431fd000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00002b3f92461000)
libm.so.6 => /lib64/libm.so.6 (0x00002b3f92665000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x00002b3f928e9000)
librt.so.1 => /lib64/librt.so.1 (0x00002b3f92b01000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00002b3f92d0a000)
libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002b3f92f27000)
libssl.so.6 => /lib64/libssl.so.6 (0x00002b3f93278000)
libc.so.6 => /lib64/libc.so.6 (0x00002b3f934c6000)
/lib64/ld-linux-x86-64.so.2 (0x00000037c2400000)
libdl.so.2 => /lib64/libdl.so.2 (0x00002b3f93820000)
libz.so.1 => /lib64/libz.so.1 (0x00002b3f93a24000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002b3f93c38000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002b3f93e67000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002b3f940fc000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002b3f942fe000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002b3f94524000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002b3f9472c000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00002b3f9492e000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00002b3f94b44000)
libsepol.so.1 => /lib64/libsepol.so.1 (0x00002b3f94d5c000)
(using libcrypto.so.6 and libssl.so.6 from system openssl)
However, libasteriskssl.so is correctly linked against my upgraded openssl:
[root@rpmbuild64-2 ~]# ldd /usr/lib64/libasteriskssl.so.1
linux-vdso.so.1 => (0x00007fffac390000)
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00002aef0cfb4000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00002aef0d21d000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00002aef0d5f2000)
libc.so.6 => /lib64/libc.so.6 (0x00002aef0d80e000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002aef0db67000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aef0dd96000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aef0e02b000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aef0e22d000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aef0e453000)
libdl.so.2 => /lib64/libdl.so.2 (0x00002aef0e668000)
libz.so.1 => /lib64/libz.so.1 (0x00002aef0e86c000)
/lib64/ld-linux-x86-64.so.2 (0x00000037c2400000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002aef0ea81000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aef0ec89000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aef0ee8c000)
libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aef0f0a4000)
[root@rpmbuild64-2 ~]# ls -l /usr/lib64/libcrypto.so.10 /usr/lib64/libssl.so.10
lrwxrwxrwx 1 root root 45 dic 22 19:15 /usr/lib64/libcrypto.so.10 -> ../..//opt/openssl101/usr/lib/libcrypto.so.10
lrwxrwxrwx 1 root root 42 dic 22 19:15 /usr/lib64/libssl.so.10 -> ../..//opt/openssl101/usr/lib/libssl.so.10
(using libcrypto.so.10 and libssl.so.10 from upgraded openssl)
I have searched in Google, but I cannot find any mention of this issue before, nor any attempt to compile asterisk against a non-system openssl.
How can I proceed to solve the linking issue? My guess is that include and link flags are not being correctly set when compiling res_rtp_asterisk.c , but I could be wrong. What else should I check?
If this message should be sent to asterisk-devel instead, please tell me.
|
I managed to work around this by patching res/Makefile as follows:
diff -ur asterisk-11.15.0-bak/res/Makefile asterisk-11.15.0/res/Makefile
--- asterisk-11.15.0-bak/res/Makefile 2014-12-23 14:57:49.000000000 -0500
+++ asterisk-11.15.0/res/Makefile 2014-12-23 14:59:19.000000000 -0500
@@ -75,7 +75,7 @@
rm -f pjproject/build.mak
pjproject/build.mak: pjproject/aconfigure
- (cd pjproject && CFLAGS="-fPIC" ./configure --build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) --disable-floating-point --disable-sound --disable-oss --disable-speex-aec --disable-l16-codec --disable-gsm-codec --disable-g722-codec --disable-g7221-codec
--disable-speex-codec --disable-ilbc-codec --disable-g711-codec)
+ (cd pjproject && CFLAGS="-fPIC $(OPENSSL_INCLUDE)" LDFLAGS="$(OPENSSL_LIB)" ./configure --build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) --disable-floating-point --disable-sound --disable-oss --disable-speex-aec --disable-l16-codec
--disable-gsm-codec --disable-g722-codec --disable-g7221-codec --disable-speex-codec --disable-ilbc-codec --disable-g711-codec)
ifneq ($(findstring $(MAKECMDGOALS),all),)
-include pjproject/build.mak
With this, I can load res_rtp_asterisk.so normally.
However, a potential issue remains. There are some modules that still load the system-supplied openssl, since they are linked to system libraries that in turn link to system openssl:
res/res_curl.so
res/res_config_curl.so
res/res_snmp.so
addons/app_mysql.so
addons/res_config_mysql.so
addons/cdr_mysql.so
funcs/func_curl.so
apps/app_cbmysql.so
So far my test asterisk runs without crashes or other issues. Is there a potential problem that could arise from loading both the system openssl and the upgraded openssl on the same process? What should I look out for?
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
