* Fix conditional in libasteriskssl.
* Use variables produced by configure to link the SSL and uuid libraries
into libasteriskpj.so instead of hard-coding them.
ASTERISK-27431
Change-Id: I3977931fd3ef8c4e4376349ccddb354eb839b58d
GCC 7 has added capability to produce warnings, this fixes most of those
warnings. The specific warnings are disabled in a few places:
* app_voicemail.c: truncation of paths more than 4096 chars in many places.
* chan_mgcp.c: callid truncated to 80 chars.
* cdr.c: two userfields are combined to cdr copy, fix would break ABI.
* tcptls.c: ignore use of deprecated method SSLv3_client_method().
ASTERISK-27156 #close
Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88
OpenSSL 1.1 requires no explicit initialization. The hacks in the
library are not needed. They also happen to fail running Asterisk.
Change-Id: I3b3efd5d80234a4c45a8ee58dcfe25b15d9ad100
OpenSSL 1.1.0 includes some major changes in the interface. See
https://wiki.openssl.org/index.php/1.1_API_Changes .
Status: Right now there are still a few deprecation notes with OpenSSL
1.1.0. But it's a start.
Changes:
* CRYPTO_LOCK is no longer available. Replace it with its value for now.
I don't completely understand what it is used for there.
* Remove several functions from libasteriskssl that seem to no longer be
needed.
* Structures have become opaque and are accesses with accessors.
* ERR_remove_thread_state() no longer needed.
* SSLv2 code now could no longer be used in 1.1.
ASTERISK-26109 #close
Change-Id: I5e29d477d486ca29b6aae0dc2f5dff960c1cb82b
ASTERISK_REGISTER_FILE no longer has any purpose so this commit removes
all traces of it.
Previously exported symbols removed:
* __ast_register_file
* __ast_unregister_file
* ast_complete_source_filename
This also removes the mtx_prof static variable that was declared when
MTX_PROFILE was enabled. This variable was only used in lock.c so it
is now initialized in that file only.
ASTERISK-26480 #close
Change-Id: I1074af07d71f9e159c48ef36631aa432c86f9966
ERR_remove_state was deprecated with OpenSSL 1.0.0 and was replaced by
ERR_remove_thread_state. ERR_load_SSL_strings and ERR_load_BIO_strings were
called by SSL_load_error_strings already and got removed. These changes allow
OpenSSL forks like BoringSSL to be used with Asterisk.
ASTERISK-25043 #close
Reported by: Alexander Traud
patches:
asterisk_with_BoringSSL.patch uploaded by Alexander Traud (License 6520)
Change-Id: If1c0871ece21a7e0763fafbd2fa023ae49d4d629
Git does not support the ability to replace a token with a version
string during check-in. While it does have support for replacing a
token on clone, this is somewhat sub-optimal: the token is replaced
with the object hash, which is not particularly easy for human
consumption. What's more, in practice, the source file version was often
not terribly useful. Generally, when triaging bugs, the overall version
of Asterisk is far more useful than an individual SVN version of a file. As a
result, this patch removes Asterisk's support for showing source file
versions.
Specifically, it does the following:
* Rename ASTERISK_FILE_VERSION macro to ASTERISK_REGISTER_FILE, and
remove passing the version in with the macro. Other facilities
than 'core show file version' make use of the file names, such as
setting a debug level only on a specific file. As such, the act of
registering source files with the Asterisk core still has use. The
macro rename now reflects the new macro purpose.
* main/asterisk:
- Refactor the file_version structure to reflect that it no longer
tracks a version field.
- Remove the "core show file version" CLI command. Without the file
version, it is no longer useful.
- Remove the ast_file_version_find function. The file version is no
longer tracked.
- Rename ast_register_file_version/ast_unregister_file_version to
ast_register_file/ast_unregister_file, respectively.
* main/manager: Remove value from the Version key of the ModuleCheck
Action. The actual key itself has not been removed, as doing so would
absolutely constitute a backwards incompatible change. However, since
the file version is no longer tracked, there is no need to attempt to
include it in the Version key.
* UPGRADE: Add notes for:
- Modification to the ModuleCheck AMI Action
- Removal of the "core show file version" CLI command
Change-Id: I6cf0ff280e1668bf4957dc21f32a5ff43444a40e
This patch resolves two sources of memory leaks when using TLS in Asterisk:
1) It removes improper initialization (and multiple re-initializations) of
portions of the SSL library. Asterisk calls SSL_library_init and
SSL_load_error_strings during SSL initialization; collectively this
obviates the need for calling any of the following during initialization
or client connection handling:
* ERR_load_crypto_strings (handled by SSL_load_error_strings)
* OpenSSL_add_all_algorithms (synonym for SSL_library_init)
* SSLeay_add_ssl_algorithms (synonym for SSL_library_init)
2) Failure to completely clean up all memory allocated by Asterisk and by
the SSL library for TLS clients. This included not freeing the SSL_CTX
object in the SIP channel driver, as well as not clearing the error
stack when the TLS client exited.
Note that these memory leaks were found by Thomas Arimont, and this patch
was essentially written by him with some minor tweaks.
(closes issue AST-889)
Reported by: Thomas Arimont
Tested by: Thomas Arimont
patches:
(bugAST-889.patch) by Thomas Arimont (license 5525)
Review: https://reviewboard.asterisk.org/r/2105
........
Merged revisions 373061 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 373062 from http://svn.asterisk.org/svn/asterisk/branches/10
........
Merged revisions 373079 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@373080 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When the OpenSSL duplicate initialization issues were resolved in r351447,
res_curl could fail to load if it checked SSL_library_init after SSL
initialization completed. This is due to the SSL_library_init stub returning
a value of 0 for success, as opposed to a value of 1. OpenSSL uses a value of
1 to indicate success - in fact, SSL_library_init is documented to always return
1. Interestingly, the CURL libraries actually checked the return value - the fact
that nothing else that depends on OpenSSL was having problems loading probably means
they don't check the return value.
(closes issue AST-924)
Reported by: Guenther Kelleter
patches:
(AST-924.patch license #6372 uploaded by Guenther Kelleter)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@369870 65c4cc65-6c06-0410-ace0-fbb531ad65f3
........
r369001 | kpfleming | 2012-06-15 10:56:08 -0500 (Fri, 15 Jun 2012) | 11 lines
Add support-level indications to many more source files.
Since we now have tools that scan through the source tree looking for files
with specific support levels, we need to ensure that every file that is
a component of a 'core' or 'extended' module (or the main Asterisk binary)
is explicitly marked with its support level. This patch adds support-level
indications to many more source files in tree, but avoids adding them to
third-party libraries that are included in the tree and to source files
that don't end up involved in Asterisk itself.
........
r369002 | kpfleming | 2012-06-15 10:57:14 -0500 (Fri, 15 Jun 2012) | 3 lines
Add a script to enable finding source files without support-levels defined.
........
Merged revisions 369001-369002 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 369005 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@369013 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When Asterisk is used with various third-party libraries (CURL, PostgresSQL,
many others) that have the ability themselves to use OpenSSL, it is possible
for conflicts to arise in how the OpenSSL libraries are initialized and
shutdown. This patch addresses these conflicts by 'wrapping' the important
functions from the OpenSSL libraries in a new shared library that is part
of Asterisk itself, and is loaded in such a way as to ensure that *all*
calls to these functions will be dispatched through the Asterisk wrapper
functions, not the native functions.
This new library is optional, but enabled by default. See the CHANGES file
for documentation on how to disable it.
Along the way, this patch also makes a few other minor changes:
* Changes MODULES_DIR to ASTMODDIR throughout the build system, in order to
more closely match what is used during run-time configuration.
* Corrects some errors in the configure script where AC_CHECK_TOOLS was used
instead of AC_PATH_PROG.
* Adds a new variable for linker flags in the build system (DYLINK), used for
producing true shared libraries (as opposed to the dynamically loadable
modules that the build system produces for 'regular' Asterisk modules).
* Moves the Makefile bits that handle installation and uninstallation of the
main Asterisk binary into main/Makefile from the top-level Makefile.
* Moves a couple of useful preprocessor macros from optional_api.h to
asterisk.h.
Review: https://reviewboard.asterisk.org/r/1006/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353317 65c4cc65-6c06-0410-ace0-fbb531ad65f3