28 maj 2013 kl. 10:15 skrev Peter Dunkley peter.dunkley@crocodile-rcs.com:

No. This information is incomplete and I have only provided this information as there was a discussion about OpenSSL during the recent developer meeting - this mailing list is the correct place to continue and conclude this discussion.

I was worried about the initialization of OpenSSL libraries. The problem we had in Asterisk was that Asterisk initialized several times and external libraries could do that as well - like jabber and database libraries. I think Kevin solved that by creating a small shim that made sure that only one call could be made. I can see that it can happen here as well with postgresql client libraries initializing OpenSSL by itself.

One of the actions from the meeting was to produce a wiki page documenting _ALL_ external libraries for each module. I do not have time to this.

I think we can do that in doxygen. I will copy the macros I created for Asterisk to produce a doxygen page with all the links.

/O

Regards,

Peter

On 28 May 2013, at 01:26, Edson - Lists 4lists@gmail.com wrote:

...

Hi, Peter...

Thanks for the information.... is this also available somewhere on the Wiki? Where should it fit better? In the compilation instructions? Or letting it on the modules would be enough?

Edson.

Em 27/05/2013 20:48, Peter Dunkley escreveu:

...

I created another module that links with OpenSSL.

The current list of (non-obsolete) modules that link with OpenSSL is:

• websocket
• auth_ephemeral
• tls
• stun
• outbound
• osp
• auth_identity

FYI, for the modules I've created the usage of OpenSSL is:

• websocket: SHA1() is used to create the key in the WebSocket handshake

response.

• auth_ephemeral: HMAC(EVP_sha1(), ...) is used to calculate the password

based on the username and secret key and openssl/sha.h is included for "#define SHA_DIGEST_LENGTH"

• outbound: HMAC(EVP_sha1(), ...) is used to encode the flow token and

RAND_bytes() is used to get cryptographically strong pseudo-random bytes for the secret key

• stun: not sure about this as a lot of the code was copied from core

---

sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

---

sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

On 5/28/13 11:06 AM, Klaus Darilion wrote:

On 28.05.2013 10:20, Olle E. Johansson wrote:

...

28 maj 2013 kl. 10:15 skrev Peter Dunkleypeter.dunkley@crocodile-rcs.com:

...

...

No. This information is incomplete and I have only provided this

information as there was a discussion about OpenSSL during the recent developer meeting - this mailing list is the correct place to continue and conclude this discussion.

I was worried about the initialization of OpenSSL libraries. The problem we had in Asterisk was that Asterisk initialized several times and external libraries could do that as well - like jabber and database libraries. I think Kevin solved that by creating a small shim that made sure that only one call could be made. I can see that it can happen here as well with postgresql client libraries initializing OpenSSL by itself.

I remember that we had the postgresql openssl initialization problem already in Kamailio (or was it ser?) and it was solved by having the other module linking to openssl statically.

This is not an issue anymore, now tls module is the one initializing first. Everything works fine for the latest several stable releases.

Cheers, Daniel