[Freeswitch-users] 1.4/master openssl requirement change.

Michael Jerris mike at jerris.com
Thu Jan 30 18:07:31 MSK 2014


The upside is the control, the downside is that it requires us to maintain them for security issues and such.  We are leaning towards moving to system libs where its practical.

On Jan 30, 2014, at 4:07 AM, François <fdelawarde at wirelessmundi.com> wrote:

> Hi Anthony,
> 
> Thanks for the tip, sounds like the best option!
> 
> BTW, why isn't OpenSSL just bundled into FreeSWITCH source like many
> other libraries? Wouldn't it prevent all these issues and give you guys
> more control to change versions or patch at will?
> 
> Thanks,
> François.
> 
> 
> On Wed, 2014-01-29 at 16:19 -0600, Anthony Minessale wrote: 
>> Here is a recipe for cent5 and probably other linux if someone would
>> be so kind as to clean it up and document and maybe make into a shell
>> script.
>> 
>> 
>> wget http://www.openssl.org/source/openssl-1.0.1f.tar.gz
>> tar -zxvf openssl-1.0.1f.tar.gz
>> cd openssl-1.0.1f
>> ./config --prefix=/usr/openssl101f -fPIC
>> 
>> make 
>> make install
>> 
>> 
>> then go over to FS build root (even on existing build that had picked
>> up the dependency by a git pull)
>> 
>> 
>> ./configure CFLAGS="-I/usr/openssl101f/include"
>> LDFLAGS="-L/usr/openssl101f/lib"  
>> 
>> 
>> 
>> Then build as normal
>> 
>> 
>> 
>> 
>> 
>> 
>> /usr/openssl101f can really be anywhere and its a static linking so
>> you don't need to distribute it.
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> On Wed, Jan 29, 2014 at 3:54 PM, Michael Jerris <mike at jerris.com>
>> wrote:
>>        Fair enough, I'm not actually a huge fan of homebrew either,
>>        but one thing it does quite nicely is to install conflicting
>>        libraries into a location that will not conflict with system
>>        libraries for things that may conflict, specifically:
>> 
>>        /usr/local/opt/openssl/
>> 
>>        if you want to build your own, without having to change your
>>        freeswitch build procedures, make sure the libs end up
>>        in /usr/local/opt/openssl/lib and the headers get
>>        into /usr/local/opt/openssl/include.
>> 
>>        Alternatively, you can pick whatever directory you like to
>>        build into, i would suggest something not part of the typical
>>        lib chain, and specify to configure such as:
>> 
>>        ./configure LDFLAGS=-L/usr/local/opt/openssl/lib
>>        CFLAGS=-I/usr/local/opt/openssl/include
>> 
>>        Mike 
>> 
>>        On Jan 29, 2014, at 4:41 PM, Michael Jerris <mike at jerris.com>
>>        wrote:
>> 
>>> We do not look at the version number, we look at support for
>>        features that were added after 1.0.1c was released.  I'm not
>>        positive if they are in 1.0.1d or not, but for pretty much
>>        everyone I would recommend you be on at least 1.0.1f or
>>        equivalent security patches.  The 1.0.1e latest package in
>>        wheezy I think is effectively the same as 1.0.1f as 1.0.1f was
>>        just 1.0.1e plus some security patches i know they pulled in.
>>> 
>>> 
>>> On Jan 29, 2014, at 3:21 PM, Tamas Jalsovszky
>>        <jalsot at gmail.com> wrote:
>>> 
>>>> Hello,
>>>> 
>>>> As far as I know, on Ubuntu 12.04 the latest openssl
>>        package is: 1.0.1-4ubuntu5.11
>>>> As you can see, there is no 'e' letter, however as we have
>>        checked, ubuntu backported changes from 1.0.1 (incliding e
>>        afaik) to this package. We have successful tests with webrtc
>>        on 12.04.
>>>> Would it be possible to not hardcode that way 1.0.1e?
>>>> 
>>>> T.
>> 
>> 
>>        _________________________________________________________________________
>>        Professional FreeSWITCH Consulting Services:
>>        consulting at freeswitch.org
>>        http://www.freeswitchsolutions.com
>> 
>>        
>>        
>> 
>>        Official FreeSWITCH Sites
>>        http://www.freeswitch.org
>>        http://wiki.freeswitch.org
>>        http://www.cluecon.com
>> 
>>        FreeSWITCH-users mailing list
>>        FreeSWITCH-users at lists.freeswitch.org
>>        http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>        UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>        http://www.freeswitch.org
>> 
>> 
>> 
>> 
>> 
>> -- 
>> Anthony Minessale II       ♬ @anthmfs  ♬ @FreeSWITCH  ♬
>> 
>>http://freeswitch.org/http://cluecon.com/>> http://twitter.com/FreeSWITCH
>> ☞ irc.freenode.net #freeswitch ☞ http://freeswitch.org/g+
>> 
>> 
>> ClueCon Weekly Development Call 
>> 
>> ☎ sip:888 at conference.freeswitch.org  ☎ +19193869900 
>> 
>> 
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>> 
>> 
>> 
>> 
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>> 
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org




Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list