[Freeswitch-users] 1.4/master openssl requirement change.

Anthony Minessale anthony.minessale at gmail.com
Thu Jan 30 21:19:07 MSK 2014


Its a question of bundling the ones get get a benefit from bundling.  We
never bundled openssl, the problem was that we need certain features from a
modern version of openssl and the older versions were not really working
correctly even when they compiled properly.



On Thu, Jan 30, 2014 at 12:06 PM, François <fdelawarde at wirelessmundi.com>wrote:

> Hi Mike,
>
> What happened with the arguments in:
> http://www.freeswitch.org/node/472
>
> I'm quite confused, you guys just convinced me of the benefits of
> bundling libs, and now I have to go back and say to everyone how system
> libs are better for FS?
>
> No way! :-)
>
> Regards,
> --
> François
>
>
> On Thu, 2014-01-30 at 10:07 -0500, Michael Jerris wrote:
> > The upside is the control, the downside is that it requires us to
> > maintain them for security issues and such. We are leaning towards
> > moving to system libs where its practical.
> >
> > On Jan 30, 2014, at 4:07 AM, François <fdelawarde at wirelessmundi.com>
> > wrote:
> >
> > > Hi Anthony,
> > >
> > > Thanks for the tip, sounds like the best option!
> > >
> > > BTW, why isn't OpenSSL just bundled into FreeSWITCH source like many
> > > other libraries? Wouldn't it prevent all these issues and give you
> > guys
> > > more control to change versions or patch at will?
> > >
> > > Thanks,
> > > François.
> > >
> > >
> > > On Wed, 2014-01-29 at 16:19 -0600, Anthony Minessale wrote:
> > >> Here is a recipe for cent5 and probably other linux if someone
> > would
> > >> be so kind as to clean it up and document and maybe make into a
> > shell
> > >> script.
> > >>
> > >>
> > >> wget http://www.openssl.org/source/openssl-1.0.1f.tar.gz
> > >> tar -zxvf openssl-1.0.1f.tar.gz
> > >> cd openssl-1.0.1f
> > >> ./config --prefix=/usr/openssl101f -fPIC
> > >>
> > >> make
> > >> make install
> > >>
> > >>
> > >> then go over to FS build root (even on existing build that had
> > picked
> > >> up the dependency by a git pull)
> > >>
> > >>
> > >> ./configure CFLAGS="-I/usr/openssl101f/include"
> > >> LDFLAGS="-L/usr/openssl101f/lib"
> > >>
> > >>
> > >>
> > >> Then build as normal
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> /usr/openssl101f can really be anywhere and its a static linking so
> > >> you don't need to distribute it.
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> On Wed, Jan 29, 2014 at 3:54 PM, Michael Jerris <mike at jerris.com>
> > >> wrote:
> > >> Fair enough, I'm not actually a huge fan of homebrew either,
> > >> but one thing it does quite nicely is to install conflicting
> > >> libraries into a location that will not conflict with system
> > >> libraries for things that may conflict, specifically:
> > >>
> > >> /usr/local/opt/openssl/
> > >>
> > >> if you want to build your own, without having to change your
> > >> freeswitch build procedures, make sure the libs end up
> > >> in /usr/local/opt/openssl/lib and the headers get
> > >> into /usr/local/opt/openssl/include.
> > >>
> > >> Alternatively, you can pick whatever directory you like to
> > >> build into, i would suggest something not part of the typical
> > >> lib chain, and specify to configure such as:
> > >>
> > >> ./configure LDFLAGS=-L/usr/local/opt/openssl/lib
> > >> CFLAGS=-I/usr/local/opt/openssl/include
> > >>
> > >> Mike
> > >>
> > >> On Jan 29, 2014, at 4:41 PM, Michael Jerris <mike at jerris.com>
> > >> wrote:
> > >>
> > >>> We do not look at the version number, we look at support for
> > >> features that were added after 1.0.1c was released. I'm not
> > >> positive if they are in 1.0.1d or not, but for pretty much
> > >> everyone I would recommend you be on at least 1.0.1f or
> > >> equivalent security patches. The 1.0.1e latest package in
> > >> wheezy I think is effectively the same as 1.0.1f as 1.0.1f was
> > >> just 1.0.1e plus some security patches i know they pulled in.
> > >>>
> > >>>
> > >>> On Jan 29, 2014, at 3:21 PM, Tamas Jalsovszky
> > >> <jalsot at gmail.com> wrote:
> > >>>
> > >>>> Hello,
> > >>>>
> > >>>> As far as I know, on Ubuntu 12.04 the latest openssl
> > >> package is: 1.0.1-4ubuntu5.11
> > >>>> As you can see, there is no 'e' letter, however as we have
> > >> checked, ubuntu backported changes from 1.0.1 (incliding e
> > >> afaik) to this package. We have successful tests with webrtc
> > >> on 12.04.
> > >>>> Would it be possible to not hardcode that way 1.0.1e?
> > >>>>
> > >>>> T.
> > >>
> > >>
> > >>
> > _________________________________________________________________________
> > >> Professional FreeSWITCH Consulting Services:
> > >> consulting at freeswitch.org
> > >> http://www.freeswitchsolutions.com
> > >>
> > >> 
> > >> 
> > >>
> > >> Official FreeSWITCH Sites
> > >> http://www.freeswitch.org
> > >> http://wiki.freeswitch.org
> > >> http://www.cluecon.com
> > >>
> > >> FreeSWITCH-users mailing list
> > >> FreeSWITCH-users at lists.freeswitch.org
> > >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > >>
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > >> http://www.freeswitch.org
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> --
> > >> Anthony Minessale II ♬ @anthmfs ♬ @FreeSWITCH ♬
> > >>
> > >> ☞ http://freeswitch.org/http://cluecon.com/> > >> http://twitter.com/FreeSWITCH
> > >> ☞ irc.freenode.net #freeswitch ☞ http://freeswitch.org/g+
> > >>
> > >>
> > >> ClueCon Weekly Development Call
> > >>
> > >> ☎ sip:888 at conference.freeswitch.org ☎ +19193869900
> > >>
> > >>
> > >>
> > _________________________________________________________________________
> > >> Professional FreeSWITCH Consulting Services:
> > >> consulting at freeswitch.org
> > >> http://www.freeswitchsolutions.com
> > >>
> > >> 
> > >> 
> > >>
> > >> Official FreeSWITCH Sites
> > >> http://www.freeswitch.org
> > >> http://wiki.freeswitch.org
> > >> http://www.cluecon.com
> > >>
> > >> FreeSWITCH-users mailing list
> > >> FreeSWITCH-users at lists.freeswitch.org
> > >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > >>
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > >> http://www.freeswitch.org
> > >
> > >
> > >
> > _________________________________________________________________________
> > > Professional FreeSWITCH Consulting Services:
> > > consulting at freeswitch.org
> > > http://www.freeswitchsolutions.com
> > >
> > > 
> > > 
> > >
> > > Official FreeSWITCH Sites
> > > http://www.freeswitch.org
> > > http://wiki.freeswitch.org
> > > http://www.cluecon.com
> > >
> > > FreeSWITCH-users mailing list
> > > FreeSWITCH-users at lists.freeswitch.org
> > > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > >
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > > http://www.freeswitch.org
> >
> >
> > _________________________________________________________________________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > 
> > 
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://wiki.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Anthony Minessale II       ♬ @anthmfs  ♬ @FreeSWITCH  ♬

☞ http://freeswitch.org/http://cluecon.com/http://twitter.com/FreeSWITCH
☞ irc.freenode.net #freeswitch ☞ *http://freeswitch.org/g+
<http://freeswitch.org/g+>*

ClueCon Weekly Development Call
☎ sip:888 at conference.freeswitch.org  ☎ +19193869900
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140130/60b9106a/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list