Closed nazar-pc closed 1 year ago
Yes, it is not a very difficult process to refactor the code, but some needs to spend time on it
Note that even though these functions are deprecated, they're still fully available in OpenSSL 3.x, and the high-level APIs just call these low-level functions directly. So this change wouldn't (as far as I know) gain anything other than preventing compile-time warnings.
The old OpenSSL 1.1 APIs are also, as far as I know, still the APIs used by libressl and BoringSSL, so the old code couldn't be removed even if we wanted to drop OpenSSL 1.1 support. (The new APIs were only introduced in OpenSSL 3.x.)
1) Having compile-time warnings is a bad practice in general, so not generating them would be nice 2) It is possible to disable 1.1 APIs in OpenSSL 3.0 if desired; some might do that, then libsrtp will become incompatible 3) I don't suggest to drop OpenSSL 1.1 at this point, just add OpenSSL 3.0 support explicitly to avoid build warnings
We will add support for compiling cleanly against OpenSSL 3.0 either by using the OpenSSL version define or a explicit compile flag (or both). Should be ready for next release.
Looks like autoconf fails on detecting openssl 3.x
checking for library containing EVP_EncryptInit... no
configure: error: in `/home/tkloczko/rpmbuild/BUILD/libsrtp-2.4.2':
configure: error: can't find openssl >= 1.0.1 crypto lib
See `config.log' for more details
I see some openssl 3.x fixes above last tag. Is it possible to make new release to fix build of the libsrtp with openssl 3.x?
Hi @kloczek am planning on a new release in next few weeks, will be sure sure to address this issue
In this case |I found that it was mileading mesage. If you will look closet on the bottom openssl detection https://github.com/cisco/libsrtp/blob/cc362ae5b3d30c89d8dc00c22f84f615fb02d956/configure.ac#L208-L256 you can fiund libdl and libz detections. I had no installed libz devel resources and that message was printed by incorrecvt logic in tjhat section Looks like libz detection can be removed because nothing in source tree is usimg libz.
[tkloczko@devel-g2v libsrtp-2.4.2]$ grep zlib.h -r
[tkloczko@devel-g2v libsrtp-2.4.2]$
Whole section could be dramatically reduced if PKG_CHECK_MODULES()
aclocal macro would be used.
BTW looks like actual C code is not using libdl as well.
Here is minimal version of the fix
--- a/configure.ac
+++ b/configure.ac
@@ -250,9 +250,6 @@
[CFLAGS="$CFLAGS $crypto_CFLAGS"
LIBS="$crypto_LIBS $LIBS"
openssl_cleanse_broken=maybe])])
- else
- AC_CHECK_LIB([dl], [dlopen], [], [AC_MSG_WARN([can't find libdl])])
- AC_CHECK_LIB([z], [inflate], [], [AC_MSG_WARN([can't find libz])])
fi
AC_SEARCH_LIBS([EVP_EncryptInit], [crypto],
closing this as #602 is merged and there are now active work flows that test openssl 1.1.1 & 3.0.2 & 3.0.7
In 3.0 some APIs were deprecated that results in this warnings:
Would be nice to get them fixes in upcoming releases.