Problem on installation | Openssl 1.0.x is not install Candidate

[kuzm1ch]

Following the documentation one of the steps is to install dependencies: OpenSSL (at least v1.0.1e). sudo apt policy openssl

openssl:
  Installed: 1.1.0g-2ubuntu4.1
  Candidate: 1.1.0g-2ubuntu4.1
  Version table:
 *** 1.1.0g-2ubuntu4.1 500
        500 http://ua.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.1.0g-2ubuntu4 500
        500 http://ua.archive.ubuntu.com/ubuntu bionic/main amd64 Packages

As release candidate is 1.1.0 version we have a problem during building libsrtp 2.0.0(the same for 1.5.x). https://github.com/cisco/libsrtp/issues/394 The version libsrtp 2.1.0 was built successfully with OpenSSL 1.1.0, but still, have a problem on starting Janus:

Crypto: OpenSSL >= 1.1.0
[FATAL] [dtls.c:janus_dtls_load_keys:292] PEM_read_X509 failed

admin@ip-10-21-201-42:~$ dpkg -l | grep openssl
ii  libcurl4-openssl-dev:amd64    7.52.1-5+deb9u8                amd64        development files and documentation for libcurl (OpenSSL flavour)
ii  libgnutls-openssl27:amd64     3.5.8-5+deb9u4                 amd64        GNU TLS library - OpenSSL wrapper
ii  openssl                       1.1.0f-3+deb9u2                amd64        Secure Sockets Layer toolkit - cryptographic utility
ii  python-openssl                16.2.0-1                       all          Python 2 wrapper around the OpenSSL library

In any cases if Janus need Openssl 1.0.x version we should add this to the documents with the step how to build it from source or maybe janus should work fine with the newest version of mention library?

[lminiero]

Janus does not specifically need 1.0.x, I simply don't have access to 1.1.0 so I have no idea if there are API changes that really break it. As soon as my Fedora starts shipping it I'll have a look.

[lminiero]

Are you sure it's not just a matter of failing to open the certificate? I don't see why the behaviour of PEM_read_X509 should have changed in 1.1.0.

[alexamirante]

We use openssl 1.1.0g in production and works flawlessly.

[lminiero]

Closing as not an issue then.

[kuzm1ch]

Yea, I can confirm that issue related to error [FATAL] [dtls.c:janus_dtls_load_keys:292] PEM_read_X509 failed belong to problem with certs. Thanks.

Anyway, there are still some issues in README.md. Unfortunately, I have no access to create PR and therefore just write what should be fixed:

1. libsrtp2.0 installation

   wget https://github.com/cisco/libsrtp/archive/v2.0.0.tar.gz
   tar xfv v2.0.0.tar.gz
   cd libsrtp-2.0.0
   ./configure --prefix=/usr --enable-openssl
   make shared_library && sudo make install

   As I described, this version couldn't be compiled on the newest distro or in case if you update your OpenSSL to the newest version ( install candidate is OpenSSL 1.1.x and version 2.0 could be compiled). Also, there is no configure option like --prefix and --libdir and it should be deleted (https://github.com/cisco/libsrtp) and should be like this:

   wget https://github.com/cisco/libsrtp/archive/v2.2.0.tar.gz
   tar xfv v2.2.0.tar.gz
   cd libsrtp-2.2.0
   ./configure  --enable-openssl
   make shared_library && sudo make install

2. need to add some dependency to installation to command( i have check this on Fedora 28). need to have develop version of libnice package yum install libnice-devel

Also, need to install glib2 yum install glib2

 if test -n "$PKG_CONFIG" && \
    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"
                    glib-2.0 >= \$glib_version
                    jansson >= \$jansson_version
                  \""; } >&5

lines from configure script

Appreciate for your work, but in my opinion, the doc should be as easy as possible.