-
Notifications
You must be signed in to change notification settings - Fork 472
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for OpenSSL 3.0 #599
Comments
Yes, it is not a very difficult process to refactor the code, but some needs to spend time on it |
Note that even though these functions are deprecated, they're still fully available in OpenSSL 3.x, and the high-level APIs just call these low-level functions directly. So this change wouldn't (as far as I know) gain anything other than preventing compile-time warnings. The old OpenSSL 1.1 APIs are also, as far as I know, still the APIs used by libressl and BoringSSL, so the old code couldn't be removed even if we wanted to drop OpenSSL 1.1 support. (The new APIs were only introduced in OpenSSL 3.x.) |
|
We will add support for compiling cleanly against OpenSSL 3.0 either by using the OpenSSL version define or a explicit compile flag (or both). Should be ready for next release. |
#602 fails with OpenSSL 3.0.2. but passes with OpenSSL 3.0.3-dev, I will investigate why when I get time but does anyone know if EVP_MAC reuse has issues? |
#605 is an alternative solution that simply disables the warning for now. |
Looks like autoconf fails on detecting openssl 3.x checking for library containing EVP_EncryptInit... no
configure: error: in `/home/tkloczko/rpmbuild/BUILD/libsrtp-2.4.2':
configure: error: can't find openssl >= 1.0.1 crypto lib
See `config.log' for more details I see some openssl 3.x fixes above last tag. Is it possible to make new release to fix build of the libsrtp with openssl 3.x? |
Hi @kloczek am planning on a new release in next few weeks, will be sure sure to address this issue |
In this case |I found that it was mileading mesage. If you will look closet on the bottom openssl detection Lines 208 to 256 in cc362ae
you can fiund libdl and libz detections. I had no installed libz devel resources and that message was printed by incorrecvt logic in tjhat section Looks like libz detection can be removed because nothing in source tree is usimg libz. [tkloczko@devel-g2v libsrtp-2.4.2]$ grep zlib.h -r
[tkloczko@devel-g2v libsrtp-2.4.2]$ Whole section could be dramatically reduced if |
BTW looks like actual C code is not using libdl as well. |
Here is minimal version of the fix --- a/configure.ac
+++ b/configure.ac
@@ -250,9 +250,6 @@
[CFLAGS="$CFLAGS $crypto_CFLAGS"
LIBS="$crypto_LIBS $LIBS"
openssl_cleanse_broken=maybe])])
- else
- AC_CHECK_LIB([dl], [dlopen], [], [AC_MSG_WARN([can't find libdl])])
- AC_CHECK_LIB([z], [inflate], [], [AC_MSG_WARN([can't find libz])])
fi
AC_SEARCH_LIBS([EVP_EncryptInit], [crypto], |
closing this as #602 is merged and there are now active work flows that test openssl 1.1.1 & 3.0.2 & 3.0.7 |
In 3.0 some APIs were deprecated that results in this warnings:
Would be nice to get them fixes in upcoming releases.
The text was updated successfully, but these errors were encountered: