1 |
commit: c0ca7de3d5a6cf9272978d19b813c5697abba710 |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Oct 31 01:24:28 2022 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Oct 31 01:42:25 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0ca7de3 |
7 |
|
8 |
net-im/coturn: add 4.6.0 |
9 |
|
10 |
Closes: https://bugs.gentoo.org/729820 |
11 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
12 |
|
13 |
net-im/coturn/Manifest | 1 + |
14 |
.../{coturn-9999.ebuild => coturn-4.6.0.ebuild} | 31 +- |
15 |
net-im/coturn/coturn-9999.ebuild | 31 +- |
16 |
net-im/coturn/files/coturn-4.6.0-openssl3.patch | 356 +++++++++++++++++++++ |
17 |
4 files changed, 399 insertions(+), 20 deletions(-) |
18 |
|
19 |
diff --git a/net-im/coturn/Manifest b/net-im/coturn/Manifest |
20 |
index f6b191a10c62..b7be62479570 100644 |
21 |
--- a/net-im/coturn/Manifest |
22 |
+++ b/net-im/coturn/Manifest |
23 |
@@ -1 +1,2 @@ |
24 |
DIST coturn-4.5.2.tar.gz 442745 BLAKE2B c18d5f5cfedd600875c0bfa08b874ef6316a5aa9af34c27e2901825da412b794d437e08f0706f9651bdf6d3d19e151486af39a42f2326c7ab6bb802d33fd0ba4 SHA512 00e86a3a273a8e4e69deaefd338bdd6c44739a807f21a72a2d68efc089053e16efd1d5b34b0c6dea7a0fa2b66f70821d8c3e1107561e1f08dfac2c93933a6121 |
25 |
+DIST coturn-4.6.0.tar.gz 474423 BLAKE2B b70ecd1f333f4f9f37adcab6f5fd3406aa0eb962488b7cae4a30c9339cf7b11b2bfedd1fa70bd3b0c32bf82702d39eb22278506521f71e0cb6aaadee9d3c3d05 SHA512 a80ea1b8d9c78b8f9fc632517a0246cb0d2d4ff21c59d53827f026fb3a145a01b3bec637af94a96b525c35251cb5e9e209ba7f368f08e12ef61220bcb784637c |
26 |
|
27 |
diff --git a/net-im/coturn/coturn-9999.ebuild b/net-im/coturn/coturn-4.6.0.ebuild |
28 |
similarity index 80% |
29 |
copy from net-im/coturn/coturn-9999.ebuild |
30 |
copy to net-im/coturn/coturn-4.6.0.ebuild |
31 |
index d3a3c8813604..8c10c10306aa 100644 |
32 |
--- a/net-im/coturn/coturn-9999.ebuild |
33 |
+++ b/net-im/coturn/coturn-4.6.0.ebuild |
34 |
@@ -4,22 +4,25 @@ |
35 |
EAPI=7 |
36 |
|
37 |
inherit toolchain-funcs systemd tmpfiles |
38 |
+ |
39 |
DESCRIPTION="coturn TURN server project" |
40 |
HOMEPAGE="https://github.com/coturn/coturn" |
41 |
|
42 |
-if [ ${PV} = 9999 ]; then |
43 |
- EGIT_REPO_URI="https://github.com/${PN}/${PN}.git" |
44 |
+if [[ ${PV} == *9999 ]]; then |
45 |
+ EGIT_REPO_URI="https://github.com/coturn/coturn.git" |
46 |
inherit git-r3 |
47 |
-# S="${WORKDIR}/${PN}-master" |
48 |
+ #S="${WORKDIR}/${PN}-master" |
49 |
else |
50 |
+ SRC_URI="https://github.com/coturn/coturn/archive/${PV}.tar.gz -> ${P}.tar.gz" |
51 |
KEYWORDS="~amd64 ~x86" |
52 |
- SRC_URI="https://github.com/${PN}/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" |
53 |
fi |
54 |
|
55 |
LICENSE="BSD" |
56 |
SLOT="0" |
57 |
IUSE="mongodb mysql postgres redis sqlite" |
58 |
-RDEPEND="acct-group/turnserver |
59 |
+ |
60 |
+RDEPEND=" |
61 |
+ acct-group/turnserver |
62 |
acct-user/turnserver |
63 |
>dev-libs/libevent-2.1.8:= |
64 |
dev-libs/openssl:= |
65 |
@@ -27,18 +30,21 @@ RDEPEND="acct-group/turnserver |
66 |
mysql? ( dev-db/mysql-connector-c:= ) |
67 |
postgres? ( dev-db/postgresql:* ) |
68 |
redis? ( dev-libs/hiredis:= ) |
69 |
- sqlite? ( dev-db/sqlite )" |
70 |
+ sqlite? ( dev-db/sqlite ) |
71 |
+" |
72 |
DEPEND="${RDEPEND}" |
73 |
BDEPEND="virtual/pkgconfig" |
74 |
|
75 |
PATCHES=( |
76 |
"${FILESDIR}"/${PN}-4.5.2-respect-TMPDIR.patch |
77 |
+ "${FILESDIR}"/${P}-openssl3.patch |
78 |
) |
79 |
|
80 |
src_configure() { |
81 |
- if [ -n "${AR}" ]; then |
82 |
+ if [[ -n "${AR}" ]]; then |
83 |
sed 's:ARCHIVERCMD="ar -r":ARCHIVERCMD="${AR} -r":g' -i "${S}/configure" |
84 |
fi |
85 |
+ |
86 |
sed 's:MANPREFIX}/man/:MANPREFIX}/:g' -i "${S}/Makefile.in" || die "sed for mandir failed" |
87 |
sed 's:#log-file=/var/tmp/turn.log:log-file=/var/log/turnserver.log:' \ |
88 |
-i "${S}/examples/etc/turnserver.conf" || die "sed for logdir failed" |
89 |
@@ -46,6 +52,7 @@ src_configure() { |
90 |
|| die "sed for simple-log failed" |
91 |
sed '/INSTALL_DIR} examples\/script/a \ \${INSTALL_DIR} examples\/ca \${DESTDIR}${EXAMPLESDIR}' \ |
92 |
-i "${S}/Makefile.in" || die "sed for example ca failed" |
93 |
+ |
94 |
if ! use mongodb; then |
95 |
export TURN_NO_MONGO=yes |
96 |
fi |
97 |
@@ -73,15 +80,19 @@ src_configure() { |
98 |
|
99 |
src_install() { |
100 |
default |
101 |
+ |
102 |
newinitd "${FILESDIR}/turnserver.init" turnserver |
103 |
+ |
104 |
insinto /etc/logrotate.d |
105 |
newins "${FILESDIR}/logrotate.${PN}" "${PN}" |
106 |
+ |
107 |
systemd_dounit "${FILESDIR}/${PN}.service" |
108 |
dotmpfiles "${FILESDIR}/${PN}.conf" |
109 |
} |
110 |
|
111 |
pkg_postinst() { |
112 |
- tmpfiles_process "${PN}.conf" |
113 |
- elog "You need to copy /etc/turnserver.conf.default to" |
114 |
- elog "/etc/turnserver.conf and do your settings there." |
115 |
+ tmpfiles_process ${PN}.conf |
116 |
+ |
117 |
+ elog "You need to copy ${EROOT}/etc/turnserver.conf.default to" |
118 |
+ elog "${EROOT}/etc/turnserver.conf and do your settings there." |
119 |
} |
120 |
|
121 |
diff --git a/net-im/coturn/coturn-9999.ebuild b/net-im/coturn/coturn-9999.ebuild |
122 |
index d3a3c8813604..8c10c10306aa 100644 |
123 |
--- a/net-im/coturn/coturn-9999.ebuild |
124 |
+++ b/net-im/coturn/coturn-9999.ebuild |
125 |
@@ -4,22 +4,25 @@ |
126 |
EAPI=7 |
127 |
|
128 |
inherit toolchain-funcs systemd tmpfiles |
129 |
+ |
130 |
DESCRIPTION="coturn TURN server project" |
131 |
HOMEPAGE="https://github.com/coturn/coturn" |
132 |
|
133 |
-if [ ${PV} = 9999 ]; then |
134 |
- EGIT_REPO_URI="https://github.com/${PN}/${PN}.git" |
135 |
+if [[ ${PV} == *9999 ]]; then |
136 |
+ EGIT_REPO_URI="https://github.com/coturn/coturn.git" |
137 |
inherit git-r3 |
138 |
-# S="${WORKDIR}/${PN}-master" |
139 |
+ #S="${WORKDIR}/${PN}-master" |
140 |
else |
141 |
+ SRC_URI="https://github.com/coturn/coturn/archive/${PV}.tar.gz -> ${P}.tar.gz" |
142 |
KEYWORDS="~amd64 ~x86" |
143 |
- SRC_URI="https://github.com/${PN}/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" |
144 |
fi |
145 |
|
146 |
LICENSE="BSD" |
147 |
SLOT="0" |
148 |
IUSE="mongodb mysql postgres redis sqlite" |
149 |
-RDEPEND="acct-group/turnserver |
150 |
+ |
151 |
+RDEPEND=" |
152 |
+ acct-group/turnserver |
153 |
acct-user/turnserver |
154 |
>dev-libs/libevent-2.1.8:= |
155 |
dev-libs/openssl:= |
156 |
@@ -27,18 +30,21 @@ RDEPEND="acct-group/turnserver |
157 |
mysql? ( dev-db/mysql-connector-c:= ) |
158 |
postgres? ( dev-db/postgresql:* ) |
159 |
redis? ( dev-libs/hiredis:= ) |
160 |
- sqlite? ( dev-db/sqlite )" |
161 |
+ sqlite? ( dev-db/sqlite ) |
162 |
+" |
163 |
DEPEND="${RDEPEND}" |
164 |
BDEPEND="virtual/pkgconfig" |
165 |
|
166 |
PATCHES=( |
167 |
"${FILESDIR}"/${PN}-4.5.2-respect-TMPDIR.patch |
168 |
+ "${FILESDIR}"/${P}-openssl3.patch |
169 |
) |
170 |
|
171 |
src_configure() { |
172 |
- if [ -n "${AR}" ]; then |
173 |
+ if [[ -n "${AR}" ]]; then |
174 |
sed 's:ARCHIVERCMD="ar -r":ARCHIVERCMD="${AR} -r":g' -i "${S}/configure" |
175 |
fi |
176 |
+ |
177 |
sed 's:MANPREFIX}/man/:MANPREFIX}/:g' -i "${S}/Makefile.in" || die "sed for mandir failed" |
178 |
sed 's:#log-file=/var/tmp/turn.log:log-file=/var/log/turnserver.log:' \ |
179 |
-i "${S}/examples/etc/turnserver.conf" || die "sed for logdir failed" |
180 |
@@ -46,6 +52,7 @@ src_configure() { |
181 |
|| die "sed for simple-log failed" |
182 |
sed '/INSTALL_DIR} examples\/script/a \ \${INSTALL_DIR} examples\/ca \${DESTDIR}${EXAMPLESDIR}' \ |
183 |
-i "${S}/Makefile.in" || die "sed for example ca failed" |
184 |
+ |
185 |
if ! use mongodb; then |
186 |
export TURN_NO_MONGO=yes |
187 |
fi |
188 |
@@ -73,15 +80,19 @@ src_configure() { |
189 |
|
190 |
src_install() { |
191 |
default |
192 |
+ |
193 |
newinitd "${FILESDIR}/turnserver.init" turnserver |
194 |
+ |
195 |
insinto /etc/logrotate.d |
196 |
newins "${FILESDIR}/logrotate.${PN}" "${PN}" |
197 |
+ |
198 |
systemd_dounit "${FILESDIR}/${PN}.service" |
199 |
dotmpfiles "${FILESDIR}/${PN}.conf" |
200 |
} |
201 |
|
202 |
pkg_postinst() { |
203 |
- tmpfiles_process "${PN}.conf" |
204 |
- elog "You need to copy /etc/turnserver.conf.default to" |
205 |
- elog "/etc/turnserver.conf and do your settings there." |
206 |
+ tmpfiles_process ${PN}.conf |
207 |
+ |
208 |
+ elog "You need to copy ${EROOT}/etc/turnserver.conf.default to" |
209 |
+ elog "${EROOT}/etc/turnserver.conf and do your settings there." |
210 |
} |
211 |
|
212 |
diff --git a/net-im/coturn/files/coturn-4.6.0-openssl3.patch b/net-im/coturn/files/coturn-4.6.0-openssl3.patch |
213 |
new file mode 100644 |
214 |
index 000000000000..19b88048af50 |
215 |
--- /dev/null |
216 |
+++ b/net-im/coturn/files/coturn-4.6.0-openssl3.patch |
217 |
@@ -0,0 +1,356 @@ |
218 |
+https://github.com/coturn/coturn/commit/9af9f6306ab73c3403f9e11086b1936e9148f7de |
219 |
+https://github.com/coturn/coturn/commit/4ce784a8781ab086c150e2b9f5641b1a37fd9b31 |
220 |
+https://github.com/coturn/coturn/commit/9370bb742d976166a51032760da1ecedefb92267 |
221 |
+https://github.com/coturn/coturn/commit/d72a2a8920b80ce66b36e22b2c22f308ad06c424 |
222 |
+ |
223 |
+From 9af9f6306ab73c3403f9e11086b1936e9148f7de Mon Sep 17 00:00:00 2001 |
224 |
+From: Pavel Punsky <eakraly@××××××××××××××××××××.com> |
225 |
+Date: Wed, 14 Sep 2022 03:29:26 -0700 |
226 |
+Subject: [PATCH] Fix renegotiation flag for older version of openssl (#978) |
227 |
+ |
228 |
+`SSL_OP_NO_RENEGOTIATION` is only supported in openssl-1.1.0 and above |
229 |
+Older versions have `SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS ` |
230 |
+ |
231 |
+Fixes #977 and #952 |
232 |
+ |
233 |
+Test: |
234 |
+Build in a docker container running running openssl-1.0.2g (ubuntu |
235 |
+16.04) successfully (without the fix getting the same errors) |
236 |
+--- a/src/apps/relay/dtls_listener.c |
237 |
++++ b/src/apps/relay/dtls_listener.c |
238 |
+@@ -295,8 +295,17 @@ static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_ty |
239 |
+ SSL_set_accept_state(connecting_ssl); |
240 |
+ |
241 |
+ SSL_set_bio(connecting_ssl, NULL, wbio); |
242 |
+- SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION); |
243 |
+- |
244 |
++ SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE |
245 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
246 |
++#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) |
247 |
++ | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS |
248 |
++#endif |
249 |
++#else |
250 |
++#if defined(SSL_OP_NO_RENEGOTIATION) |
251 |
++ | SSL_OP_NO_RENEGOTIATION |
252 |
++#endif |
253 |
++#endif |
254 |
++ ); |
255 |
+ SSL_set_max_cert_list(connecting_ssl, 655350); |
256 |
+ |
257 |
+ ioa_socket_handle rc = dtls_accept_client_connection(server, s, connecting_ssl, |
258 |
+@@ -581,7 +590,17 @@ static int create_new_connected_udp_socket( |
259 |
+ |
260 |
+ SSL_set_bio(connecting_ssl, NULL, wbio); |
261 |
+ |
262 |
+- SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION); |
263 |
++ SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE |
264 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
265 |
++#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) |
266 |
++ | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS |
267 |
++#endif |
268 |
++#else |
269 |
++#if defined(SSL_OP_NO_RENEGOTIATION) |
270 |
++ | SSL_OP_NO_RENEGOTIATION |
271 |
++#endif |
272 |
++#endif |
273 |
++ ); |
274 |
+ |
275 |
+ SSL_set_max_cert_list(connecting_ssl, 655350); |
276 |
+ int rc = ssl_read(ret->fd, connecting_ssl, server->sm.m.sm.nd.nbh, |
277 |
+--- a/src/apps/relay/ns_ioalib_engine_impl.c |
278 |
++++ b/src/apps/relay/ns_ioalib_engine_impl.c |
279 |
+@@ -1428,7 +1428,17 @@ static void set_socket_ssl(ioa_socket_handle s, SSL *ssl) |
280 |
+ if(ssl) { |
281 |
+ SSL_set_app_data(ssl,s); |
282 |
+ SSL_set_info_callback(ssl, (ssl_info_callback_t)ssl_info_callback); |
283 |
+- SSL_set_options(ssl, SSL_OP_NO_RENEGOTIATION); |
284 |
++ SSL_set_options(ssl, |
285 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
286 |
++#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) |
287 |
++ SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS |
288 |
++#endif |
289 |
++#else |
290 |
++#if defined(SSL_OP_NO_RENEGOTIATION) |
291 |
++ SSL_OP_NO_RENEGOTIATION |
292 |
++#endif |
293 |
++#endif |
294 |
++ ); |
295 |
+ } |
296 |
+ } |
297 |
+ } |
298 |
+ |
299 |
+From 4ce784a8781ab086c150e2b9f5641b1a37fd9b31 Mon Sep 17 00:00:00 2001 |
300 |
+From: Pavel Punsky <eakraly@××××××××××××××××××××.com> |
301 |
+Date: Fri, 16 Sep 2022 00:46:45 -0700 |
302 |
+Subject: [PATCH] Improve openssl3 and FIPS support (#955) |
303 |
+ |
304 |
+openssl-3.0 deprecated some APIs and introduced new APIs instead: |
305 |
+ |
306 |
+`SSL_get_peer_certificate ` -> `SSL_get1_peer_certificate ` |
307 |
+`FIPS_mode()`->`EVP_default_properties_is_fips_enabled()` |
308 |
+`EVP_MD_CTX_set_flags()`->`EVP_default_properties_enable_fips()` |
309 |
+specifically for enabling FIPS mode |
310 |
+ |
311 |
+This change should workaround that by ifdef-ing old/new versions of |
312 |
+openssl and APIs - so pre-3.0 use existing APIs (so not change there) |
313 |
+and >=3.0 will use new APIs (whether it actually works or not is still |
314 |
+TBD as this is just a first step in openssl-3.0 support) |
315 |
+ |
316 |
+Should fix #886 |
317 |
+ |
318 |
+Test Plan: |
319 |
+Run CI build that supports ubuntu-20.04 (openssl-1.1.1) and ubuntu-22.04 |
320 |
+(openssl-3.0.2) |
321 |
+Both builds pass |
322 |
+None of them have FIPS support (which for 1.1.x stays the same as |
323 |
+before) |
324 |
+ |
325 |
+Co-authored-by: Pavel Punsky <pavel.punsky@×××××××××.com> |
326 |
+--- a/src/apps/relay/ns_ioalib_engine_impl.c |
327 |
++++ b/src/apps/relay/ns_ioalib_engine_impl.c |
328 |
+@@ -1868,7 +1868,11 @@ int ssl_read(evutil_socket_t fd, SSL* ssl, ioa_network_buffer_handle nbh, int ve |
329 |
+ |
330 |
+ } else if (!if1 && if2) { |
331 |
+ |
332 |
++#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) |
333 |
++ if(verbose && SSL_get1_peer_certificate(ssl)) { |
334 |
++#else |
335 |
+ if(verbose && SSL_get_peer_certificate(ssl)) { |
336 |
++#endif |
337 |
+ printf("\n------------------------------------------------------------\n"); |
338 |
+ X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1, |
339 |
+ XN_FLAG_MULTILINE); |
340 |
+--- a/src/apps/uclient/startuclient.c |
341 |
++++ b/src/apps/uclient/startuclient.c |
342 |
+@@ -138,7 +138,11 @@ static SSL* tls_connect(ioa_socket_raw fd, ioa_addr *remote_addr, int *try_again |
343 |
+ if (rc > 0) { |
344 |
+ TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"%s: client session connected with cipher %s, method=%s\n",__FUNCTION__, |
345 |
+ SSL_get_cipher(ssl),turn_get_ssl_method(ssl,NULL)); |
346 |
++#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) |
347 |
++ if(clnet_verbose && SSL_get1_peer_certificate(ssl)) { |
348 |
++#else |
349 |
+ if(clnet_verbose && SSL_get_peer_certificate(ssl)) { |
350 |
++#endif |
351 |
+ TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "------------------------------------------------------------\n"); |
352 |
+ X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1, |
353 |
+ XN_FLAG_MULTILINE); |
354 |
+--- a/src/client/ns_turn_msg.c |
355 |
++++ b/src/client/ns_turn_msg.c |
356 |
+@@ -248,12 +248,22 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c |
357 |
+ if (FIPS_mode()) { |
358 |
+ EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); |
359 |
+ } |
360 |
+-#endif |
361 |
++#endif // defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER) |
362 |
+ EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); |
363 |
+ EVP_DigestUpdate(&ctx,str,strl); |
364 |
+ EVP_DigestFinal(&ctx,key,&keylen); |
365 |
+ EVP_MD_CTX_cleanup(&ctx); |
366 |
+-#else |
367 |
++#elif OPENSSL_VERSION_NUMBER >= 0x30000000L |
368 |
++ unsigned int keylen = 0; |
369 |
++ EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
370 |
++ if (EVP_default_properties_is_fips_enabled(NULL)) { |
371 |
++ EVP_default_properties_enable_fips(NULL, 0); |
372 |
++ } |
373 |
++ EVP_DigestInit_ex(ctx,EVP_md5(), NULL); |
374 |
++ EVP_DigestUpdate(ctx,str,strl); |
375 |
++ EVP_DigestFinal(ctx,key,&keylen); |
376 |
++ EVP_MD_CTX_free(ctx); |
377 |
++#else // OPENSSL_VERSION_NUMBER < 0x10100000L |
378 |
+ unsigned int keylen = 0; |
379 |
+ EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
380 |
+ #if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && ! defined(LIBRESSL_VERSION_NUMBER) |
381 |
+@@ -265,7 +275,7 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t *realm, c |
382 |
+ EVP_DigestUpdate(ctx,str,strl); |
383 |
+ EVP_DigestFinal(ctx,key,&keylen); |
384 |
+ EVP_MD_CTX_free(ctx); |
385 |
+-#endif |
386 |
++#endif // OPENSSL_VERSION_NUMBER < 0X10100000L |
387 |
+ ret = 0; |
388 |
+ } |
389 |
+ |
390 |
+ |
391 |
+From 9370bb742d976166a51032760da1ecedefb92267 Mon Sep 17 00:00:00 2001 |
392 |
+From: Pavel Punsky <eakraly@××××××××××××××××××××.com> |
393 |
+Date: Fri, 16 Sep 2022 23:29:32 -0700 |
394 |
+Subject: [PATCH] Fix a warning (#988) |
395 |
+ |
396 |
+There are too many defines that are, eventually, used in one place so |
397 |
+just inlining. |
398 |
+ |
399 |
+Current code generates following warning: |
400 |
+``` |
401 |
+warning: macro expansion producing 'defined' has undefined behavior [-Wexpansion-to-defined] |
402 |
+``` |
403 |
+ |
404 |
+With the fix there is no warning |
405 |
+ |
406 |
+Co-authored-by: Pavel Punsky <pavel.punsky@×××××××××.com> |
407 |
+--- a/src/apps/relay/netengine.c |
408 |
++++ b/src/apps/relay/netengine.c |
409 |
+@@ -31,13 +31,7 @@ |
410 |
+ #include "mainrelay.h" |
411 |
+ |
412 |
+ //////////// Backward compatibility with OpenSSL 1.0.x ////////////// |
413 |
+-#define HAVE_OPENSSL11_API (!(OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER)) |
414 |
+- |
415 |
+-#ifndef HAVE_SSL_CTX_UP_REF |
416 |
+-#define HAVE_SSL_CTX_UP_REF HAVE_OPENSSL11_API |
417 |
+-#endif |
418 |
+- |
419 |
+-#if !HAVE_SSL_CTX_UP_REF |
420 |
++#if (OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER) |
421 |
+ #define SSL_CTX_up_ref(ctx) CRYPTO_add(&(ctx)->references, 1, CRYPTO_LOCK_SSL_CTX) |
422 |
+ #endif |
423 |
+ |
424 |
+ |
425 |
+From d72a2a8920b80ce66b36e22b2c22f308ad06c424 Mon Sep 17 00:00:00 2001 |
426 |
+From: Pavel Punsky <eakraly@××××××××××××××××××××.com> |
427 |
+Date: Mon, 24 Oct 2022 13:06:35 -0700 |
428 |
+Subject: [PATCH] Cleanup openssl initialization (#1012) |
429 |
+ |
430 |
+Rewriting openssl initialization code (threading support to make it |
431 |
+cleaner |
432 |
+ |
433 |
+- Regroup functions so that there is one ifdef (for old code and new |
434 |
+code) |
435 |
+- Modern openssl (>1.0.2) does not need any synchornization routines so |
436 |
+they are empty |
437 |
+- Old openssl (<=1.0.2) now require `OPENSSL_THREADS` which allows |
438 |
+running multiple threads in turnserver. Not having turnserver |
439 |
+multi-threaded is a huge waste. `OPENSSL_THREADS` is now a requirement. |
440 |
+ |
441 |
+ |
442 |
+Test Plan: |
443 |
+- CI builds pass for openssl versions 1.0.2, 1.1.1, 3.0, including tests |
444 |
+--- a/src/apps/relay/mainrelay.c |
445 |
++++ b/src/apps/relay/mainrelay.c |
446 |
+@@ -1345,7 +1345,6 @@ static void set_option(int c, char *value) |
447 |
+ STRCPY(turn_params.relay_ifname, value); |
448 |
+ break; |
449 |
+ case 'm': |
450 |
+-#if defined(OPENSSL_THREADS) |
451 |
+ if(atoi(value)>MAX_NUMBER_OF_GENERAL_RELAY_SERVERS) { |
452 |
+ TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: max number of relay threads is 128.\n"); |
453 |
+ turn_params.general_relay_servers_number = MAX_NUMBER_OF_GENERAL_RELAY_SERVERS; |
454 |
+@@ -1354,9 +1353,6 @@ static void set_option(int c, char *value) |
455 |
+ } else { |
456 |
+ turn_params.general_relay_servers_number = atoi(value); |
457 |
+ } |
458 |
+-#else |
459 |
+- TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: OpenSSL version is too old OR does not support threading,\n I am using single thread for relaying.\n"); |
460 |
+-#endif |
461 |
+ break; |
462 |
+ case 'd': |
463 |
+ STRCPY(turn_params.listener_ifname, value); |
464 |
+@@ -2645,9 +2641,8 @@ int main(int argc, char **argv) |
465 |
+ |
466 |
+ ////////// OpenSSL locking //////////////////////////////////////// |
467 |
+ |
468 |
+-#if defined(OPENSSL_THREADS) |
469 |
+- |
470 |
+-static char some_buffer[65536]; |
471 |
++#if defined(OPENSSL_THREADS) |
472 |
++#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 |
473 |
+ |
474 |
+ //array larger than anything that OpenSSL may need: |
475 |
+ static pthread_mutex_t mutex_buf[256]; |
476 |
+@@ -2665,76 +2660,52 @@ void coturn_locking_function(int mode, int n, const char *file, int line) { |
477 |
+ } |
478 |
+ } |
479 |
+ |
480 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
481 |
+ void coturn_id_function(CRYPTO_THREADID *ctid); |
482 |
+ void coturn_id_function(CRYPTO_THREADID *ctid) |
483 |
+ { |
484 |
+ UNUSED_ARG(ctid); |
485 |
+ CRYPTO_THREADID_set_numeric(ctid, (unsigned long)pthread_self()); |
486 |
+ } |
487 |
+-#else |
488 |
+-unsigned long coturn_id_function(void); |
489 |
+-unsigned long coturn_id_function(void) |
490 |
+-{ |
491 |
+- return (unsigned long)pthread_self(); |
492 |
+-} |
493 |
+-#endif |
494 |
+- |
495 |
+-#endif |
496 |
+ |
497 |
+ static int THREAD_setup(void) { |
498 |
+- |
499 |
+-#if defined(OPENSSL_THREADS) |
500 |
+- |
501 |
+- int i; |
502 |
+- |
503 |
+- some_buffer[0] = 0; |
504 |
+- |
505 |
++ int i; |
506 |
+ for (i = 0; i < CRYPTO_num_locks(); i++) { |
507 |
+ pthread_mutex_init(&(mutex_buf[i]), NULL); |
508 |
+ } |
509 |
+ |
510 |
+ mutex_buf_initialized = 1; |
511 |
+- |
512 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1 |
513 |
+ CRYPTO_THREADID_set_callback(coturn_id_function); |
514 |
+-#else |
515 |
+- CRYPTO_set_id_callback(coturn_id_function); |
516 |
+-#endif |
517 |
+- |
518 |
+ CRYPTO_set_locking_callback(coturn_locking_function); |
519 |
+-#endif |
520 |
+- |
521 |
+ return 1; |
522 |
+ } |
523 |
+ |
524 |
+ int THREAD_cleanup(void); |
525 |
+ int THREAD_cleanup(void) { |
526 |
++ int i; |
527 |
+ |
528 |
+-#if defined(OPENSSL_THREADS) |
529 |
++ if (!mutex_buf_initialized) |
530 |
++ return 0; |
531 |
+ |
532 |
+- int i; |
533 |
+- |
534 |
+- if (!mutex_buf_initialized) |
535 |
+- return 0; |
536 |
++ CRYPTO_THREADID_set_callback(NULL); |
537 |
++ CRYPTO_set_locking_callback(NULL); |
538 |
++ for (i = 0; i < CRYPTO_num_locks(); i++) { |
539 |
++ pthread_mutex_destroy(&(mutex_buf[i])); |
540 |
++ } |
541 |
+ |
542 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1 |
543 |
+- CRYPTO_THREADID_set_callback(NULL); |
544 |
++ mutex_buf_initialized = 0; |
545 |
++ return 1; |
546 |
++} |
547 |
+ #else |
548 |
+- CRYPTO_set_id_callback(NULL); |
549 |
+-#endif |
550 |
+- |
551 |
+- CRYPTO_set_locking_callback(NULL); |
552 |
+- for (i = 0; i < CRYPTO_num_locks(); i++) { |
553 |
+- pthread_mutex_destroy(&(mutex_buf[i])); |
554 |
+- } |
555 |
+- |
556 |
+- mutex_buf_initialized = 0; |
557 |
+- |
558 |
+-#endif |
559 |
++static int THREAD_setup(void) { |
560 |
++ return 1; |
561 |
++} |
562 |
+ |
563 |
+- return 1; |
564 |
++int THREAD_cleanup(void); |
565 |
++int THREAD_cleanup(void){ |
566 |
++ return 1; |
567 |
+ } |
568 |
++#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 */ |
569 |
++#endif /* defined(OPENSSL_THREADS) */ |
570 |
+ |
571 |
+ static void adjust_key_file_name(char *fn, const char* file_title, int critical) |
572 |
+ { |
573 |
+ |