27 May
2013
27 May
'13
7:48 p.m.
I created another module that links with OpenSSL.
The current list of (non-obsolete) modules that link with OpenSSL is:
- websocket
- auth_ephemeral
- tls
- stun
- outbound
- osp
- auth_identity
FYI, for the modules I've created the usage of OpenSSL is:
- websocket: SHA1() is used to create the key in the WebSocket handshake
response.
- auth_ephemeral: HMAC(EVP_sha1(), ...) is used to calculate the password
based on the username and secret key and openssl/sha.h is included for
"#define SHA_DIGEST_LENGTH"
- outbound: HMAC(EVP_sha1(), ...) is used to encode the flow token and
RAND_bytes() is used to get cryptographically strong pseudo-random bytes
for the secret key
- stun: not sure about this as a lot of the code was copied from core
--
Peter Dunkley
Technical Director
Crocodile RCS Ltd
27 May
27 May
8:26 p.m.
Hi, Peter...
Thanks for the information.... is this also available somewhere on the
Wiki? Where should it fit better? In the compilation instructions? Or
letting it on the modules would be enough?
---
Edson.
Em 27/05/2013 20:48, Peter Dunkley escreveu:
I created another module that links with OpenSSL.
The current list of (non-obsolete) modules that link with OpenSSL is:
- websocket
- auth_ephemeral
- tls
- stun
- outbound
- osp
- auth_identity
FYI, for the modules I've created the usage of OpenSSL is:
- websocket: SHA1() is used to create the key in the WebSocket handshake
response.
- auth_ephemeral: HMAC(EVP_sha1(), ...) is used to calculate the password
based on the username and secret key and openssl/sha.h is included for
"#define SHA_DIGEST_LENGTH"
- outbound: HMAC(EVP_sha1(), ...) is used to encode the flow token and
RAND_bytes() is used to get cryptographically strong pseudo-random bytes
for the secret key
- stun: not sure about this as a lot of the code was copied from core
28 May
28 May
4:15 a.m.
No. This information is incomplete and I have only provided this information as there was
a discussion about OpenSSL during the recent developer meeting - this mailing list is the
correct place to continue and conclude this discussion.
One of the actions from the meeting was to produce a wiki page documenting _ALL_ external
libraries for each module. I do not have time to this.
Regards,
Peter
On 28 May 2013, at 01:26, Edson - Lists <4lists(a)gmail.com> wrote:
Hi, Peter...
Thanks for the information.... is this also available somewhere on the Wiki? Where should
it fit better? In the compilation instructions? Or letting it on the modules would be
enough?
---
Edson.
Em 27/05/2013 20:48, Peter Dunkley escreveu:
I created another module that links with
OpenSSL.
The current list of (non-obsolete) modules that link with OpenSSL is:
- websocket
- auth_ephemeral
- tls
- stun
- outbound
- osp
- auth_identity
FYI, for the modules I've created the usage of OpenSSL is:
- websocket: SHA1() is used to create the key in the WebSocket handshake
response.
- auth_ephemeral: HMAC(EVP_sha1(), ...) is used to calculate the password
based on the username and secret key and openssl/sha.h is included for
"#define SHA_DIGEST_LENGTH"
- outbound: HMAC(EVP_sha1(), ...) is used to encode the flow token and
RAND_bytes() is used to get cryptographically strong pseudo-random bytes
for the secret key
- stun: not sure about this as a lot of the code was copied from core
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev 
4:20 a.m.
28 maj 2013 kl. 10:15 skrev Peter Dunkley <peter.dunkley(a)crocodile-rcs.com>om>:
No. This information is incomplete and I have only
provided this information as there was a discussion about OpenSSL during the recent
developer meeting - this mailing list is the correct place to continue and conclude this
discussion.
I was worried about the initialization of OpenSSL libraries. The problem
we had in Asterisk was that Asterisk initialized
several times and external libraries could do that as well - like jabber and database
libraries. I think Kevin solved that
by creating a small shim that made sure that only one call could be made. I can see that
it can happen here as
well with postgresql client libraries initializing OpenSSL by itself.
One of the actions from the meeting was to produce a wiki page documenting _ALL_ external
libraries for each module. I do not have time to this.
I think we can do that in
doxygen. I will copy the macros I created for Asterisk to produce a doxygen page with all
the links.
/O
Regards,
Peter
On 28 May 2013, at 01:26, Edson - Lists <4lists(a)gmail.com> wrote:
Hi, Peter...
Thanks for the information.... is this also available somewhere on the Wiki? Where should
it fit better? In the compilation instructions? Or letting it on the modules would be
enough?
---
Edson.
Em 27/05/2013 20:48, Peter Dunkley escreveu:
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev I created another module that links with
OpenSSL.
The current list of (non-obsolete) modules that link with OpenSSL is:
- websocket
- auth_ephemeral
- tls
- stun
- outbound
- osp
- auth_identity
FYI, for the modules I've created the usage of OpenSSL is:
- websocket: SHA1() is used to create the key in the WebSocket handshake
response.
- auth_ephemeral: HMAC(EVP_sha1(), ...) is used to calculate the password
based on the username and secret key and openssl/sha.h is included for
"#define SHA_DIGEST_LENGTH"
- outbound: HMAC(EVP_sha1(), ...) is used to encode the flow token and
RAND_bytes() is used to get cryptographically strong pseudo-random bytes
for the secret key
- stun: not sure about this as a lot of the code was copied from core
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev 
5:06 a.m.
On 28.05.2013 10:20, Olle E. Johansson wrote:
28 maj 2013 kl. 10:15 skrev Peter
Dunkley<peter.dunkley(a)crocodile-rcs.com>om>:
I remember that we had the postgresql openssl initialization problem
already in Kamailio (or was it ser?) and it was solved by having the
other module linking to openssl statically.
regards
Klaus
>No. This information is incomplete and I have
only provided this information as there was a discussion about OpenSSL during the recent
developer meeting - this mailing list is the correct place to continue and conclude this
discussion.
I was worried about the initialization of OpenSSL libraries. The
problem we had in Asterisk was that Asterisk initialized
several times and external libraries could do that as well - like jabber and database
libraries. I think Kevin solved that
by creating a small shim that made sure that only one call could be made. I can see that
it can happen here as
well with postgresql client libraries initializing OpenSSL by itself.
5:10 a.m.
On 5/28/13 11:06 AM, Klaus Darilion wrote:
On 28.05.2013 10:20, Olle E. Johansson wrote:
This is not an issue anymore, now tls
module is the one initializing
first. Everything works fine for the latest several stable releases.
Cheers,
Daniel
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, San Francisco, USA - June 24-27, 2013
* http://asipto.com/u/katu *
28 maj 2013 kl. 10:15 skrev Peter
Dunkley<peter.dunkley(a)crocodile-rcs.com>om>:
I was worried about the initialization of
OpenSSL libraries. The
problem we had in Asterisk was that Asterisk initialized
several times and external libraries could do that as well - like
jabber and database libraries. I think Kevin solved that
by creating a small shim that made sure that only one call could be
made. I can see that it can happen here as
well with postgresql client libraries initializing OpenSSL by itself.
I remember that we had the postgresql openssl initialization problem
already in Kamailio (or was it ser?) and it was solved by having the
other module linking to openssl statically. No. This
information is incomplete and I have only provided this
information as there was a
discussion about OpenSSL during the
recent developer meeting - this mailing list is the correct place to
continue and conclude this discussion.
4238
days inactive
4239
days old
5 comments
5 participants
participants (5)
-
Daniel-Constantin Mierla -
Edson - Lists -
Klaus Darilion -
Olle E. Johansson -
Peter Dunkley