|
Bugzilla – Full Text Bug Listing |
| Summary: | libsrtp fails to build with OpenSSL 1.1 | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Tumbleweed | Reporter: | Vítězslav Čížek <vcizek> |
| Component: | Other | Assignee: | Stanislav Brabec <sbrabec> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | fvogt, jengelh, vcizek, zaitor |
| Version: | Current | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1042629 | ||
|
Description
Vítězslav Čížek
2017-08-23 13:07:34 UTC
The openssl 1.1. compatibility fixes were merged to upstream git master: https://github.com/cisco/libsrtp/issues/210 Release 2.1.0 should now work with openssl 1.1. Maybe we could switch to that branch? I just tried to backport changes to a latest stable version libsrtp-1.6.0. Nearly all chunks failed to apply. The code is very different. Release 2.1.0 seems to be a rewrite. => Upgrade to 2.1.0 seems to be a simplest solution. Let's see whether it will break anything. Given it is a rewrite, it will probably break all across the board. Just try switching all BuildRequires: libsrtp-devel in a temp project to libsrtp2-devel (it's already in Factory). I found four packages that directly depend on libsrtp: gstreamer-plugins-bad: No support for libsrtp2 yet. But SRTP support can be easily disabled. kopete: No support for libsrtp2 yet. But SRTP support can be easily disabled. libqt5-qtwebengine: No support for libsrtp2 yet. SRTP cannot be disabled, it uses either external or internal instance of libsrtp. mediastreamer2: No support for libsrtp2 yet. It does not compile currently, s I don't know whether it is optional. => We either have to stay at libsrtp1 and backport OpenSSL 1.1 support patches, or we have to port these applications to libsrtp2. (In reply to Stanislav Brabec from comment #4) > I found four packages that directly depend on libsrtp: > > gstreamer-plugins-bad: No support for libsrtp2 yet. But SRTP support can be > easily disabled. > > kopete: No support for libsrtp2 yet. But SRTP support can be easily disabled. > > libqt5-qtwebengine: No support for libsrtp2 yet. SRTP cannot be disabled, it > uses either external or internal instance of libsrtp. AFAICT that's only because of chromium. This means that either chromium is affected in the same way or if it isn't, fixed in webengine as well. > mediastreamer2: No support for libsrtp2 yet. It does not compile currently, > s I don't know whether it is optional. > > => We either have to stay at libsrtp1 and backport OpenSSL 1.1 support > patches, or we have to port these applications to libsrtp2. libsrtp can also be build without openssl support (--enable-openssl). Fedora seems to be doing that. libsrtp will then be using its own implementation of some crypto primitives instead of relying on openssl. I'm not sure what functionality might be missing in such setup. But I guess we'd prefer to use the openssl implementation. The openssl support is being dropped in https://build.opensuse.org/request/show/532807 libsrtp will use its own crypto implementation. This drops AES GCM support. The OpenSSL 1.1 incompatible headers (aes_gcm_ossl.h and aes_icm_ossl.h) remained in the -devel package and caused build failures (eg gstreamer-plugins-bad). I've submitted a request that removes them from the devel package. https://build.opensuse.org/request/show/533436 |