Review Board 1.7.16


Wrap OpenSSL library initialization to make it safe for loaded modules to also use OpenSSL.

Review Request #1006 - Created Nov. 11, 2010 and submitted

Kevin Fleming
trunk
Reviewers
asterisk-dev
Asterisk
During the devcon after AstriCon 2010, we got a report that using PostgreSQL from within Asterisk, when the PostgreSQL connections are configured to use SSL/TLS to connect to the database server, can cause random crashes and other bizarre behavior. The reporter said this was known to be an issue with some other packages as well (notably Kamailio), and had to do with both Asterisk and the PostgreSQL libraries assuming they "owned" the OpenSSL libraries in the process' memory space, and thus calling initialization code twice (or worse).

This patch addresses this problem by using dynamic linker functionality to *wrap* the real OpenSSL initialization functions (and some other dangerous ones) with versions that don't actually do anything, and then calling the real ones only *one* time during Asterisk startup. To make this work, the SSL functionality that is normally built into the main Asterisk binary now must be built into a dynamic library (libasteriskssl.so), which is installed into the standard dynamic library location on the system (this is *not* an Asterisk loadable module, just a regular dynamic library).

As part of this patch, the usage of ASTLIBDIR throughout the build system to refer to the directory where Asterisk loadable modules are installed was changed to ASTMODDIR (which matches how it is referred to in the source code and in asterisk.conf), and a new definition of ASTLIBDIR was created to point to the system's dynamic library directory.
Compiles and runs on Linux x86-64 with no apparent change in behavior. The Makefile bits to install libasteriskssl.so in the right place will probably have to be checked by Solaris, Darwin and *BSD users to get them right.
/trunk/Makefile.moddir_rules
Diff Revision 1 Diff Revision 2
1
#
1
#
2
# Asterisk -- A telephony toolkit for Linux.
2
# Asterisk -- A telephony toolkit for Linux.
3
# 
3
#
4
# Makefile rules for subdirectories containing modules
4
# Makefile rules for subdirectories containing modules
5
#
5
#
6
# Copyright (C) 2006, Digium, Inc.
6
# Copyright (C) 2006, Digium, Inc.
7
#
7
#
8
# Kevin P. Fleming <kpfleming@digium.com>
8
# Kevin P. Fleming <kpfleming@digium.com>
[+20] [20] 35 lines
[+20]
44
endif
44
endif
45
 
45
 
46
C_MODS:=$(filter-out $(MENUSELECT_$(MENUSELECT_CATEGORY)),$(ALL_C_MODS))
46
C_MODS:=$(filter-out $(MENUSELECT_$(MENUSELECT_CATEGORY)),$(ALL_C_MODS))
47
CC_MODS:=$(filter-out $(MENUSELECT_$(MENUSELECT_CATEGORY)),$(ALL_CC_MODS))
47
CC_MODS:=$(filter-out $(MENUSELECT_$(MENUSELECT_CATEGORY)),$(ALL_CC_MODS))
48

    
   
48

   
49
ifneq ($(findstring $(MENUSELECT_CATEGORY),$(MENUSELECT_EMBED)),)
49
ifneq ($(findstring EMBED_$(MENUSELECT_CATEGORY),$(MENUSELECT_EMBED)),)
50
    EMBEDDED_MODS:=$(C_MODS) $(CC_MODS)
50
    EMBEDDED_MODS:=$(C_MODS) $(CC_MODS)
51
else
51
else
52
    LOADABLE_MODS:=$(C_MODS) $(CC_MODS)
52
    LOADABLE_MODS:=$(C_MODS) $(CC_MODS)
53
endif
53
endif
54

    
   
54

   
[+20] [20] 65 lines
[+20]
120
	rm -f *.s *.i
120
	rm -f *.s *.i
121
	rm -f modules.link
121
	rm -f modules.link
122

    
   
122

   
123
install:: all
123
install:: all
124
	@echo "Installing modules from `basename $(CURDIR)`..."
124
	@echo "Installing modules from `basename $(CURDIR)`..."
125
	@for x in $(LOADABLE_MODS:%=%.so); do $(INSTALL) -m 755 $$x $(DESTDIR)$(ASTMODDIR) ; done
125
	@for x in $(LOADABLE_MODS:%=%.so); do $(INSTALL) -m 755 $$x "$(DESTDIR)$(ASTMODDIR)" ; done
126

    
   
126

   
127
uninstall::
127
uninstall::
128

    
   
128

   
129
dist-clean::
129
dist-clean::
130
	rm -f .*.moduleinfo .moduleinfo
130
	rm -f .*.moduleinfo .moduleinfo
[+20] [20] 8 lines
[+20]
139
.%.moduleinfo: %.cc
139
.%.moduleinfo: %.cc
140
	@echo "<member name=\"$*\" displayname=\"$(shell $(GREP) -e AST_MODULE_INFO $< | head -n 1 | cut -d '"' -f 2)\" remove_on_change=\"$(SUBDIR)/$*.oo $(SUBDIR)/$*.so\">" > $@
140
	@echo "<member name=\"$*\" displayname=\"$(shell $(GREP) -e AST_MODULE_INFO $< | head -n 1 | cut -d '"' -f 2)\" remove_on_change=\"$(SUBDIR)/$*.oo $(SUBDIR)/$*.so\">" > $@
141
	$(AWK) -f $(ASTTOPDIR)/build_tools/get_moduleinfo $< >> $@
141
	$(AWK) -f $(ASTTOPDIR)/build_tools/get_moduleinfo $< >> $@
142
	echo "</member>" >> $@
142
	echo "</member>" >> $@
143

    
   
143

   
144
.moduleinfo:: $(addsuffix .moduleinfo,$(addprefix .,$(ALL_C_MODS) $(ALL_CC_MODS)))
144
.moduleinfo:: $(addsuffix .moduleinfo,$(addprefix .,$(sort $(ALL_C_MODS) $(ALL_CC_MODS))))
145
	@echo "<category name=\"MENUSELECT_$(MENUSELECT_CATEGORY)\" displayname=\"$(MENUSELECT_DESCRIPTION)\" remove_on_change=\"$(SUBDIR)/modules.link\">" > $@
145
	@echo "<category name=\"MENUSELECT_$(MENUSELECT_CATEGORY)\" displayname=\"$(MENUSELECT_DESCRIPTION)\" remove_on_change=\"$(SUBDIR)/modules.link\">" > $@
146
	@cat $^ >> $@
146
	@cat $^ >> $@
147
	@echo "</category>" >> $@
147
	@echo "</category>" >> $@
148

    
   
148

   
149
moduleinfo: .moduleinfo
149
moduleinfo: .moduleinfo
[+20] [20] 17 lines
/trunk/Makefile
Diff Revision 1 Diff Revision 2
 
/trunk/configure.ac
Diff Revision 1 Diff Revision 2
 
/trunk/makeopts.in
Diff Revision 1 Diff Revision 2
 
/trunk/build_tools/make_defaults_h
Diff Revision 1 Diff Revision 2
 
/trunk/build_tools/mkpkgconfig
Diff Revision 1 Diff Revision 2
 
/trunk/include/asterisk.h
Diff Revision 1 Diff Revision 2
 
/trunk/include/asterisk/optional_api.h
Diff Revision 1 Diff Revision 2
 
/trunk/main/Makefile
Diff Revision 1 Diff Revision 2
 
/trunk/main/ssl.c
Diff Revision 1 Diff Revision 2
 
/trunk/main/ssl.c
Diff Revision 1 Diff Revision 2 - File Reverted
 
  1. /trunk/Makefile.moddir_rules: Loading...
  2. /trunk/Makefile: Loading...
  3. /trunk/configure.ac: Loading...
  4. /trunk/makeopts.in: Loading...
  5. /trunk/build_tools/make_defaults_h: Loading...
  6. /trunk/build_tools/mkpkgconfig: Loading...
  7. /trunk/include/asterisk.h: Loading...
  8. /trunk/include/asterisk/optional_api.h: Loading...
  9. /trunk/main/Makefile: Loading...
  10. /trunk/main/ssl.c: Loading...
  11. /trunk/main/libasteriskssl.c: Loading...

https://reviewboard.asterisk.org/ runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to asteriskteam@digium.com.