Pjsip Startup Errors When Using “with-ssl” Configure Option
Hello list, Hope you are all doing well!
I am facing a problem when compiling Asterisk 16.8.0 in a CentOS 6 box and I wonder if someone can put some light on it. Log history short, install_prereq fails to install the packages (not sure how important they actually are….): speexdsp-devel, gmime-devel, uriparser-devel, iksemel-devel, uw-imap-devel, hoard Then, I am running the following commands to build Asterisk:
./configure –with-crypto –with-srtp –with-ssl make menuselect.makeopts menuselect/menuselect –enable DONT_OPTIMIZE –enable BETTER_BACKTRACES
–enable MALLOC_DEBUG –disable BUILD_NATIVE –enable app_macro menuselect.makeopt make OPT=-fPIC
make install make samples
After this, when I start Asterisk, I get the following error with pjsip modules:
ERROR[6253]: loader.c:2396 load_modules: Error loading module
‘chan_pjsip.so’: /usr/lib/asterisk/modules/chan_pjsip.so: undefined symbol:
ast_sip_cli_traverse_objects ERROR[6253]: loader.c:2396 load_modules: Error loading module
‘res_pjsip.so’: /usr/lib/asterisk/modules/res_pjsip.so: undefined symbol:
pjsip_tls_transport_start2
ERROR[6253]: loader.c:2396 load_modules: Error loading module
‘res_pjsip_config_wizard.so’:
/usr/lib/asterisk/modules/res_pjsip_config_wizard.so: undefined symbol:
ast_sip_get_sorcery
After a lot of investigation I found this post (
https://asteriskfaqs.org/2018/09/25/asterisk-users/asterisk-1561-symbol-pjsip_tls_transport_start2-not-found.html)
which pointed me to the with-ssl parameter. So if I run all previous commands, but remove the “–with-ssl” options from the configure, then I don’t have the pjsip errors when I start Asterisk.
My first question is, what will be the impact of removing the –with-ssl option? Will TLS and WSS still be possible? I didn’t have time to test these things, however I did compared the configure and make outputs and the only difference are below, so looks like nothing extra gets compiled when the with-ssl is used… With –with-ssl:
[pjproject] Configuring with *–enable-ssl *–prefix=/opt/pjproject
–disable-speex-codec –disable-speex-aec –disable-bcg729
–disable-gsm-codec –disable-ilbc-codec –disable-l16-codec
–disable-g722-codec –disable-g7221-codec –disable-opencore-amr
–disable-silk –disable-opus –disable-video –disable-v4l2
–disable-sound –disable-ext-sound –disable-sdl –disable-libyuv
–disable-ffmpeg –disable-openh264 –disable-ipp –disable-libwebrtc
–without-external-pa –without-external-srtp –disable-resample
–disable-g711-codec –enable-epoll checking for mandatory modules: PJPROJECT CRYPTO SRTP *OPENSSL*… ok Without –with-ssl:
[pjproject] Configuring with –prefix=/opt/pjproject –disable-speex-codec
–disable-speex-aec –disable-bcg729 –disable-gsm-codec
–disable-ilbc-codec –disable-l16-codec –disable-g722-codec
–disable-g7221-codec –disable-opencore-amr –disable-silk –disable-opus
–disable-video –disable-v4l2 –disable-sound –disable-ext-sound
–disable-sdl –disable-libyuv –disable-ffmpeg –disable-openh264
–disable-ipp –disable-libwebrtc –without-external-pa
–without-external-srtp –disable-resample –disable-g711-codec
–enable-epoll checking for mandatory modules: PJPROJECT CRYPTO SRTP… ok
Also, why am I having the pjsip startup errors when the –with-ssl is used?
I could not find a clear explanation for this problem and how to fix it….
Any idea is much appreciated!
Thank you, Kind regards, Patrick Wakano
4 thoughts on - Pjsip Startup Errors When Using “with-ssl” Configure Option
If Asterisk is able to autodetect, and find the appropriate encryption libraries then yes TLS and WSS should be available. I do not use those options when building and am able to still make secure calls.
There appears to be a bug here. I configured, built, and ran with the same options mentioned (–with-ssl, etc…) and received similar pjsip module load errors. Please file a bug report on the Asterisk issue tracker [1].
[1] https://issues.asterisk.org/
Thanks!
Hi Kevin!
Thanks very much for your reply! Much appreciated!
So I just have a remaining question from this, if the with-ssl is not mandatory to have the encryption support, what is it actually used for?
Maybe it is some old flag which is not needed anymore and so can be ignored for now and possibly removed from the configure/makefile stuff for future releases?
Kind regards, Patrick Wakano
You’re welcome!
In Asterisk is allows you to set a path to the openssl files. Typically used if your install of openssl is in a non-default alternative location. For example:
–with-ssl=/path/to/ssl_files
I’m not really sure how Asterisk accepts the parameter without a file path specified. My guess is it either uses the default path, or potentially sets some flag meaning ssl is required.
See above. The flag is still needed in Asterisk. However, the setting appears to propagate in some way into the bundled pjproject configuration. This is in some way affecting the build of pjproject, then subsequently causing res_pjsip in Asterisk to not load at runtime. Further investigation is required as to why though.
That makes sense Kevin!
Thanks for the explanation, I will create a ticket for this then!
Kinds regards, Patrick Wakano