Module: kamailio Branch: 6.0 Commit: de4b07c3a4962afb167bf80e2e673ad0fe88f25c URL: https://github.com/kamailio/kamailio/commit/de4b07c3a4962afb167bf80e2e673ad0fe88f25c
Author: Xenofon Karamanos <[email protected]> Committer: Xenofon Karamanos <[email protected]> Date: 2025-09-22T13:53:25Z Revert "websocket: use core sha1 instead of libssl for the handshake key" This reverts commit 24643eb80d8206098a17dd8073523157766a5a04. --- Modified: src/modules/websocket/CMakeLists.txt Modified: src/modules/websocket/Makefile Modified: src/modules/websocket/ws_handshake.c --- Diff: https://github.com/kamailio/kamailio/commit/de4b07c3a4962afb167bf80e2e673ad0fe88f25c.diff Patch: https://github.com/kamailio/kamailio/commit/de4b07c3a4962afb167bf80e2e673ad0fe88f25c.patch --- diff --git a/src/modules/websocket/CMakeLists.txt b/src/modules/websocket/CMakeLists.txt index ce3d36f9cb9..daddc40face 100644 --- a/src/modules/websocket/CMakeLists.txt +++ b/src/modules/websocket/CMakeLists.txt @@ -4,6 +4,8 @@ add_library(${module_name} SHARED ${MODULE_SOURCES}) find_package(OpenSSL REQUIRED) +target_link_libraries(websocket PRIVATE OpenSSL::SSL OpenSSL::Crypto) + # TODO: Verify if correct if(EMBEDDED_UTF8_DECODE EQUAL 0) target_link_libraries(${module_name} PRIVATE unistring) diff --git a/src/modules/websocket/Makefile b/src/modules/websocket/Makefile index 3df8ed318cb..99b1fe1f8c3 100644 --- a/src/modules/websocket/Makefile +++ b/src/modules/websocket/Makefile @@ -8,6 +8,36 @@ NAME=websocket.so EMBEDDED_UTF8_DECODE ?= 0 +ifeq ($(CROSS_COMPILE),) +SSL_BUILDER=$(shell \ + if pkg-config --exists libssl; then \ + echo 'pkg-config libssl'; \ + fi) + +ifneq ($(SSL_BUILDER),) +SSL_BUILDER+=$(shell \ + if pkg-config --exists libcrypto; then \ + echo 'libcrypto'; \ + fi) +endif + +endif + +ifneq ($(SSL_BUILDER),) + DEFS += $(shell $(SSL_BUILDER) --cflags) + LIBS += $(shell $(SSL_BUILDER) --libs) +else + DEFS += -I$(LOCALBASE)/ssl/include + LIBS += -L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib \ + -L$(LOCALBASE)/lib64 -L$(LOCALBASE)/ssl/lib64 \ + -lssl -lcrypto + # NOTE: depending on the way in which libssl was compiled you might + # have to add -lz -lkrb5 (zlib and kerberos5). + # E.g.: make TLS_HOOKS=1 TLS_EXTRA_LIBS="-lz -lkrb5" +endif + +LIBS+= $(TLS_EXTRA_LIBS) + ifeq ($(EMBEDDED_UTF8_DECODE),0) DEFS += -I$(LOCALBASE)/include LIBS += -L$(LOCALBASE)/lib -lunistring @@ -20,3 +50,4 @@ endif #LIBS+= /usr/lib/libcurl.a /usr/lib/libssl.a /usr/lib/libcrypto.a -lkrb5 -lidn -lz -lgssapi_krb5 -lrt include ../../Makefile.modules + diff --git a/src/modules/websocket/ws_handshake.c b/src/modules/websocket/ws_handshake.c index 32ec7599af1..01a543486c0 100644 --- a/src/modules/websocket/ws_handshake.c +++ b/src/modules/websocket/ws_handshake.c @@ -26,6 +26,8 @@ * */ +#include <openssl/sha.h> + #include "../../core/basex.h" #include "../../core/data_lump_rpl.h" #include "../../core/dprint.h" @@ -34,7 +36,6 @@ #include "../../core/tcp_conn.h" #include "../../core/counters.h" #include "../../core/strutils.h" -#include "../../core/crypto/shautils.h" #include "../../core/mem/mem.h" #include "../../core/parser/msg_parser.h" #include "../sl/sl.h" @@ -92,7 +93,7 @@ static str str_status_service_unavailable = str_init("Service Unavailable"); #define HDR_BUF_LEN (512) static char headers_buf[HDR_BUF_LEN]; -static char key_buf[base64_enc_len(SHA1_DIGEST_LENGTH)]; +static char key_buf[base64_enc_len(SHA_DIGEST_LENGTH)]; static int ws_send_reply(sip_msg_t *msg, int code, str *reason, str *hdrs) { @@ -119,7 +120,7 @@ static int ws_send_reply(sip_msg_t *msg, int code, str *reason, str *hdrs) int ws_handle_handshake(struct sip_msg *msg) { str key = {0, 0}, headers = {0, 0}, reply_key = {0, 0}, origin = {0, 0}; - unsigned char sha1[SHA1_DIGEST_LENGTH]; + unsigned char sha1[SHA_DIGEST_LENGTH]; unsigned int hdr_flags = 0, sub_protocol = 0; int version = 0; struct hdr_field *hdr = msg->headers; @@ -304,11 +305,11 @@ int ws_handle_handshake(struct sip_msg *msg) memcpy(reply_key.s, key.s, key.len); memcpy(reply_key.s + key.len, str_ws_guid.s, str_ws_guid.len); reply_key.len = key.len + str_ws_guid.len; - compute_sha1_raw(sha1, (u_int8_t *)reply_key.s, reply_key.len); + SHA1((const unsigned char *)reply_key.s, reply_key.len, sha1); pkg_free(reply_key.s); reply_key.s = key_buf; - reply_key.len = base64_enc(sha1, SHA1_DIGEST_LENGTH, - (unsigned char *)reply_key.s, base64_enc_len(SHA1_DIGEST_LENGTH)); + reply_key.len = base64_enc(sha1, SHA_DIGEST_LENGTH, + (unsigned char *)reply_key.s, base64_enc_len(SHA_DIGEST_LENGTH)); /* Add the connection to the WebSocket connection table */ wsconn_add(&msg->rcv, sub_protocol); _______________________________________________ Kamailio - Development Mailing List -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
