Sofia will unpredictably close a tls transport during call setup. This
occurs when the epoll event loop wakes up the socket reader and SSL_read
returns an error because there is no packet on the socket. Normally
sofia will read the last error using SSL_get_error and return
SSL_ERROR_WANT_READ. Sofia gracefully handles this error and the
transport stays open. Sometimes, however, the worker thread will call
SSL_shutdown for a different transport, which can write an error to the
internal openssl error queue. If that error is not read off the queue,
the next time that SSL_get_error is called, it will read that unrelated
error.
The documentation for SSL_shutdown explains that there are three
possible results -1, 0 and 1 with, oddly, 1 indicating success. The -1
result code occurs when there is no handshake callback registered on the
connection. It can return 0 when there is still work to be done. The
documentation suggest that it is insufficient to call it just once. This
is why I added the do {} while () construct.
Although just the fix to SSL_shutdown was enough to resolve my issue, I
a also audited other calls to SSL_* functions and found a few other
cases where an error may be generated, but was not handled.
The new C compiler breaks a lot of things. snprintf and timespec now exist, and redefining causes an error.
Many more things are warnings, so warnings-as-errors will fail - remove it from some projects for now.
V8: don't pass VS version to build batch file.
mod_sofia: Config has too-long if/elseif chain. Break this up to avoid "parser stack overflow; program too complex".
Add mod_conference.h to project and dir to includes.
Ephemeral ECDH (ECDHE) was supported already. This patch adds Ephemeral
DH (DHE). To enable it, add DH parameters into the private-key file of
your server (agent.pem). For example via:
openssl dhparam -out dh.pem 2048
FS-7561 #resolve
The file 'libs/sofia-sip/s2check/exit77.c' was moved in order to
silence the warning and to keep the build working. There might be a
build problem that results from this file move, but after serveral
build tests I have not found one. The contents of the file are
specifically for the make check target, so I believe it would be
highly unlikely to cause problems with any production feature.
FS-7122 #resolve
ADTRAN Total Access devices do not support sending the rport parameter in
the Via header. This allows us to detect the device and force rport when
using the "safe" parameter, enabling the device to be used behind NAT.
FS-6823 #resolve
Anthony Minessale
Alexandr Dubovikov
Mike Jerris
Spencer Thomason
Ethan Atkins
Anthony Minessale II
Michael Giagnocavo
Alexander Traud
Artur Zaprzała
Brian West
Artur Zaprzała
William King
Jeff Lenk