Menu
▾
▴
[Sipp-devel] [PATCH] Remove dependency on OpenSSL for authentication (& merge other authentication fixes)
|
From: Rob D. <rk...@rk...> - 2012-12-15 03:21:04
|
Hi all, You may be aware that the OpenSSL license is incompatible with the GPL (http://people.gnome.org/~markmc/openssl-and-the-gpl.html) and so SIPp, which is licensed under the GPL, can't be distributed if linked against it. See https://sourceforge.net/mailarchive/message.php?msg_id=27062924 for an example of how this is causing problems - the Debian SIPp package, which lacks this OpenSSL support, can't do authentication nor TLS. It seemed to me that we shouldn't really need to link with OpenSSL for authentication - all we're doing there is an MD5 digest. So I've created a patch, which does the following: * Includes md5.h and md5.c from https://sourceforge.net/projects/libmd5-rfc/ (which is zlib-licensed and GPL-compatible) * Updates auth.c to use these MD5 functions instead * Updates the Makefile to use these files for authentication support by default * Removed any #ifdef _USE_OPENSSL statements which related to authentication * Merged auth-username patch from Dmitry Semyonov (#2892694) * Merged auth-int patch from Jordan Walbesser (#2776238) * Reorganised the help text so that authentication parameters aren't in a separate section along with TLS ones. Note that for actual TLS transport support SIPp will still need to be built against OpenSSL, but I think this is less mainstream and so I'm more comfortable with its being excluded from Debian et al. That said, I do want to try and move to GnuTLS at some point to eradicate the licensing issue entirely. I've tested this with a simple user/password pair ("alpha"/"beta") and it generates identical responses to SIPp with OpenSSL for both MD5 and AKAv1-MD5. I'd like any comments on the patch itself, the desirability of this new feature, and the merits of a move to GnuTLS. Best, Rob |