Compiling Janus against BoringSSL

[faraz khan]

Hi all,

A fellow member asked me directly how I compiled Janus against boringSSL so am putting up some instructions here. BoringSSL seems to fix the DTLS issue which happens with OpenSSL for sure (hasn't happened in 3-4 weeks + hundreds of calls with me)

In Janus's Makefile.in:

janus_CFLAGS = \

        $(AM_CFLAGS) \

        $(JANUS_CFLAGS) \

        -DPLUGINDIR=\"$(plugindir)\" \

        -DCONFDIR=\"$(confdir)\" \

        -I/opt/boringssl/include \

        $(NULL)

janus_LDADD = \

        -L/opt/boringssl \

        $(JANUS_LIBS) \

        $(JANUS_MANUAL_LIBS) \

        -lsrtp \

        -lcurl \

        -ljansson \

        $(NULL)

You will need to run autogen / configure again after doing the above!

This means that Janus would be expecting:

1. Libraries in /opt/boringssl (/opt/boringssl/libcrypto.a and /opt/boringssl/libssl.a)

2. Includes in /opt/boringssl/include

Pull BoringSSL:

git clone https://boringssl.googlesource.com/boringssl

Checkout the chrome m43 version (If you want to):

git checkout 642f1498d05

Boring SSL compilation is done through CMake / Ninja

1. Ninja is part of depot_tools: git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git

2. export PATH=$PATH:~/depot_tools <--- where depot_tools is

3. To build BoringSSL:

in $SRC_DIR:

a. mkdir build

b. cd build

c. cmake -GNinja ..

d. ninja

BoringSSL would produce includes in $SRC_DIR/include and .a files in $SRC_DIR/build/ssl and $SRC_DIR/build/crypto

For Janus you would need to run ./autogen.sh again to generate the correct configure script. repeat the compile process.

To test that the binary produced has been correctly linked to Boring ssl do:

nm janus | grep DTLSv1_2

Enjoy guys! Hopefully more than one person finds it useful! :)

[Lorenzo Miniero]

Hi Faraz,

thanks for these instructions, they're quite useful! So you think you can confirm it was an issue with OpenSSL itself?

As discussed on the github issue, I had myself tried to play a bit with BoringSSL a couple of months ago, but without much luck. More precisely, I never managed to get a proper shared version of the libraries (libcrypto and libssl) to be build, something I even opened an issue on their google code tracker for. Is this something they've solved now, or do your instructions still just produce a static library? Thinking about it, though, at the time I compiled the code using CMake and not ninja, so that may be the main difference.

I had also worked on making it configurable in the configure script, so that no "hack" would be needed in there: I'll try and revive that effort to add your instructions as a viable alternative.

Just a couple of questions: what are these lines for?

Checkout the chrome m43 version (If you want to):

git checkout 642f1498d05

Is checking out the Chrome code really necessary? It looks like an uneeded burden.

Thanks!

Lorenzo

[Michael]

Thanks a lot Faraz!

I was able to succesfully compile this now, and it's been running without issues so far.

I'll keep monitoring the logs for this error but your success sounds promising :)!

Regards,

Michael

[Lorenzo Miniero]

Thanks for your feedback Michael! I'd ask you guys to close the issue on github if you eventually confirm using BoringSSL fixes it, then, as in that case we can be sure it was not an issue in Janus.

L.

[Lorenzo Miniero]

Answering my own question, I noticed that your build still generates a shared object (.a, as you specify in your instructions). I wanted a shared object, and so played with the updated revision. Apparently I managed to get something cooked using the following steps:

   git clone https://boringssl.googlesource.com/boringssl
   cd boringssl
   sed -i s/-Werror//g CMakeLists.txt
   mkdir build
   cd build
   cmake -DBUILD_SHARED_LIBS=1 -DCMAKE_CXX_FLAGS="-lrt" ..
   make

I had to get rid of -Werror because of a warning that caused the compilation process to fail, and to manually add -lrt to account for an undefined reference to clock_gettime. This seems to correctly generate shared objects for both BoringSSL's libcrypto and libssl, although I haven't tried to use them in Janus yet.

Lorenzo

[Lorenzo Miniero]

Sorry, I meant your build still generates a static library, of course... besides, I had no need for ninja.

L.

[faraz khan]

Ah okay - yup statically linked! The boringssl bit was super easy. As with all newer google projects I've realized the only tested method to build is through ninja!

It seems to not create the dtls issue anymore and is api compatible so no janus changes are required.

The m43 stuff is just so you check out a 'stable' version of boringssl. I try to use everything a major release of chrome is using so as to avoid running into weird untracked issues. It doesnt checkout chrome, just the commit Id of boring SSL that chrome m43 uses.

Thanks!

[Benjamin Trent]

Man, this is AWESOME! I ran into the DTLS issue a little while back randomly. If I ever do run into it again with my set up, I am definitely going to switch to BoringSSL.

How does it stack up against FireFox? Did this DTLS issue happen to anybody utilizing Firefox? Or is it just Chrome?

[Lorenzo Miniero]

Hi guys,

just FYI, I've made a PR to try and discipline the compilation against BoringSSL in Janus:

https://github.com/meetecho/janus-gateway/pull/343

Please test it and let me know if this works in your setup just like the manual changes Faraz suggested and I'll merge.

Lorenzo