From: Martijn van Duren Subject: Re: telephony/coturn (turnserver) update To: ports Cc: Stuart Henderson Date: Thu, 5 Mar 2026 13:25:09 +0100 Funny, I'm running with 4.9.0r0 since yesterday. Diff below. My diff includes an additional diff, since coturn moves to openssl/{decoder,param_build}.h, which isn't supported by LibreSSL. I discussed this with tb@, and we came to the conclusion that just reintroducing the old DH-based code is the easiest way forward. Some comments on your diff inline. Apart from those, there's quite a bit of moving parts. Anything relevant between your diff and mine that I might have overlooked? martijn@ On 3/5/26 12:31 PM, Stuart Henderson wrote: > if anyone's using this, can you test this update/cleanup please? > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/telephony/coturn/Makefile,v > diff -u -p -r1.20 Makefile > --- Makefile 14 Jan 2025 15:07:27 -0000 1.20 > +++ Makefile 5 Mar 2026 11:30:24 -0000 > @@ -1,13 +1,9 @@ > COMMENT = coturn STUN/TURN server > > -V = 4.6.3-r0 > GH_ACCOUNT = coturn > GH_PROJECT = coturn > -GH_TAGNAME = docker/${V} > -DISTNAME = turnserver-${V:S/-r/pl/} > - > -COMPILER = base-clang ports-gcc > -COMPILER_LANGS = c > +GH_TAGNAME = 4.8.0 > +PKGNAME = turnserver-${GH_TAGNAME} Last time we chose to go with the r* versions, since they also add code changes in there. I don't have a hard preference for one of the other, but considering our previous choice is it worth swapping again? > > CATEGORIES = telephony > > @@ -15,27 +11,33 @@ CATEGORIES = telephony > PERMIT_PACKAGE = Yes > > WANTLIB += c crypto event_core event_extra event_openssl event_pthreads > -WANTLIB += hiredis intl mariadb pq pthread sqlite3 ssl m z > +WANTLIB += hiredis mariadb pq pthread sqlite3 ssl > + > +COMPILER = base-clang ports-gcc > +COMPILER_LANGS = c > > -LIB_DEPENDS = databases/mariadb \ > - databases/postgresql \ > - databases/sqlite3 \ > - devel/gettext,-runtime \ > - devel/libevent2 \ > - databases/libhiredis > - > -CONFIGURE_STYLE = simple > -CONFIGURE_ARGS = --localstatedir='${LOCALSTATEDIR}' > -# There is no port for MongoDB development libraries and/or headers > -CONFIGURE_ENV = TURN_NO_MONGO=1 \ > - TURN_NO_PROMETHEUS=1 \ > - TURN_NO_SYSTEMD=1 > -# Don't pick up devel/pkgconf > -CONFIGURE_ENV += PKGCONFIG="pkg-config" > +MODULES = devel/cmake Any particular reason to change build environment? > + > +LIB_DEPENDS = databases/mariadb \ > + databases/postgresql \ > + databases/sqlite3 \ > + devel/libevent2 \ > + databases/libhiredis > > post-install: > - rm -rf ${PREFIX}/etc > - mv ${WRKINST}${LOCALSTATEDIR}/db/turndb \ > + rm -rf ${PREFIX}/etc \ > + ${PREFIX}/share/examples/turnserver/ca \ > + ${PREFIX}/share/examples/turnserver/run*.sh > + mv ${PREFIX}/share/examples/turnserver/var/db/turndb \ > ${PREFIX}/share/examples/turnserver > + rmdir ${PREFIX}/share/examples/turnserver/var{/db,} > + chmod +x ${PREFIX}/bin/* # huh?! not installed as executable... > + > +NO_TEST = Yes > +# there are tests, but hitting "bind: Address already in use" > +#do-test: > +# ln -fs ${WRKBUILD} ${WRKSRC}/build > +# cd ${WRKSRC}/examples; sh run_tests.sh > +# cd ${WRKSRC}/examples; sh run_tests_conf.sh > > .include > Index: distinfo > =================================================================== > RCS file: /cvs/ports/telephony/coturn/distinfo,v > diff -u -p -r1.6 distinfo > --- distinfo 16 Dec 2024 13:14:51 -0000 1.6 > +++ distinfo 5 Mar 2026 11:30:24 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (turnserver-4.6.3pl0.tar.gz) = yIFrwM9YQT5Y6r8EDtTCHp8kHKk6cEVja1Dow0BsTrk= > -SIZE (turnserver-4.6.3pl0.tar.gz) = 535329 > +SHA256 (coturn-4.8.0.tar.gz) = o7MCtSxUBaJZX1kDbJX8NnbmQENrpn4/Yhk37GSLHqU= > +SIZE (coturn-4.8.0.tar.gz) = 544737 > Index: patches/patch-CMakeLists_txt > =================================================================== > RCS file: patches/patch-CMakeLists_txt > diff -N patches/patch-CMakeLists_txt > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-CMakeLists_txt 5 Mar 2026 11:30:24 -0000 > @@ -0,0 +1,34 @@ > +Index: CMakeLists.txt > +--- CMakeLists.txt.orig > ++++ CMakeLists.txt > +@@ -147,7 +147,7 @@ install(DIRECTORY turndb/ > + DESTINATION share/turnserver > + COMPONENT Runtime) > + install(DIRECTORY turndb/ > +- DESTINATION doc/turnserver > ++ DESTINATION share/doc/turnserver > + COMPONENT Runtime) > + install(FILES > + LICENSE > +@@ -156,7 +156,7 @@ install(FILES > + README.turnutils > + INSTALL > + postinstall.txt > +- DESTINATION doc/turnserver > ++ DESTINATION share/doc/turnserver > + COMPONENT Runtime) > + install(FILES examples/etc/turnserver.conf > + DESTINATION ${CMAKE_INSTALL_SYSCONFDIR} > +@@ -164,9 +164,9 @@ install(FILES examples/etc/turnserver.conf > + RENAME turnserver.conf.default > + ) > + install(DIRECTORY > +- examples > +- DESTINATION share > +- COMPONENT examples > ++ examples/ > ++ DESTINATION share/examples/turnserver > ++ COMPONENT turnserver > + ) > + include(cmake/CMakeCPack.cmake) > + > Index: patches/patch-src_apps_common_apputils_c > =================================================================== > RCS file: /cvs/ports/telephony/coturn/patches/patch-src_apps_common_apputils_c,v > diff -u -p -r1.1 patch-src_apps_common_apputils_c > --- patches/patch-src_apps_common_apputils_c 16 Dec 2024 13:14:51 -0000 1.1 > +++ patches/patch-src_apps_common_apputils_c 5 Mar 2026 11:30:24 -0000 > @@ -1,7 +1,7 @@ > Index: src/apps/common/apputils.c > --- src/apps/common/apputils.c.orig > +++ src/apps/common/apputils.c > -@@ -1179,7 +1179,7 @@ char *find_config_file(const char *config_file) { > +@@ -1190,7 +1190,7 @@ char *find_config_file(const char *config_file) { > /////////////////// SYS SETTINGS /////////////////////// > > void ignore_sigpipe(void) { > Index: patches/patch-src_apps_relay_CMakeLists_txt > =================================================================== > RCS file: patches/patch-src_apps_relay_CMakeLists_txt > diff -N patches/patch-src_apps_relay_CMakeLists_txt > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_apps_relay_CMakeLists_txt 5 Mar 2026 11:30:24 -0000 > @@ -0,0 +1,19 @@ > +Index: src/apps/relay/CMakeLists.txt > +--- src/apps/relay/CMakeLists.txt.orig > ++++ src/apps/relay/CMakeLists.txt > +@@ -188,12 +188,8 @@ if(WIN32) > + DESTINATION "${CMAKE_INSTALL_BINDIR}" > + COMPONENT Runtime) > + else() > +- add_custom_target(turnadmin ALL > +- COMMAND > +- ${CMAKE_COMMAND} -E create_symlink $ $/turnadmin > +- DEPENDS ${PROJECT_NAME}) > +- INSTALL(FILES $/turnadmin > +- DESTINATION "${CMAKE_INSTALL_BINDIR}" > ++ INSTALL(CODE "execute_process(COMMAND ${CMAKE_COMMAND} -E create_symlink ${PROJECT_NAME} turnadmin WORKING_DIRECTORY \$ENV{DESTDIR}/${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR})" > + COMPONENT Runtime > +- ) > ++ ) > + endif() > ++ > Index: patches/patch-src_apps_relay_mainrelay_c > =================================================================== > RCS file: /cvs/ports/telephony/coturn/patches/patch-src_apps_relay_mainrelay_c,v > diff -u -p -r1.3 patch-src_apps_relay_mainrelay_c > --- patches/patch-src_apps_relay_mainrelay_c 16 Dec 2024 13:14:51 -0000 1.3 > +++ patches/patch-src_apps_relay_mainrelay_c 5 Mar 2026 11:30:24 -0000 > @@ -3,9 +3,9 @@ Don't create a default pidfile > Index: src/apps/relay/mainrelay.c > --- src/apps/relay/mainrelay.c.orig > +++ src/apps/relay/mainrelay.c > -@@ -126,7 +126,7 @@ turn_params_t turn_params = { > +@@ -131,7 +131,7 @@ turn_params_t turn_params = { > > - 0, /* do_not_use_config_file */ > + false, /* do_not_use_config_file */ > > - "/var/run/turnserver.pid", /* pidfile */ > + "", /* pidfile */ > Index: pkg/PLIST > =================================================================== > RCS file: /cvs/ports/telephony/coturn/pkg/PLIST,v > diff -u -p -r1.5 PLIST > --- pkg/PLIST 8 Nov 2022 11:17:14 -0000 1.5 > +++ pkg/PLIST 5 Mar 2026 11:30:24 -0000 > @@ -1,23 +1,49 @@ > @newgroup _turnserver:795 > @newuser _turnserver:795:795::TURN Server user:/var/empty:/sbin/nologin > @rcscript ${RCDIR}/turnserver > -@bin bin/turnadmin > +bin/turnadmin > @bin bin/turnserver > @bin bin/turnutils_natdiscovery > @bin bin/turnutils_oauth > @bin bin/turnutils_peer > +@bin bin/turnutils_rfc5769check > @bin bin/turnutils_stunclient > @bin bin/turnutils_uclient > include/turn/ > +include/turn/apputils.h > include/turn/client/ > include/turn/client/TurnMsgLib.h > +include/turn/client/ns_turn_defs.h > include/turn/client/ns_turn_ioaddr.h > include/turn/client/ns_turn_msg.h > include/turn/client/ns_turn_msg_addr.h > include/turn/client/ns_turn_msg_defs.h > include/turn/client/ns_turn_msg_defs_experimental.h > -include/turn/ns_turn_defs.h > +include/turn/ns_turn_openssl.h > +include/turn/ns_turn_utils.h > +include/turn/server/ > +include/turn/server/ns_turn_allocation.h > +include/turn/server/ns_turn_ioalib.h > +include/turn/server/ns_turn_khash.h > +include/turn/server/ns_turn_maps.h > +include/turn/server/ns_turn_maps_rtcp.h > +include/turn/server/ns_turn_server.h > +include/turn/server/ns_turn_session.h > +include/turn/stun_buffer.h > +lib/cmake/coturn/ > +lib/cmake/coturn/coturnConfig.cmake > +lib/cmake/coturn/turn_serverConfig${MODCMAKE_BUILD_SUFFIX} > +lib/cmake/coturn/turn_serverConfig.cmake > +lib/cmake/coturn/turn_serverConfigVersion.cmake > +lib/cmake/coturn/turnclientConfig${MODCMAKE_BUILD_SUFFIX} > +lib/cmake/coturn/turnclientConfig.cmake > +lib/cmake/coturn/turnclientConfigVersion.cmake > +lib/cmake/coturn/turncommonConfig${MODCMAKE_BUILD_SUFFIX} > +lib/cmake/coturn/turncommonConfig.cmake > +lib/cmake/coturn/turncommonConfigVersion.cmake > +@static-lib lib/libturn_server.a > @static-lib lib/libturnclient.a > +@static-lib lib/libturncommon.a > @man man/man1/coturn.1 > @man man/man1/turnadmin.1 > @man man/man1/turnserver.1 > @@ -38,7 +64,11 @@ share/doc/turnserver/schema.mongo.sh > share/doc/turnserver/schema.sql > share/doc/turnserver/schema.stats.redis > share/doc/turnserver/schema.userdb.redis > +share/doc/turnserver/testmongosetup.sh > +share/doc/turnserver/testredisdbsetup.sh > +share/doc/turnserver/testsqldbsetup.sql > share/examples/turnserver/ > +share/examples/turnserver/cpu-mem.sh > share/examples/turnserver/etc/ > share/examples/turnserver/etc/cacert.pem > share/examples/turnserver/etc/coturn.service > @@ -106,6 +136,7 @@ share/examples/turnserver/scripts/restap > share/examples/turnserver/scripts/restapi/secure_relay_secret_with_db_sqlite.sh > share/examples/turnserver/scripts/restapi/secure_udp_client_with_secret.sh > share/examples/turnserver/scripts/restapi/shared_secret_maintainer.pl > +share/examples/turnserver/scripts/rfc5769.sh > share/examples/turnserver/scripts/selfloadbalance/ > share/examples/turnserver/scripts/selfloadbalance/secure_dos_attack.sh > share/examples/turnserver/scripts/selfloadbalance/secure_relay.sh > diff refs/heads/master refs/heads/coturn/4.9.0 commit - c0ffeeec67cf93452bf5892d2b6e0e11a10066f5 commit + 43a7c459a11797dd46d7af48e6953cfbbaaced76 blob - ef0cbfbc767bf831937c3754b5589a9a6bc9ddcd blob + 350abbba7e180e4e475f843b59c12e81fbbdc663 --- telephony/coturn/Makefile +++ telephony/coturn/Makefile @@ -1,6 +1,6 @@ COMMENT = coturn STUN/TURN server -V = 4.6.3-r0 +V = 4.9.0-r0 GH_ACCOUNT = coturn GH_PROJECT = coturn GH_TAGNAME = docker/${V} blob - 93d10c927ffdf908e9b712c49dfca88bf9c3ff38 blob + 44836b10d7f817a45d69ff290db566b46bab7a09 --- telephony/coturn/distinfo +++ telephony/coturn/distinfo @@ -1,2 +1,2 @@ -SHA256 (turnserver-4.6.3pl0.tar.gz) = yIFrwM9YQT5Y6r8EDtTCHp8kHKk6cEVja1Dow0BsTrk= -SIZE (turnserver-4.6.3pl0.tar.gz) = 535329 +SHA256 (turnserver-4.9.0pl0.tar.gz) = yCqvwI3ynHV2HxTNLTZHkpe7KsA3sKPrtX15uuvz1CQ= +SIZE (turnserver-4.9.0pl0.tar.gz) = 546458 blob - bac4ba5c6b066fe048f01e0411763a742b1e8c85 blob + 887c28bbbd52c63d6eb6cbee3eebf64f5960011a --- telephony/coturn/patches/patch-src_apps_common_apputils_c +++ telephony/coturn/patches/patch-src_apps_common_apputils_c @@ -1,7 +1,7 @@ Index: src/apps/common/apputils.c --- src/apps/common/apputils.c.orig +++ src/apps/common/apputils.c -@@ -1179,7 +1179,7 @@ char *find_config_file(const char *config_file) { +@@ -1190,7 +1190,7 @@ char *find_config_file(const char *config_file) { /////////////////// SYS SETTINGS /////////////////////// void ignore_sigpipe(void) { blob - c79bb29d7dd5a1cd330b7cd76f63c0732a411d5a blob + 85357b9a0a9fb25f422435d360a77e35d18c17a4 --- telephony/coturn/patches/patch-src_apps_relay_mainrelay_c +++ telephony/coturn/patches/patch-src_apps_relay_mainrelay_c @@ -1,14 +1,208 @@ -Don't create a default pidfile +- Don't create a default pidfile +- Use the old DH code, since LibreSSL doesn't support OSSL_{DECODER,PARAM} Index: src/apps/relay/mainrelay.c --- src/apps/relay/mainrelay.c.orig +++ src/apps/relay/mainrelay.c -@@ -126,7 +126,7 @@ turn_params_t turn_params = { +@@ -132,7 +132,7 @@ turn_params_t turn_params = { - 0, /* do_not_use_config_file */ + false, /* do_not_use_config_file */ - "/var/run/turnserver.pid", /* pidfile */ + "", /* pidfile */ "", /* acme_redirect */ //////////////// Listener server ///////////////// +@@ -3523,7 +3523,7 @@ static void adjust_key_file_names(void) { + adjust_key_file_name(turn_params.dh_file, "DH key", 0); + } + } +-static EVP_PKEY *get_dh566(void) { ++static DH *get_dh566(void) { + + unsigned char dh566_p[] = {0x36, 0x53, 0xA8, 0x9C, 0x3C, 0xF1, 0xD1, 0x1B, 0x2D, 0xA2, 0x64, 0xDE, 0x59, 0x3B, 0xE3, + 0x8C, 0x27, 0x74, 0xC2, 0xBE, 0x9B, 0x6D, 0x56, 0xE7, 0xDF, 0xFF, 0x67, 0x6A, 0xD2, 0x0C, +@@ -3537,34 +3537,25 @@ static EVP_PKEY *get_dh566(void) { + // -----END DH PARAMETERS----- + + unsigned char dh566_g[] = {0x05}; ++ DH *dh; + +- BIGNUM *p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL); +- BIGNUM *g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL); +- if (!p || !g) { +- BN_free(p); +- BN_free(g); +- return NULL; ++ if ((dh = DH_new()) == NULL) { ++ return (NULL); + } +- +- OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); +- OSSL_PARAM_BLD_push_BN(bld, "p", p); +- OSSL_PARAM_BLD_push_BN(bld, "g", g); +- OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld); +- OSSL_PARAM_BLD_free(bld); +- BN_free(p); +- BN_free(g); +- +- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); +- EVP_PKEY *pkey = NULL; +- EVP_PKEY_fromdata_init(pctx); +- EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params); +- EVP_PKEY_CTX_free(pctx); +- OSSL_PARAM_free(params); +- return pkey; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++ dh->p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL); ++ dh->g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL); ++ if ((dh->p == NULL) || (dh->g == NULL)) { ++ DH_free(dh); ++ return (NULL); ++ } ++#else ++ DH_set0_pqg(dh, BN_bin2bn(dh566_p, sizeof(dh566_p), NULL), NULL, BN_bin2bn(dh566_g, sizeof(dh566_g), NULL)); ++#endif ++ return (dh); + } ++static DH *get_dh1066(void) { + +-static EVP_PKEY *get_dh1066(void) { +- + unsigned char dh1066_p[] = {0x02, 0x0E, 0x26, 0x6F, 0xAA, 0x9F, 0xA8, 0xE5, 0x3F, 0x70, 0x88, 0xF1, 0xA9, 0x29, 0xAE, + 0x1A, 0x2B, 0xA8, 0x2F, 0xE8, 0xE5, 0x0E, 0x81, 0x78, 0xD7, 0x12, 0x41, 0xDC, 0xE2, 0xD5, + 0x10, 0x6F, 0x8A, 0x35, 0x23, 0xCE, 0x66, 0x93, 0x67, 0x14, 0xEA, 0x0A, 0x61, 0xD4, 0x43, +@@ -3582,34 +3573,25 @@ static EVP_PKEY *get_dh1066(void) { + // -----END DH PARAMETERS----- + + unsigned char dh1066_g[] = {0x02}; ++ DH *dh; + +- BIGNUM *p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL); +- BIGNUM *g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL); +- if (!p || !g) { +- BN_free(p); +- BN_free(g); +- return NULL; ++ if ((dh = DH_new()) == NULL) { ++ return (NULL); + } +- +- OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); +- OSSL_PARAM_BLD_push_BN(bld, "p", p); +- OSSL_PARAM_BLD_push_BN(bld, "g", g); +- OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld); +- OSSL_PARAM_BLD_free(bld); +- BN_free(p); +- BN_free(g); +- +- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); +- EVP_PKEY *pkey = NULL; +- EVP_PKEY_fromdata_init(pctx); +- EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params); +- EVP_PKEY_CTX_free(pctx); +- OSSL_PARAM_free(params); +- return pkey; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++ dh->p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL); ++ dh->g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL); ++ if ((dh->p == NULL) || (dh->g == NULL)) { ++ DH_free(dh); ++ return (NULL); ++ } ++#else ++ DH_set0_pqg(dh, BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL), NULL, BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL)); ++#endif ++ return (dh); + } ++static DH *get_dh2066(void) { + +-static EVP_PKEY *get_dh2066(void) { +- + unsigned char dh2066_p[] = { + 0x03, 0x31, 0x77, 0x20, 0x58, 0xA6, 0x69, 0xA3, 0x9D, 0x2D, 0x5E, 0xE0, 0x5C, 0x46, 0x82, 0x0F, 0x9E, 0x80, 0xF0, + 0x00, 0x2A, 0xF9, 0x0F, 0x62, 0x1F, 0x89, 0xCE, 0x7D, 0x2A, 0xFD, 0xC5, 0x9A, 0x7C, 0x6A, 0x60, 0x2C, 0xF1, 0xDD, +@@ -3636,32 +3618,23 @@ static EVP_PKEY *get_dh2066(void) { + // -----END DH PARAMETERS----- + + unsigned char dh2066_g[] = {0x05}; ++ DH *dh; + +- BIGNUM *p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL); +- BIGNUM *g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL); +- if (!p || !g) { +- BN_free(p); +- BN_free(g); +- return NULL; ++ if ((dh = DH_new()) == NULL) { ++ return (NULL); + } +- +- OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); +- OSSL_PARAM_BLD_push_BN(bld, "p", p); +- OSSL_PARAM_BLD_push_BN(bld, "g", g); +- OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(bld); +- OSSL_PARAM_BLD_free(bld); +- BN_free(p); +- BN_free(g); +- +- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); +- EVP_PKEY *pkey = NULL; +- EVP_PKEY_fromdata_init(pctx); +- EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params); +- EVP_PKEY_CTX_free(pctx); +- OSSL_PARAM_free(params); +- return pkey; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++ dh->p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL); ++ dh->g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL); ++ if ((dh->p == NULL) || (dh->g == NULL)) { ++ DH_free(dh); ++ return (NULL); ++ } ++#else ++ DH_set0_pqg(dh, BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL), NULL, BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL)); ++#endif ++ return (dh); + } +- + static int pem_password_func(char *buf, int size, int rwflag, void *password) { + UNUSED_ARG(rwflag); + +@@ -3811,20 +3784,13 @@ static void set_ctx(SSL_CTX **out, const char *protoco + + { // DH algorithms: + +- EVP_PKEY *dh = NULL; ++ DH *dh = NULL; + if (turn_params.dh_file[0]) { + FILE *paramfile = fopen(turn_params.dh_file, "r"); + if (!paramfile) { + perror("Cannot open DH file"); + } else { +- OSSL_DECODER_CTX *dctx = +- OSSL_DECODER_CTX_new_for_pkey(&dh, "PEM", NULL, "DH", EVP_PKEY_KEY_PARAMETERS, NULL, NULL); +- if (dctx) { +- if (!OSSL_DECODER_from_fp(dctx, paramfile)) { +- dh = NULL; +- } +- OSSL_DECODER_CTX_free(dctx); +- } ++ dh = PEM_read_DHparams(paramfile, NULL, NULL, NULL); + fclose(paramfile); + if (dh) { + turn_params.dh_key_size = DH_CUSTOM; +@@ -3846,11 +3812,11 @@ static void set_ctx(SSL_CTX **out, const char *protoco + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: ERROR: cannot allocate DH suite\n", __FUNCTION__); + err = 1; + } else { +- if (1 != SSL_CTX_set0_tmp_dh_pkey(ctx, dh)) { ++ if (1 != SSL_CTX_set_tmp_dh(ctx, dh)) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: ERROR: cannot set DH\n", __FUNCTION__); + err = 1; + } +- // No EVP_PKEY_free: SSL_CTX_set0_tmp_dh_pkey always takes ownership ++ DH_free(dh); + } + } + blob - /dev/null blob + 31584be71d70fb8144f2bbdbde773438f782f1ac (mode 644) --- /dev/null +++ telephony/coturn/patches/patch-src_apps_relay_mainrelay_h @@ -0,0 +1,13 @@ +Index: src/apps/relay/mainrelay.h +--- src/apps/relay/mainrelay.h.orig ++++ src/apps/relay/mainrelay.h +@@ -87,9 +87,7 @@ + #include "ns_ioalib_impl.h" + + #include +-#include + #include +-#include + #include + #include + blob - 013057e051989ad133ec83faf7d2889d04a829ec blob + b702c2d5925873e4189fa9e1a46c693c6c3686ae --- telephony/coturn/pkg/PLIST +++ telephony/coturn/pkg/PLIST @@ -34,10 +34,6 @@ share/doc/turnserver/README.turnadmin share/doc/turnserver/README.turnserver share/doc/turnserver/README.turnutils share/doc/turnserver/postinstall.txt -share/doc/turnserver/schema.mongo.sh -share/doc/turnserver/schema.sql -share/doc/turnserver/schema.stats.redis -share/doc/turnserver/schema.userdb.redis share/examples/turnserver/ share/examples/turnserver/etc/ share/examples/turnserver/etc/cacert.pem