2211526 – srtp_init fails with NSS > 3.5.3

Bug 2211526 - srtp_init fails with NSS > 3.5.3

Summary: srtp_init fails with NSS > 3.5.3

Keywords:
Status:	POST
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	libsrtp
Sub Component:
Version:	CentOS Stream
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Wim Taymans
QA Contact:	Robin Hack
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2163492 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-05-31 21:55 UTC by Michael Newton
Modified:	2023-08-02 07:29 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1948729	0	unspecified	CLOSED	srtp_init() always returns srtp_err_status_cipher_fail	2023-05-31 21:56:29 UTC
Red Hat Issue Tracker	RHELPLAN-158756	0	None	None	None	2023-05-31 21:58:22 UTC

Description Michael Newton 2023-05-31 21:55:36 UTC

An NSS update has broken some functionality in libsrtp. This has been fixed upstream for version 2.4[1], and was backported into Fedora 34[2], but remains a problem in EL9 and CentOS. See #1948729 for details and a patch that resolves the problem.

The problem manifested itself for us when trying to run Asterisk built on EL9.1 with libsrtp-2.3.0-7.el9 and encountered these error messages:

    WARNING[47044] res_srtp.c: Failed to initialize libsrtp
    ERROR[47044] loader.c: *** Failed to load module res_srtp.so
    ERROR[47044] asterisk.c: Module initialization failed.  ASTERISK EXITING!

Applying the patch and building locally resolved the issue, as did installing the updated Fedora RPM.

[1] https://github.com/cisco/libsrtp/commit/23576ff4c0ed505997eceace69a336f6bf629027
[2] https://bodhi.fedoraproject.org/updates/FEDORA-2021-9ac23c1745

Comment 1 Niels De Graef 2023-07-06 09:13:22 UTC

Wim, mind taking a look here? Looks like a trivial patch to include

Comment 2 Wim Taymans 2023-07-06 15:35:17 UTC

I made a merge request: https://gitlab.com/redhat/centos-stream/rpms/libsrtp/-/merge_requests/3 just need QA ack to get it in.

Comment 4 Niels De Graef 2023-07-07 08:31:10 UTC

*** Bug 2163492 has been marked as a duplicate of this bug. ***

Comment 5 Gerd v. Egidy 2023-07-07 09:20:28 UTC

Would you consider adding the %check section I suggested in https://bugzilla.redhat.com/show_bug.cgi?id=2211526 ?

Or do you prefer if I propose that to be added to the package in Fedora?

Comment 6 Wim Taymans 2023-07-07 10:31:17 UTC

What %check option? (your link recursively links to this bug).

Yes, also add this to fedora if it's useful.

Comment 7 Gerd v. Egidy 2023-07-07 12:26:49 UTC

Oh, sorry, I got the link from the wrong tab.

I meant this one from the bug marked as duplicate:
https://bugzilla.redhat.com/show_bug.cgi?id=2163492#c0

Note You need to log in before you can comment on or make changes to this bug.