attest_level, send_mky and check_tn_cert_public_url weren't
propagating correctly from the attestation object to the profile
and tn.
* In the case of attest_level, the enum needed to be changed
so the "0" value (the default) was "NOT_SET" instead of "A". This
now allows the merging of the attestation object, profile and tn
to detect when a value isn't set and use the higher level value.
* For send_mky and check_tn_cert_public_url, the tn default was
forced to "NO" which always overrode the profile and attestation
objects. Their defaults are now "NOT_SET" so the propagation
happens correctly.
* Just to remove some redundant code in tn_config.c, a bunch of calls to
generate_sorcery_enum_from_str() and generate_sorcery_enum_to_str() were
replaced with a single call to generate_acfg_common_sorcery_handlers().
Resolves: #904
verification.c had an include for jansson.h left over from previous
versions of the module. Since res_stir_shaken no longer has a
dependency on jansson, the bundled version wasn't added to GCC's
include path so if you didn't also have a jansson development package
installed, the compile would fail. Removing the stale include
was the only thing needed.
Resolves: #889
* If the call to ast_config_load() returns CONFIG_STATUS_FILEINVALID,
check_for_old_config() now returns LOAD_DECLINE instead of continuing
on with a bad pointer.
* If CONFIG_STATUS_FILEMISSING is returned, check_for_old_config()
assumes the config is being loaded from realtime and now returns
LOAD_SUCCESS. If it's actually not being loaded from realtime,
sorcery will catch that later on.
* Also refactored the error handling in load_module() a bit.
Resolves: #884
For both attestation and verification, we now check whether they've
been disabled either globally or by the profile before validating
things like callerid, orig_tn, dest_tn, etc. This prevents useless
error messages.
Resolves: #879
(cherry picked from commit 7773327546)
When Asterisk sends an offer to Bob that includes 48K and 8K codecs with
matching 4733 offers, Bob may want to use the 48K audio codec but can not
accept 48K digits and so negotiates for a mixed set.
Asterisk will now check Bob's offer to make sure Bob has indicated this is
acceptible and if not, will use Bob's preference.
Fixes: #847
(cherry picked from commit ac673dd14e)
* A static array of security mechanism type names was created.
* ast_sip_str_to_security_mechanism_type() was refactored to do
a lookup in the new array instead of using fixed "if/else if"
statments.
* security_mechanism_to_str() and ast_sip_security_mechanisms_to_str()
were refactored to use ast_str instead of a fixed length buffer
to store the result.
* ast_sip_security_mechanism_type_to_str was removed in favor of
just referencing the new type name array. Despite starting with
"ast_sip_", it was a static function so removing it doesn't affect
ABI.
* Speaking of "ast_sip_", several other static functions that
started with "ast_sip_" were renamed to avoid confusion about
their public availability.
* A few VECTOR free loops were replaced with AST_VECTOR_RESET().
* Fixed a meomry leak in pjsip_configuration.c endpoint_destructor
caused by not calling ast_sip_security_mechanisms_vector_destroy().
* Fixed a memory leak in res_pjsip_outbound_registration.c
add_security_headers() caused by not specifying OBJ_NODATA in
an ao2_callback.
* Fixed a few ao2_callback return code misuses.
Resolves: #845
(cherry picked from commit ca60f7db8f)
PR #700 added a preferred_format for the struct ast_rtp_codecs,
but when set the preferred_format it leaks an astobj2 ast_format.
In the next code
ast_rtp_codecs_set_preferred_format(&codecs, ast_format_cap_get_format(joint, 0));
both functions ast_rtp_codecs_set_preferred_format
and ast_format_cap_get_format increases the ao2 reference count.
Fixes: #856
(cherry picked from commit 95fadcf6db)
Add dialplan application PJSIPNOTIFY to send either pre-configured
NOTIFY messages from pjsip_notify.conf or with headers defined in
dialplan.
Also adds the ability to send pre-configured NOTIFY commands to a
channel via the CLI.
Resolves: #799
UserNote: A new dialplan application PJSIPNotify is now available
which can send SIP NOTIFY requests from the dialplan.
The pjsip send notify CLI command has also been enhanced to allow
sending NOTIFY messages to a specific channel. Syntax:
pjsip send notify <option> channel <channel>
(cherry picked from commit e7ca7aa881)
This patch introduces a new identifier for channels: tenantid. It's
a stringfield on the channel that can be used for general purposes. It
will be inherited by other channels the same way that linkedid is.
You can set tenantid in a few ways. The first is to set it in the
dialplan with the Set and CHANNEL functions:
exten => example,1,Set(CHANNEL(tenantid)=My tenant ID)
It can also be accessed via CHANNEL:
exten => example,2,NoOp(CHANNEL(tenantid))
Another method is to use the new tenantid option for pjsip endpoints in
pjsip.conf:
[my_endpoint]
type=endpoint
tenantid=My tenant ID
This is considered the best approach since you will be able to see the
tenant ID as early as the Newchannel event.
It can also be set using set_var in pjsip.conf on the endpoint like
setting other channel variable:
set_var=CHANNEL(tenantid)=My tenant ID
Note that set_var will not show tenant ID on the Newchannel event,
however.
Tenant ID has also been added to CDR. It's read-only and can be accessed
via CDR(tenantid). You can also get the tenant ID of the last channel
communicated with via CDR(peertenantid).
Tenant ID will also show up in CEL records if it has been set, and the
version number has been bumped accordingly.
Fixes: #740
UserNote: tenantid has been added to channels. It can be read in
dialplan via CHANNEL(tenantid), and it can be set using
Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to
use the new tenantid option for pjsip endpoints (e.g., tenantid=My
tenant ID) so that it will show up in Newchannel events. You can set it
like any other channel variable using set_var in pjsip.conf as well, but
note that this will NOT show up in Newchannel events. Tenant ID is also
available in CDR and can be accessed with CDR(tenantid). The peer tenant
ID can also be accessed with CDR(peertenantid). CEL includes tenant ID
as well if it has been set.
UpgradeNote: A new versioned struct (ast_channel_initializers) has been
added that gets passed to __ast_channel_alloc_ap. The new function
ast_channel_alloc_with_initializers should be used when creating
channels that require the use of this struct. Currently the only value
in the struct is for tenantid, but now more fields can be added to the
struct as necessary rather than the __ast_channel_alloc_ap function. A
new option (tenantid) has been added to endpoints in pjsip.conf as well.
CEL has had its version bumped to include tenant ID.
(cherry picked from commit 3841fa814e)
Previously, on command execution, the control thread was awoken by
sending a SIGURG. It was found that this still resulted in some
instances where the thread was not immediately awoken.
This change instead sends a null frame to awaken the control thread,
which awakens the thread more consistently.
Resolves: #801
(cherry picked from commit bdee743cd4)
When the endpoint dtmf_mode is set to auto, a SIP request is sent to the UAC, and the SIP SDP from the UAC does not include the telephone-event. Later, the UAC sends an INVITE, and the SIP SDP includes the telephone-event. In this case, DTMF should be sent by RFC2833 rather than using inband signaling.
Resolves: asterisk#826
(cherry picked from commit 6cf6856080)
* Fixed a bug in crypto_show_cli_store that was causing asterisk
to crash if there were certificate revocation lists in the
verification certificate store. We're also now prefixing
certificates with "Cert:" and CRLs with "CRL:" to distinguish them
in the list.
* Added 'untrusted_cert_file' and 'untrusted_cert_path' options
to both verification and profile objects. If you have CRLs that
are signed by a different CA than the incoming X5U certificate
(indirect CRL), you'll need to provide the certificate of the
CRL signer here. Thse will show up as 'Untrusted" when showing
the verification or profile objects.
* Fixed loading of crl_path. The OpenSSL API we were using to
load CRLs won't actually load them from a directory, only a file.
We now scan the directory ourselves and load the files one-by-one.
* Fixed the verification flags being set on the certificate store.
- Removed the CRL_CHECK_ALL flag as this was causing all certificates
to be checked for CRL extensions and failing to verify the cert if
there was none. This basically caused all certs to fail when a CRL
was provided via crl_file or crl_path.
- Added the EXTENDED_CRL_SUPPORT flag as it is required to handle
indirect CRLs.
* Added a new CLI command...
`stir_shaken verify certificate_file <certificate_file> [ <profile> ]`
which will assist troubleshooting certificate problems by allowing
the user to manually verify a certificate file against either the
global verification certificate store or the store for a specific
profile.
* Updated the XML documentation and the sample config file.
Resolves: #809
(cherry picked from commit 2fb3215f03)
The way we have been initializing the config wizard prevented it
from registering its objects if res_pjsip happened to load
before it.
* We now use the object_type_registered sorcery observer to kick
things off instead of the wizard_mapped observer.
* The load_module function now checks if res_pjsip has been loaded
already and if it was it fires the proper observers so the objects
load correctly.
Resolves: #816
UserNote: The res_pjsip_config_wizard.so module can now be reloaded.
(cherry picked from commit d11dc5247b)
The ub_result pointer passed to unbound_resolver_callback by
libunbound can be NULL if the query was for something malformed
like `.1` or `[.1]`. If it is, we now set a 'ns_r_formerr' result
and return instead of crashing with a SEGV. This causes pjproject
to simply cancel the transaction with a "No answer record in the DNS
response" error. The existing "off nominal" unit test was also
updated to check this condition.
Although not necessary for this fix, we also made
ast_dns_resolver_completed() tolerant of a NULL result.
Resolves: GHSA-v428-g3cw-7hv9
When using the PJSIP_DIAL_CONTACTS() function for use in the Dial()
command, the contacts are returned in text form, so the input to
the path_outgoing_request() function is a contact value of NULL.
The issue was reported in ASTERISK-28211, but was not actually fixed
in ASTERISK-30100. This fix brings back the code that was previously
removed and adds code to search for a contact to extract the path
value from it.
(cherry picked from commit aeefedb086)
After change made in 624f509 to add support for non 8K RFC 4733/2833 digits,
Asterisk would only accept RFC 4733/2833 offers that matched the sample rate of
the negotiated codec(s).
This change allows Asterisk to accept 8K RFC 4733/2833 offers if the UAC
offfers 8K RFC 4733/2833 but negotiates for a non 8K bitrate codec.
A number of corresponding tests in tests/channels/pjsip/dtmf_sdp also needed to
be re-written to allow for these scenarios.
Fixes: #776
(cherry picked from commit 7d53986262)
The `Require: mediasec` and `Proxy-Require: mediasec` headers need
to be sent whenever we send `Security-Client` or `Security-Verify`
headers but the logic to do that was only in add_security_headers()
in res_pjsip_outbound_register. So while we were sending them on
REGISTER requests, we weren't sending them on INVITE requests.
This commit moves the logic to send the two headers out of
res_pjsip_outbound_register:add_security_headers() and into
security_agreement:ast_sip_add_security_headers(). This way
they're always sent when we send `Security-Client` or
`Security-Verify`.
Resolves: #789
(cherry picked from commit 210fe614b2)
Two functions are deprecated as of libxml2 2.12:
* xmlSubstituteEntitiesDefault
* xmlParseMemory
So we update those with supported API.
Additionally, `res_calendar_caldav` has been updated to use libxml2's
xmlreader API instead of the SAX2 API which has always felt a little
hacky (see deleted comment block in `res_calendar_caldav.c`).
The xmlreader API has been around since libxml2 2.5.0 which was
released in 2003.
Fixes#725
(cherry picked from commit f9a359c5c5)
Add RFC2833 DTMF support for 16K, 24K, and 32K bitrate codecs.
Asterisk currently treats RFC2833 Digits as a single rtp payload type
with a fixed bitrate of 8K. This change would expand that to 8, 16,
24 and 32K.
This requires checking the offered rtp types for any of these bitrates
and then adding an offer for each (if configured for RFC2833.) DTMF
generation must also be changed in order to look at the current outbound
codec in order to generate appropriately timed rtp.
For cases where no outgoing audio has yet been sent prior to digit
generation, Asterisk now has a concept of a 'preferred' codec based on
offer order.
On inbound calls Asterisk will mimic the payload types of the RFC2833
digits.
On outbound calls Asterisk will choose the next free payload types starting
with 101.
UserNote: No change in configuration is required in order to enable this
feature. Endpoints configured to use RFC2833 will automatically have this
enabled. If the endpoint does not support this, it should not include it in
the SDP offer/response.
Resolves: #699
(cherry picked from commit 624f509ce4)
Include signal.h to avoid the following build failure with uclibc-ng
raised since
2694792e13:
stasis/control.c: In function 'exec_command_on_condition':
stasis/control.c:313:3: warning: implicit declaration of function 'pthread_kill'; did you mean 'pthread_yield'? [-Wimplicit-function-declaration]
313 | pthread_kill(control->control_thread, SIGURG);
| ^~~~~~~~~~~~
| pthread_yield
stasis/control.c:313:41: error: 'SIGURG' undeclared (first use in this function)
313 | pthread_kill(control->control_thread, SIGURG);
| ^~~~~~
cherry-pick-to: 18
cherry-pick-to: 20
cherry-pick-to: 21
Fixes: #729
(cherry picked from commit c47307567a)
Currently, reloading res_pjsip will cause logging
to be disabled. This is because logging can also
be controlled via the debug option in pjsip.conf
and this defaults to "no".
To improve this, logging is no longer disabled on
reloads if logging had not been previously
enabled using the debug option from the config.
This ensures that logging enabled from the CLI
will persist through a reload.
ASTERISK-29912 #close
Resolves: #246
UserNote: Issuing "pjsip reload" will no longer disable
logging if it was previously enabled from the CLI.
(cherry picked from commit 9fc596aaa7)
First rtp activity check was performed after 500ms regardless of the rtp_timeout setting. Having a call in ringing state for more than rtp_timeout and the first rtp package is received more than 500ms after sdp negotiation and before the rtp_timeout, erronously caused the call to be hungup. Changed to perform the first rtp inactivity check after the timeout setting preventing calls to be disconnected before the rtp_timeout has elapsed since sdp negotiation.
Fixes#710
(cherry picked from commit 1423cfee29)
* Fixed possible memory leak in tn_config:tn_get_etn() where we
weren't releasing etn if tn or eprofile were null.
* We now canonicalize TNs before using them for lookups or adding
them to Identity headers.
* Fixed a typo in stir_shaken.conf.sample.
Resolves: #716
(cherry picked from commit b7ed77a7c5)
Add a new identify_by option to res_pjsip_endpoint_identifier_ip
called 'transport' this matches endpoints based on the bound
ip address (local) instead of the 'ip' option, which matches on
the source ip address (remote).
UserNote: set identify_by=transport for the pjsip endpoint. Then
use the existing 'match' option and the new 'transport' option of
the identify.
Fixes: #672
(cherry picked from commit c8769f3d5a)
* OpenSSL 1.0.2 doesn't support X509_get0_pubkey so we now use
X509_get_pubkey. The difference is that X509_get_pubkey requires
the caller to free the EVP_PKEY themselves so we now let
RAII_VAR do that.
* OpenSSL 1.0.2 doesn't support upreffing an X509_STORE so we now
wrap it in an ao2 object.
* OpenSSL 1.0.2 doesn't support X509_STORE_get0_objects to get all
the certs from an X509_STORE and there's no easy way to polyfill
it so the CLI commands that list profiles will show a "not
supported" message instead of listing the certs in a store.
Resolves: #676
(cherry picked from commit 16b264d6a9)
There were a few references in the embedded documentation XML
where the case didn't match or where the referenced app or function
simply didn't exist any more. These were causing 404 responses
in docs.asterisk.org.
(cherry picked from commit 9e2179baa1)
Add ability to match against PJSIP request URI.
UserNote: this new feature let users match endpoints based on the
indound SIP requests' URI. To do so, add 'request_uri' to the
endpoint's 'identify_by' option. The 'match_request_uri' option of
the identify can be an exact match for the entire request uri, or a
regular expression (between slashes). It's quite similar to the
header identifer.
Fixes: #599
(cherry picked from commit ac297d15f8)
This commit introduces configurable TCP keepalive settings for both TCP and TLS transports. The changes allow for finer control over TCP connection keepalives, enhancing stability and reliability in environments prone to connection timeouts or where intermediate devices may prematurely close idle connections. This has proven necessary and has already been tested in production in several specialized environments where access to the underlying transport is unreliable in ways invisible to the operating system directly, so these keepalive and timeout mechanisms are necessary.
Fixes#657
(cherry picked from commit 555eb9d3d2)
There was functionality in chan_sip to get REFER headers, with GET_TRANSFERRER_DATA variable. This commit implements the same functionality in pjsip, to ease transfer from chan_sip to pjsip.
Fixes: #579
UserNote: the GET_TRANSFERRER_DATA dialplan variable can now be used also in pjsip.
(cherry picked from commit cba82273ae)
The prometheus exposition format requires each line to be unique[1].
This is handled by struct prometheus_metric having a list of children
that is managed when registering a metric. In case the scrape callback
is used, it is the responsibility of the implementation to handle this
correctly.
Originally the bridge callback didn't handle NULL snapshots, the crash
fix lead to NULL metrics, and fixing that lead to duplicates.
The original code assumed that snapshots are not NULL and then relied on
"if (i > 0)" to establish the parent/children relationship between
metrics of the same class. This is not workerable as the first bridge
might be invisible/lacks a snapshot.
Fix this by keeping a separate array of the first metric by class.
Instead of relying on the index of the bridge, check whether the array
has an entry. Use that array for the output.
Add a test case that verifies that the help text is not duplicated.
Resolves: #642
[1] https://prometheus.io/docs/instrumenting/exposition_formats/#grouping-and-sorting
(cherry picked from commit d45c8e165f)
Currently, if a parking lot is full, bridge setup returns -1,
causing dialplan execution to terminate without TryExec.
However, such failures should be handled more gracefully,
the same way they are on other paths, as indicated by the
module's author, here:
http://lists.digium.com/pipermail/asterisk-dev/2018-December/077144.html
Now, callers will hear the parking failure announcement, and dialplan
will continue, which is consistent with existing failure modes.
Resolves: #624
(cherry picked from commit e1dfa20797)
In handle_negotiated_sdp the pending_media_state->read_callbacks must be
reset before they are added in the SDP handlers in
handle_negotiated_sdp_session_media. Otherwise, old callbacks for
removed streams and file descriptors could be added to the channel and
Asterisk would poll on non-existing file descriptors.
Resolves: #611
(cherry picked from commit c5a6d8a6db)
* Added checks for missing session, session->channel and rdata
in stir_shaken_incoming_request.
* Added checks for missing session, session->channel and tdata
in stir_shaken_outgoing_request.
Resolves: #645
In as_check_common_config, we were calling ast_std_free on
raw_key but raw_key was allocated with ast_malloc so it
should be freed with ast_free.
Resolves: #636
(cherry picked from commit 1b94c90524)
Why do we need a refactor?
The original stir/shaken implementation was started over 3 years ago
when little was understood about practical implementation. The
result was an implementation that wouldn't actually interoperate
with any other stir-shaken implementations.
There were also a number of stir-shaken features and RFC
requirements that were never implemented such as TNAuthList
certificate validation, sending Reason headers in SIP responses
when verification failed but we wished to continue the call, and
the ability to send Media Key(mky) grants in the Identity header
when the call involved DTLS.
Finally, there were some performance concerns around outgoing
calls and selection of the correct certificate and private key.
The configuration was keyed by an arbitrary name which meant that
for every outgoing call, we had to scan the entire list of
configured TNs to find the correct cert to use. With only a few
TNs configured, this wasn't an issue but if you have a thousand,
it could be.
What's changed?
* Configuration objects have been refactored to be clearer about
their uses and to fix issues.
* The "general" object was renamed to "verification" since it
contains parameters specific to the incoming verification
process. It also never handled ca_path and crl_path
correctly.
* A new "attestation" object was added that controls the
outgoing attestation process. It sets default certificates,
keys, etc.
* The "certificate" object was renamed to "tn" and had it's key
change to telephone number since outgoing call attestation
needs to look up certificates by telephone number.
* The "profile" object had more parameters added to it that can
override default parameters specified in the "attestation"
and "verification" objects.
* The "store" object was removed altogther as it was never
implemented.
* We now use libjwt to create outgoing Identity headers and to
parse and validate signatures on incoming Identiy headers. Our
previous custom implementation was much of the source of the
interoperability issues.
* General code cleanup and refactor.
* Moved things to better places.
* Separated some of the complex functions to smaller ones.
* Using context objects rather than passing tons of parameters
in function calls.
* Removed some complexity and unneeded encapsuation from the
config objects.
Resolves: #351Resolves: #46
UserNote: Asterisk's stir-shaken feature has been refactored to
correct interoperability, RFC compliance, and performance issues.
See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more
information.
UpgradeNote: The stir-shaken refactor is a breaking change but since
it's not working now we don't think it matters. The
stir_shaken.conf file has changed significantly which means that
existing ones WILL need to be changed. The stir_shaken.conf.sample
file in configs/samples/ has quite a bit more information. This is
also an ABI breaking change since some of the existing objects
needed to be changed or removed, and new ones added. Additionally,
if res_stir_shaken is enabled in menuselect, you'll need to either
have the development package for libjwt v1.15.3 installed or use
the --with-libjwt-bundled option with ./configure.
(cherry picked from commit 2e0d837e01)
Media Experience Score relies on incorrect pseudo_mos variable
calculation. According to forming an opinion section of the
documentation, calculation relies on ITU-T G.107 standard:
https://docs.asterisk.org/Deployment/Media-Experience-Score/#forming-an-opinion
ITU-T G.107 Annex B suggests to calculate MOS with a coefficient
"seven times ten to the power of negative six", 7 * 10^(-6). which
would mean 6 digits after the decimal point. Current implementation
has 7 digits after the decimal point, which downrates the calls.
Fixes: #597
(cherry picked from commit a7a03bc294)
When started with a verbose level of 3, asterisk can emit over 1500
verbose message that serve no real purpose other than to fill up
logs. When asterisk shuts down, it emits another 1100 that are of
even less use. Since the testsuite runs asterisk with a verbose
level of 3, and asterisk starts and stops for every one of the 700+
tests, the number of log messages is staggering. Besides taking up
resources, it also makes it hard to debug failing tests.
This commit changes the log level for those verbose messages to 5
instead of 3 which reduces the number of log messages to only a
handful. Of course, NOTICE, WARNING and ERROR message are
unaffected.
There's also one other minor change...
ast_context_remove_extension_callerid2() logs a DEBUG message
instead of an ERROR if the extension you're deleting doesn't exist.
The pjsip_config_wizard calls that function to clean up the config
and has been triggering that annoying error message for years.
Resolves: #582
(cherry picked from commit a5ae546b88)
This introduces a setting for outbound registrations to override the
global User-Agent header setting.
Resolves: #515
UserNote: PJSIP outbound registrations now support a per-registration
User-Agent header
(cherry picked from commit c7fc6ae362)
Resolves a regression identified by @justinludwig involving the
rendering of IPv6 addresses in outgoing SDP.
Also updates `media_address` on PJSIP endpoints so that if we are able
to parse the configured value as an IP we store it in a format that we
can directly use later. Based on my reading of the code it appeared
that one could configure `media_address` as:
```
[foo]
type = endpoint
...
media_address = [2001:db8::]
```
And that value would be blindly copied into the outgoing SDP without
regard to its format.
Fixes#541
(cherry picked from commit 9f20b4659f)
This reverts commit 315eb551db.
Over the past year, we've had several reports of "topology storms"
occurring where 2 external facing channels connected by one or more
local channels and bridges will get themselves in a state where
they continually send each other topology change requests. This
usually manifests itself in no-audio calls and a flood of
"Exceptionally long queue length" messages. It appears that this
commit is the cause so we're reverting it for now until we can
determine a more appropriate solution.
Resolves: #530
(cherry picked from commit c31cd32b82)
The ast_sip_request_transport_details must be zero initialized,
otherwise this could lead to a SEGV.
Resolves: #509
(cherry picked from commit 81188ada5f)
This fixes a number of broken links throughout the
tree, mostly caused by wiki.asterisk.org being replaced
with docs.asterisk.org, which should eliminate the
need for sporadic fixes as in f28047db36.
Resolves: #430
(cherry picked from commit 3bb34477d4)
There are valid scenarios where res_odbc's connection pool might have some dead
or stuck connections while others are healthy (imagine network
elements/firewalls/routers silently timing out connections to a single DB and a
single IP address, or a heterogeneous connection pool connected to potentially
multiple IPs/instances of a replicated DB using a DNS front end for load
balancing and one replica fails).
In order to time out those unhealthy connections without blocking access to
other parts of Asterisk that may attempt access to the connection pool, it would
be beneficial to not lock/block access around the entire pool in
_ast_odbc_request_obj2 while doing potentially blocking operations on connection
pool objects such as the connection_dead() test, odbc_obj_connect(), or by
dereferencing a struct odbc_obj for the last time and triggering a
odbc_obj_disconnect().
This would facilitate much quicker and concurrent timeout of dead connections
via the connection_dead() test, which could block potentially for a long period
of time depending on odbc.ini or other odbc connector specific timeout settings.
This also would make rapid failover (in the clustered DB scenario) much quicker.
This patch changes the locking in _ast_odbc_request_obj2() to not lock around
odbc_obj_connect(), _disconnect(), and connection_dead(), while continuing to
lock around truly shared, non-immutable state like the connection_cnt member and
the connections list on struct odbc_class.
Fixes: #465
(cherry picked from commit e0bf65bde6)
In 5ac5c2b0 we defined `OPENSSL_SUPPRESS_DEPRECATED` to silence
deprecation warnings. This commit switches over to using
non-deprecated API.
(cherry picked from commit 05924e30f9)
