<p>Alexander Traud has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/9186">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_rtp_asterisk: Instead of ./configure use OPENSSL_NO_SRTP.<br><br>Previously, Asterisk used its script ./configure, to test whether OpenSSL was<br>built with no-srtp (or was simply too old). However, the header file<br><openssl/opensslconf.h> is the preferred way to detect the local configuration<br>of OpenSSL.<br><br>As a positive side-effect the script ./configure does not interleave the<br>detection the Open Settlement Protocol Toolkit (OSPTK) with the detection of<br>individual features of OpenSSL anymore.<br><br>Change-Id: I3c77c7b00b2ffa2e935632097fa057b9fdf480c0<br>---<br>M configure<br>M configure.ac<br>M res/res_rtp_asterisk.c<br>3 files changed, 23 insertions(+), 118 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/86/9186/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/configure b/configure<br>index 164da11..71038bd 100755<br>--- a/configure<br>+++ b/configure<br>@@ -31165,102 +31165,6 @@<br> fi<br> fi<br> <br>-<br>-if test "x${PBX_OPENSSL_SRTP}" != "x1" -a "${USE_OPENSSL_SRTP}" != "no"; then<br>- pbxlibdir=""<br>- # if --with-OPENSSL_SRTP=DIR has been specified, use it.<br>- if test "x${OPENSSL_SRTP_DIR}" != "x"; then<br>- if test -d ${OPENSSL_SRTP_DIR}/lib; then<br>- pbxlibdir="-L${OPENSSL_SRTP_DIR}/lib"<br>- else<br>- pbxlibdir="-L${OPENSSL_SRTP_DIR}"<br>- fi<br>- fi<br>-<br>- ast_ext_lib_check_save_CFLAGS="${CFLAGS}"<br>- CFLAGS="${CFLAGS} "<br>- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_tlsext_use_srtp in -lssl" >&5<br>-$as_echo_n "checking for SSL_CTX_set_tlsext_use_srtp in -lssl... " >&6; }<br>-if ${ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp+:} false; then :<br>- $as_echo_n "(cached) " >&6<br>-else<br>- ac_check_lib_save_LIBS=$LIBS<br>-LIBS="-lssl ${pbxlibdir} -lcrypto $LIBS"<br>-cat confdefs.h - <<_ACEOF >conftest.$ac_ext<br>-/* end confdefs.h. */<br>-<br>-/* Override any GCC internal prototype to avoid an error.<br>- Use char because int might match the return type of a GCC<br>- builtin and then its argument prototype would still apply. */<br>-#ifdef __cplusplus<br>-extern "C"<br>-#endif<br>-char SSL_CTX_set_tlsext_use_srtp ();<br>-int<br>-main ()<br>-{<br>-return SSL_CTX_set_tlsext_use_srtp ();<br>- ;<br>- return 0;<br>-}<br>-_ACEOF<br>-if ac_fn_c_try_link "$LINENO"; then :<br>- ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp=yes<br>-else<br>- ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp=no<br>-fi<br>-rm -f core conftest.err conftest.$ac_objext \<br>- conftest$ac_exeext conftest.$ac_ext<br>-LIBS=$ac_check_lib_save_LIBS<br>-fi<br>-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" >&5<br>-$as_echo "$ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" >&6; }<br>-if test "x$ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" = xyes; then :<br>- AST_OPENSSL_SRTP_FOUND=yes<br>-else<br>- AST_OPENSSL_SRTP_FOUND=no<br>-fi<br>-<br>- CFLAGS="${ast_ext_lib_check_save_CFLAGS}"<br>-<br>-<br>- # now check for the header.<br>- if test "${AST_OPENSSL_SRTP_FOUND}" = "yes"; then<br>- OPENSSL_SRTP_LIB="${pbxlibdir} -lssl -lcrypto"<br>- # if --with-OPENSSL_SRTP=DIR has been specified, use it.<br>- if test "x${OPENSSL_SRTP_DIR}" != "x"; then<br>- OPENSSL_SRTP_INCLUDE="-I${OPENSSL_SRTP_DIR}/include"<br>- fi<br>- OPENSSL_SRTP_INCLUDE="${OPENSSL_SRTP_INCLUDE} "<br>-<br>- # check for the header<br>- ast_ext_lib_check_saved_CPPFLAGS="${CPPFLAGS}"<br>- CPPFLAGS="${CPPFLAGS} ${OPENSSL_SRTP_INCLUDE}"<br>- ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default"<br>-if test "x$ac_cv_header_openssl_ssl_h" = xyes; then :<br>- OPENSSL_SRTP_HEADER_FOUND=1<br>-else<br>- OPENSSL_SRTP_HEADER_FOUND=0<br>-fi<br>-<br>-<br>- CPPFLAGS="${ast_ext_lib_check_saved_CPPFLAGS}"<br>-<br>- if test "x${OPENSSL_SRTP_HEADER_FOUND}" = "x0" ; then<br>- OPENSSL_SRTP_LIB=""<br>- OPENSSL_SRTP_INCLUDE=""<br>- else<br>-<br>- PBX_OPENSSL_SRTP=1<br>- cat >>confdefs.h <<_ACEOF<br>-#define HAVE_OPENSSL_SRTP 1<br>-_ACEOF<br>-<br>- fi<br>- fi<br>-fi<br>-<br>-<br> fi<br> <br> <br>diff --git a/configure.ac b/configure.ac<br>index 47d250d..67f04e5 100644<br>--- a/configure.ac<br>+++ b/configure.ac<br>@@ -2552,7 +2552,6 @@<br> if test "$PBX_OPENSSL" = "1";<br> then<br> AST_CHECK_OSPTK([4], [0], [0])<br>- AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto])<br> fi<br> <br> AST_EXT_LIB_CHECK([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [2])<br>diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c<br>index 2104ce3..f6e26d6 100644<br>--- a/res/res_rtp_asterisk.c<br>+++ b/res/res_rtp_asterisk.c<br>@@ -40,9 +40,10 @@<br> #include <signal.h><br> #include <fcntl.h><br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#ifdef HAVE_OPENSSL<br> #include <openssl/opensslconf.h><br> #include <openssl/opensslv.h><br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> #include <openssl/ssl.h><br> #include <openssl/err.h><br> #include <openssl/bio.h><br>@@ -51,6 +52,7 @@<br> #endif<br> #ifndef OPENSSL_NO_DH<br> #include <openssl/dh.h><br>+#endif<br> #endif<br> #endif<br> <br>@@ -275,7 +277,7 @@<br> enum ast_media_type stream_type;<br> };<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> struct dtls_details {<br> SSL *ssl; /*!< SSL session */<br> BIO *read_bio; /*!< Memory buffer for reading */<br>@@ -417,7 +419,7 @@<br> unsigned int ice_num_components; /*!< The number of ICE components */<br> #endif<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> SSL_CTX *ssl_ctx; /*!< SSL context */<br> enum ast_rtp_dtls_verify dtls_verify; /*!< What to verify */<br> enum ast_srtp_suite suite; /*!< SRTP crypto suite */<br>@@ -494,7 +496,7 @@<br> /* VP8: sequence number for the RTCP FIR FCI */<br> int firseq;<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> struct dtls_details dtls; /*!< DTLS state information */<br> #endif<br> <br>@@ -562,7 +564,7 @@<br> static int ast_rtp_extension_enable(struct ast_rtp_instance *instance, enum ast_rtp_extension extension);<br> static int ast_rtp_bundle(struct ast_rtp_instance *child, struct ast_rtp_instance *parent);<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> static int ast_rtp_activate(struct ast_rtp_instance *instance);<br> static void dtls_srtp_check_pending(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp);<br> static void dtls_srtp_start_timeout_timer(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp);<br>@@ -1581,7 +1583,7 @@<br> };<br> #endif<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> static int dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)<br> {<br> /* We don't want to actually verify the certificate so just accept what they have provided */<br>@@ -2259,7 +2261,7 @@<br> #ifdef HAVE_PJPROJECT<br> .ice = &ast_rtp_ice,<br> #endif<br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> .dtls = &ast_rtp_dtls,<br> .activate = ast_rtp_activate,<br> #endif<br>@@ -2271,7 +2273,7 @@<br> .bundle = ast_rtp_bundle,<br> };<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> /*! \pre instance is locked */<br> static void dtls_perform_handshake(struct ast_rtp_instance *instance, struct dtls_details *dtls, int rtcp)<br> {<br>@@ -2305,7 +2307,7 @@<br> }<br> #endif<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> static void dtls_perform_setup(struct dtls_details *dtls)<br> {<br> if (!dtls->ssl || !SSL_is_init_finished(dtls->ssl)) {<br>@@ -2349,7 +2351,7 @@<br> }<br> }<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> <br> dtls_perform_setup(&rtp->dtls);<br> dtls_perform_handshake(instance, &rtp->dtls, 0);<br>@@ -2483,7 +2485,7 @@<br> return 1;<br> }<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> /*! \pre instance is locked */<br> static int dtls_srtp_handle_timeout(struct ast_rtp_instance *instance, int rtcp)<br> {<br>@@ -2817,7 +2819,7 @@<br> return len;<br> }<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> /* If this is an SSL packet pass it to OpenSSL for processing. RFC section for first byte value:<br> * https://tools.ietf.org/html/rfc5764#section-5.1.2 */<br> if ((*in >= 20) && (*in <= 63)) {<br>@@ -3514,7 +3516,7 @@<br> }<br> #endif<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> rtp->rekeyid = -1;<br> rtp->dtls.timeout_timer = -1;<br> #endif<br>@@ -3530,7 +3532,7 @@<br> struct timespec ts = { .tv_sec = wait.tv_sec, .tv_nsec = wait.tv_usec * 1000, };<br> #endif<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> ast_rtp_dtls_stop(instance);<br> #endif<br> <br>@@ -6727,7 +6729,7 @@<br> return;<br> }<br> rtp->rtcp->s = -1;<br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> rtp->rtcp->dtls.timeout_timer = -1;<br> #endif<br> rtp->rtcp->schedid = -1;<br>@@ -6790,7 +6792,7 @@<br> rtp_add_candidates_to_ice(instance, rtp, &rtp->rtcp->us, ast_sockaddr_port(&rtp->rtcp->us), AST_RTP_ICE_COMPONENT_RTCP, TRANSPORT_SOCKET_RTCP);<br> }<br> #endif<br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> dtls_setup_rtcp(instance);<br> #endif<br> } else {<br>@@ -6810,7 +6812,7 @@<br> rtp->rtcp->s = rtp->s;<br> ast_rtp_instance_get_remote_address(instance, &addr);<br> ast_sockaddr_copy(&rtp->rtcp->them, &addr);<br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> if (rtp->rtcp->dtls.ssl && rtp->rtcp->dtls.ssl != rtp->dtls.ssl) {<br> SSL_free(rtp->rtcp->dtls.ssl);<br> }<br>@@ -6838,7 +6840,7 @@<br> if (rtp->rtcp->s > -1 && rtp->rtcp->s != rtp->s) {<br> close(rtp->rtcp->s);<br> }<br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> ao2_unlock(instance);<br> dtls_srtp_stop_timeout_timer(instance, rtp, 1);<br> ao2_lock(instance);<br>@@ -7090,7 +7092,7 @@<br> struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);<br> struct ast_sockaddr addr = { {0,} };<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> ao2_unlock(instance);<br> AST_SCHED_DEL_UNREF(rtp->sched, rtp->rekeyid, ao2_ref(instance, -1));<br> <br>@@ -7310,7 +7312,7 @@<br> <br> AST_VECTOR_APPEND(&parent_rtp->ssrc_mapping, mapping);<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> /* If DTLS-SRTP is already in use then add the local SSRC to it, otherwise it will get added once DTLS<br> * negotiation has been completed.<br> */<br>@@ -7331,7 +7333,7 @@<br> return 0;<br> }<br> <br>-#ifdef HAVE_OPENSSL_SRTP<br>+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)<br> /*! \pre instance is locked */<br> static int ast_rtp_activate(struct ast_rtp_instance *instance)<br> {<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/9186">change 9186</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/9186"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 15 </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I3c77c7b00b2ffa2e935632097fa057b9fdf480c0 </div>
<div style="display:none"> Gerrit-Change-Number: 9186 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Alexander Traud <pabstraud@compuserve.com> </div>