[asterisk-commits] kpfleming: branch kpfleming/libasteriskssl r351447 - in /team/kpfleming/libas...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Jan 18 11:51:27 CST 2012 

Author: kpfleming
Date: Wed Jan 18 11:51:24 2012
New Revision: 351447

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=351447
Log:
Updating the OpenSSL init work I did 14 months ago and putting it into a branch


Added:
    team/kpfleming/libasteriskssl/
      - copied from r351409, trunk/
    team/kpfleming/libasteriskssl/main/libasteriskssl.c
      - copied, changed from r351409, trunk/main/ssl.c
Removed:
    team/kpfleming/libasteriskssl/main/ssl.c
Modified:
    team/kpfleming/libasteriskssl/Makefile
    team/kpfleming/libasteriskssl/Makefile.moddir_rules
    team/kpfleming/libasteriskssl/build_tools/make_defaults_h
    team/kpfleming/libasteriskssl/build_tools/mkpkgconfig
    team/kpfleming/libasteriskssl/configure
    team/kpfleming/libasteriskssl/configure.ac
    team/kpfleming/libasteriskssl/include/asterisk.h
    team/kpfleming/libasteriskssl/include/asterisk/optional_api.h
    team/kpfleming/libasteriskssl/main/Makefile
    team/kpfleming/libasteriskssl/makeopts.in

Modified: team/kpfleming/libasteriskssl/Makefile
URL: http://svnview.digium.com/svn/asterisk/team/kpfleming/libasteriskssl/Makefile?view=diff&rev=351447&r1=351409&r2=351447
==============================================================================
--- team/kpfleming/libasteriskssl/Makefile (original)
+++ team/kpfleming/libasteriskssl/Makefile Wed Jan 18 11:51:24 2012
@@ -49,13 +49,13 @@
 export INSTALL_PATH	# Additional prefix for the following paths
 export ASTETCDIR		# Path for config files
 export ASTVARRUNDIR
-export MODULES_DIR
 export ASTSPOOLDIR
 export ASTVARLIBDIR
 export ASTDATADIR
 export ASTDBDIR
 export ASTLOGDIR
 export ASTLIBDIR
+export ASTMODDIR
 export ASTMANDIR
 export ASTHEADERDIR
 export ASTSBINDIR
@@ -129,7 +129,6 @@
 # Asterisk.conf is located in ASTETCDIR or by using the -C flag
 # when starting Asterisk
 ASTCONFPATH=$(ASTETCDIR)/asterisk.conf
-MODULES_DIR=$(ASTLIBDIR)/modules
 AGI_DIR=$(ASTDATADIR)/agi-bin
 
 # If you use Apache, you may determine by a grep 'DocumentRoot' of your httpd.conf file
@@ -536,7 +535,8 @@
 OLDHEADERS=$(filter-out $(NEWHEADERS) $(notdir $(DESTDIR)$(ASTHEADERDIR)),$(notdir $(wildcard $(DESTDIR)$(ASTHEADERDIR)/*.h)))
 
 installdirs:
-	$(INSTALL) -d "$(DESTDIR)$(MODULES_DIR)"
+	$(INSTALL) -d "$(DESTDIR)$(ASTLIBDIR)"
+	$(INSTALL) -d "$(DESTDIR)$(ASTMODDIR)"
 	$(INSTALL) -d "$(DESTDIR)$(ASTSBINDIR)"
 	$(INSTALL) -d "$(DESTDIR)$(ASTETCDIR)"
 	$(INSTALL) -d "$(DESTDIR)$(ASTVARRUNDIR)"
@@ -570,6 +570,7 @@
 
 bininstall: _cleantest_all installdirs $(SUBDIRS_INSTALL)
 	$(INSTALL) -m 755 main/asterisk "$(DESTDIR)$(ASTSBINDIR)/"
+	$(INSTALL) -m 755 main/libasteriskssl.so "$(DESTDIR)$(ASTLIBDIR)/"
 	$(LN) -sf asterisk "$(DESTDIR)$(ASTSBINDIR)/rasterisk"
 	$(INSTALL) -m 755 contrib/scripts/astgenkey "$(DESTDIR)$(ASTSBINDIR)/"
 	$(INSTALL) -m 755 contrib/scripts/autosupport "$(DESTDIR)$(ASTSBINDIR)/"
@@ -599,14 +600,14 @@
 	+ at DESTDIR="$(DESTDIR)" ASTSBINDIR="$(ASTSBINDIR)" $(SUBMAKE) -C $(@:-install=) install 
 
 NEWMODS:=$(foreach d,$(MOD_SUBDIRS),$(notdir $(wildcard $(d)/*.so)))
-OLDMODS=$(filter-out $(NEWMODS) $(notdir $(DESTDIR)$(MODULES_DIR)),$(notdir $(wildcard $(DESTDIR)$(MODULES_DIR)/*.so)))
+OLDMODS=$(filter-out $(NEWMODS) $(notdir $(DESTDIR)$(ASTMODDIR)),$(notdir $(wildcard $(DESTDIR)$(ASTMODDIR)/*.so)))
 
 oldmodcheck:
 	@if [ -n "$(OLDMODS)" ]; then \
 		echo " WARNING WARNING WARNING" ;\
 		echo "" ;\
 		echo " Your Asterisk modules directory, located at" ;\
-		echo " $(DESTDIR)$(MODULES_DIR)" ;\
+		echo " $(DESTDIR)$(ASTMODDIR)" ;\
 		echo " contains modules that were not installed by this " ;\
 		echo " version of Asterisk. Please ensure that these" ;\
 		echo " modules are compatible with this version before" ;\
@@ -693,7 +694,7 @@
 	if [ "$(OVERWRITE)" = "y" ]; then \
 		echo "Updating asterisk.conf" ; \
 		sed -e 's|^astetcdir.*$$|astetcdir => $(ASTETCDIR)|' \
-			-e 's|^astmoddir.*$$|astmoddir => $(MODULES_DIR)|' \
+			-e 's|^astmoddir.*$$|astmoddir => $(ASTMODDIR)|' \
 			-e 's|^astvarlibdir.*$$|astvarlibdir => $(ASTVARLIBDIR)|' \
 			-e 's|^astdbdir.*$$|astdbdir => $(ASTDBDIR)|' \
 			-e 's|^astkeydir.*$$|astkeydir => $(ASTKEYDIR)|' \
@@ -853,7 +854,7 @@
 	+@$(SUBMAKE) -C $(@:-uninstall=) uninstall
 
 _uninstall: $(SUBDIRS_UNINSTALL)
-	rm -f "$(DESTDIR)$(MODULES_DIR)/"*
+	rm -f "$(DESTDIR)$(ASTMODDIR)/"*
 	rm -f "$(DESTDIR)$(ASTSBINDIR)/"*asterisk*
 	rm -f "$(DESTDIR)$(ASTSBINDIR)/astgenkey"
 	rm -f "$(DESTDIR)$(ASTSBINDIR)/autosupport"

Modified: team/kpfleming/libasteriskssl/Makefile.moddir_rules
URL: http://svnview.digium.com/svn/asterisk/team/kpfleming/libasteriskssl/Makefile.moddir_rules?view=diff&rev=351447&r1=351409&r2=351447
==============================================================================
--- team/kpfleming/libasteriskssl/Makefile.moddir_rules (original)
+++ team/kpfleming/libasteriskssl/Makefile.moddir_rules Wed Jan 18 11:51:24 2012
@@ -122,7 +122,7 @@
 
 install:: all
 	@echo "Installing modules from `basename $(CURDIR)`..."
-	@for x in $(LOADABLE_MODS:%=%.so); do $(INSTALL) -m 755 $$x "$(DESTDIR)$(MODULES_DIR)" ; done
+	@for x in $(LOADABLE_MODS:%=%.so); do $(INSTALL) -m 755 $$x "$(DESTDIR)$(ASTMODDIR)" ; done
 
 uninstall::
 

Modified: team/kpfleming/libasteriskssl/build_tools/make_defaults_h
URL: http://svnview.digium.com/svn/asterisk/team/kpfleming/libasteriskssl/build_tools/make_defaults_h?view=diff&rev=351447&r1=351409&r2=351447
==============================================================================
--- team/kpfleming/libasteriskssl/build_tools/make_defaults_h (original)
+++ team/kpfleming/libasteriskssl/build_tools/make_defaults_h Wed Jan 18 11:51:24 2012
@@ -8,7 +8,7 @@
 #define DEFAULT_CONFIG_FILE "${INSTALL_PATH}${ASTCONFPATH}"
 
 #define DEFAULT_CONFIG_DIR "${INSTALL_PATH}${ASTETCDIR}"
-#define DEFAULT_MODULE_DIR "${INSTALL_PATH}${MODULES_DIR}"
+#define DEFAULT_MODULE_DIR "${INSTALL_PATH}${ASTMODDIR}"
 #define DEFAULT_AGI_DIR    "${INSTALL_PATH}${AGI_DIR}"
 #define DEFAULT_LOG_DIR    "${INSTALL_PATH}${ASTLOGDIR}"
 

Modified: team/kpfleming/libasteriskssl/build_tools/mkpkgconfig
URL: http://svnview.digium.com/svn/asterisk/team/kpfleming/libasteriskssl/build_tools/mkpkgconfig?view=diff&rev=351447&r1=351409&r2=351447
==============================================================================
--- team/kpfleming/libasteriskssl/build_tools/mkpkgconfig (original)
+++ team/kpfleming/libasteriskssl/build_tools/mkpkgconfig Wed Jan 18 11:51:24 2012
@@ -39,7 +39,7 @@
 spooldir=$ASTSPOOLDIR
 logdir=$ASTLOGDIR
 confpath=$ASTCONFPATH
-moddir=$MODULES_DIR
+moddir=$ASTMODDIR
 agidir=$AGI_DIR
 
 Name: asterisk

Modified: team/kpfleming/libasteriskssl/configure.ac
URL: http://svnview.digium.com/svn/asterisk/team/kpfleming/libasteriskssl/configure.ac?view=diff&rev=351447&r1=351409&r2=351447
==============================================================================
--- team/kpfleming/libasteriskssl/configure.ac (original)
+++ team/kpfleming/libasteriskssl/configure.ac Wed Jan 18 11:51:24 2012
@@ -47,7 +47,8 @@
 AC_SUBST([astsbindir],        ['${sbindir}'])dnl
 AC_SUBST([astetcdir],         ['${sysconfdir}/asterisk'])dnl
 AC_SUBST([astheaderdir],      ['${includedir}/asterisk'])dnl
-AC_SUBST([astlibdir],         ['${libdir}/asterisk'])dnl
+AC_SUBST([astlibdir],         ['${libdir}'])dnl
+AC_SUBST([astmoddir],         ['${libdir}/asterisk/modules'])dnl
 AC_SUBST([astmandir],         ['${mandir}'])dnl
 AC_SUBST([astvarlibdir],      ['${localstatedir}/lib/asterisk'])dnl
 AC_SUBST([astdatadir],        ['${astvarlibdir}'])dnl
@@ -93,7 +94,7 @@
      darwin*)
      ac_default_prefix=/usr/local
      if test ${prefix} = 'NONE'; then
-        astlibdir='/Library/Application Support/Asterisk/Modules'
+        astmoddir='/Library/Application Support/Asterisk/Modules'
         astvarlibdir='/Library/Application Support/Asterisk'
         astlogdir=/Library/Logs/Asterisk
         astvarrundir='/Library/Application Support/Asterisk/Run'
@@ -106,6 +107,7 @@
         astetcdir=/var/etc/asterisk
         astsbindir=/opt/asterisk/sbin
         astlibdir=/opt/asterisk/lib
+        astmoddir=/opt/asterisk/lib/modules
         astheaderdir=/opt/asterisk/include
         astmandir=/opt/asterisk/man
         astvarlibdir=/var/opt/asterisk

Modified: team/kpfleming/libasteriskssl/include/asterisk.h
URL: http://svnview.digium.com/svn/asterisk/team/kpfleming/libasteriskssl/include/asterisk.h?view=diff&rev=351447&r1=351409&r2=351447
==============================================================================
--- team/kpfleming/libasteriskssl/include/asterisk.h (original)
+++ team/kpfleming/libasteriskssl/include/asterisk.h Wed Jan 18 11:51:24 2012
@@ -224,4 +224,8 @@
 #define bzero  0x__dont_use_bzero__use_memset_instead""
 #define bcopy  0x__dont_use_bcopy__use_memmove_instead()
 
+/* Some handy macros for turning a preprocessor token into (effectively) a quoted string */
+#define __stringify_1(x)	#x
+#define __stringify(x)		__stringify_1(x)
+
 #endif /* _ASTERISK_H */

Modified: team/kpfleming/libasteriskssl/include/asterisk/optional_api.h
URL: http://svnview.digium.com/svn/asterisk/team/kpfleming/libasteriskssl/include/asterisk/optional_api.h?view=diff&rev=351447&r1=351409&r2=351447
==============================================================================
--- team/kpfleming/libasteriskssl/include/asterisk/optional_api.h (original)
+++ team/kpfleming/libasteriskssl/include/asterisk/optional_api.h Wed Jan 18 11:51:24 2012
@@ -88,9 +88,6 @@
  *
  * WARNING WARNING WARNING WARNING WARNING
  */
-
-#define __stringify_1(x)	#x
-#define __stringify(x)		__stringify_1(x)
 
 /*!
  * \brief A common value for optional API stub functions to return

Modified: team/kpfleming/libasteriskssl/main/Makefile
URL: http://svnview.digium.com/svn/asterisk/team/kpfleming/libasteriskssl/main/Makefile?view=diff&rev=351447&r1=351409&r2=351447
==============================================================================
--- team/kpfleming/libasteriskssl/main/Makefile (original)
+++ team/kpfleming/libasteriskssl/main/Makefile Wed Jan 18 11:51:24 2012
@@ -18,7 +18,7 @@
 include $(ASTTOPDIR)/Makefile.moddir_rules
 
 # Must include the extra ast_expr2.c, ast_expr2f.c, in case they need to be regenerated (because to force regeneration, we delete them)
-SRC=$(wildcard *.c) ast_expr2.c ast_expr2f.c
+SRC=$(filter-out libasteriskssl.c,$(wildcard *.c)) ast_expr2.c ast_expr2f.c
 OBJSFILTER=fskmodem_int.o fskmodem_float.o cygload.o buildinfo.o
 OBJS=$(filter-out $(OBJSFILTER),$(SRC:.c=.o))
 
@@ -30,7 +30,7 @@
 OBJS+=../res/res_adsi.o
 endif
 
-AST_LIBS += $(OPENSSL_LIB)
+ASTSSL_LIBS += $(OPENSSL_LIB)
 AST_LIBS += $(BKTR_LIB)
 AST_LIBS += $(LIBXML2_LIB) 
 AST_LIBS += $(SQLITE3_LIB)
@@ -89,7 +89,8 @@
 endif
 
 ifeq ($(OSARCH),SunOS)
-  AST_LIBS+=-lpthread -ldl -lrt -lnsl -lsocket -lresolv -L/opt/ssl/lib -L/usr/local/ssl/lib
+  AST_LIBS+=-lpthread -ldl -lrt -lnsl -lsocket -lresolv
+  ASTSSL_LIBS+=-L/opt/ssl/lib -L/usr/local/ssl/lib
   ASTLINK=
 endif
 
@@ -178,13 +179,20 @@
 
 $(OBJS): _ASTCFLAGS+=-DAST_MODULE=\"core\"
 
-$(MAIN_TGT): $(OBJS) editline/libedit.a $(AST_EMBED_LDSCRIPTS)
+ifeq ($(findstring $(OSARCH), mingw32 cygwin ),)
+# don't define -fPIC on mingw32 and cygwin, it is the default
+libasteriskssl.so: _ASTCFLAGS+=-fPIC
+endif
+libasteriskssl.so: _ASTCFLAGS+=-DAST_MODULE=\"libasteriskssl\"
+libasteriskssl.so: LIBS+=$(ASTSSL_LIBS)
+
+$(MAIN_TGT): $(OBJS) libasteriskssl.so editline/libedit.a $(AST_EMBED_LDSCRIPTS)
 	@$(CC) -c -o buildinfo.o $(_ASTCFLAGS) buildinfo.c $(ASTCFLAGS)
 	$(ECHO_PREFIX) echo "   [LD] $(OBJS) editline/libedit.a $(AST_EMBED_LDSCRIPTS) -> $@"
 ifneq ($(findstring chan_h323,$(MENUSELECT_CHANNELS)),)
-	$(CMD_PREFIX) $(CC) $(STATIC_BUILD) -o $@ $(ASTLINK) $(AST_EMBED_LDFLAGS) $(_ASTLDFLAGS) $(ASTLDFLAGS) $(OBJS) editline/libedit.a $(AST_EMBED_LDSCRIPTS) buildinfo.o $(AST_LIBS) $(AST_EMBED_LIBS) $(GMIMELDFLAGS)
-else
-	$(CMD_PREFIX) $(CXX) $(STATIC_BUILD) -o $@ $(ASTLINK) $(AST_EMBED_LDFLAGS) $(_ASTLDFLAGS) $(ASTLDFLAGS) $(H323LDFLAGS) $(OBJS) editline/libedit.a $(AST_EMBED_LDSCRIPTS) buildinfo.o $(AST_LIBS) $(AST_EMBED_LIBS) $(H323LDLIBS) $(GMIMELDFLAGS)
+	$(CMD_PREFIX) $(CC) $(STATIC_BUILD) -o $@ $(ASTLINK) $(AST_EMBED_LDFLAGS) $(_ASTLDFLAGS) $(ASTLDFLAGS) $(OBJS) -L. -lasteriskssl editline/libedit.a $(AST_EMBED_LDSCRIPTS) buildinfo.o $(AST_LIBS) $(AST_EMBED_LIBS) $(GMIMELDFLAGS)
+else
+	$(CMD_PREFIX) $(CXX) $(STATIC_BUILD) -o $@ $(ASTLINK) $(AST_EMBED_LDFLAGS) $(_ASTLDFLAGS) $(ASTLDFLAGS) $(H323LDFLAGS) $(OBJS) -L. -lasteriskssl editline/libedit.a $(AST_EMBED_LDSCRIPTS) buildinfo.o $(AST_LIBS) $(AST_EMBED_LIBS) $(H323LDLIBS) $(GMIMELDFLAGS)
 endif
 
 ifeq ($(GNU_LD),1)
@@ -194,7 +202,7 @@
 endif
 
 clean::
-	rm -f asterisk
+	rm -f asterisk libasteriskssl.o libasteriskssl.so
 	rm -f asterisk.exports
 	@if [ -f editline/Makefile ]; then $(MAKE) -C editline distclean ; fi
 	@$(MAKE) -C stdtime clean

Copied: team/kpfleming/libasteriskssl/main/libasteriskssl.c (from r351409, trunk/main/ssl.c)
URL: http://svnview.digium.com/svn/asterisk/team/kpfleming/libasteriskssl/main/libasteriskssl.c?view=diff&rev=351447&p1=trunk/main/ssl.c&r1=351409&p2=team/kpfleming/libasteriskssl/main/libasteriskssl.c&r2=351447
==============================================================================
--- trunk/main/ssl.c (original)
+++ team/kpfleming/libasteriskssl/main/libasteriskssl.c Wed Jan 18 11:51:24 2012
@@ -16,7 +16,7 @@
  * at the top of the source tree.
  */
 
-/*! 
+/*!
  * \file
  * \brief Common OpenSSL support code
  *
@@ -32,6 +32,8 @@
 #include <openssl/err.h>
 #endif
 
+#include <dlfcn.h>
+
 #include "asterisk/_private.h" /* ast_ssl_init() */
 
 #include "asterisk/utils.h"
@@ -39,13 +41,17 @@
 
 #ifdef HAVE_OPENSSL
 
+#define get_OpenSSL_function(func) do { real_##func = dlsym(RTLD_NEXT, __stringify(func)); } while(0)
+
+static int startup_complete;
+
 static ast_mutex_t *ssl_locks;
 
 static int ssl_num_locks;
 
 static unsigned long ssl_threadid(void)
 {
-	return (unsigned long)pthread_self();
+	return (unsigned long) pthread_self();
 }
 
 static void ssl_lock(int mode, int n, const char *file, int line)
@@ -64,6 +70,229 @@
 	}
 }
 
+int SSL_library_init(void)
+{
+#if defined(AST_DEVMODE)
+	if (startup_complete) {
+		ast_debug(1, "Called after startup... ignoring!\n");
+	}
+#endif
+	return 0;
+}
+
+void SSL_load_error_strings(void)
+{
+#if defined(AST_DEVMODE)
+	if (startup_complete) {
+		ast_debug(1, "Called after startup... ignoring!\n");
+	}
+#endif
+}
+
+void ERR_load_SSL_strings(void)
+{
+#if defined(AST_DEVMODE)
+	if (startup_complete) {
+		ast_debug(1, "Called after startup... ignoring!\n");
+	}
+#endif
+}
+
+void ERR_load_crypto_strings(void)
+{
+#if defined(AST_DEVMODE)
+	if (startup_complete) {
+		ast_debug(1, "Called after startup... ignoring!\n");
+	}
+#endif
+}
+
+void ERR_load_BIO_strings(void)
+{
+#if defined(AST_DEVMODE)
+	if (startup_complete) {
+		ast_debug(1, "Called after startup... ignoring!\n");
+	}
+#endif
+}
+
+void CRYPTO_set_id_callback(unsigned long (*func)(void))
+{
+#if defined(AST_DEVMODE)
+	if (startup_complete) {
+		ast_debug(1, "Called after startup... ignoring!\n");
+	}
+#endif
+}
+
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type, const char *file, int line))
+{
+#if defined(AST_DEVMODE)
+	if (startup_complete) {
+		ast_debug(1, "Called after startup... ignoring!\n");
+	}
+#endif
+}
+
+void ERR_free_strings(void)
+{
+	/* we can't allow this to be called, ever */
+}
+
+static int (*real_SSL_CTX_check_private_key)(const SSL_CTX *ctx);
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+	return real_SSL_CTX_check_private_key(ctx);
+}
+
+static int (*real_SSL_CTX_load_verify_locations)(SSL_CTX *ctx, const char *CAfile, const char *CApath);
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath)
+{
+	return real_SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
+}
+
+static SSL_CTX *(*real_SSL_CTX_new)(const SSL_METHOD *method);
+
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *method)
+{
+	return real_SSL_CTX_new(method);
+}
+
+static int (*real_SSL_CTX_set_cipher_list)(SSL_CTX *ctx, const char *str);
+
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
+{
+	return real_SSL_CTX_set_cipher_list(ctx, str);
+}
+
+static int (*real_SSL_CTX_use_PrivateKey_file)(SSL_CTX *ctx, const char *file, int type);
+
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+	return real_SSL_CTX_use_PrivateKey_file(ctx, file, type);
+}
+
+static int (*real_SSL_CTX_use_certificate_file)(SSL_CTX *ctx, const char *file, int type);
+
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
+{
+	return real_SSL_CTX_use_certificate_file(ctx, file, type);
+}
+
+static int (*real_SSL_accept)(SSL *ssl);
+
+int SSL_accept(SSL *ssl)
+{
+	return real_SSL_accept(ssl);
+}
+
+static int (*real_SSL_connect)(SSL *ssl);
+
+int SSL_connect(SSL *ssl)
+{
+	return real_SSL_connect(ssl);
+}
+
+static void (*real_SSL_free)(SSL *ssl);
+
+void SSL_free(SSL *ssl)
+{
+	return real_SSL_free(ssl);
+}
+
+static int (*real_SSL_get_error)(const SSL *ssl, int ret);
+
+int SSL_get_error(const SSL *ssl, int ret)
+{
+	return real_SSL_get_error(ssl, ret);
+}
+
+static int (*real_SSL_get_fd)(const SSL *ssl);
+
+int SSL_get_fd(const SSL *ssl)
+{
+	return real_SSL_get_fd(ssl);
+}
+
+static X509 *(*real_SSL_get_peer_certificate)(const SSL *ssl);
+
+X509 *SSL_get_peer_certificate(const SSL *ssl)
+{
+	return real_SSL_get_peer_certificate(ssl);
+}
+
+static long (*real_SSL_get_verify_result)(const SSL *ssl);
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+	return real_SSL_get_verify_result(ssl);
+}
+
+static SSL *(*real_SSL_new)(SSL_CTX *ctx);
+
+SSL *SSL_new(SSL_CTX *ctx)
+{
+	return real_SSL_new(ctx);
+}
+
+static int (*real_SSL_read)(SSL *ssl, void *buf, int num);
+
+int SSL_read(SSL *ssl, void *buf, int num)
+{
+	return real_SSL_read(ssl, buf, num);
+}
+
+static int (*real_SSL_set_fd)(SSL *ssl, int fd);
+
+int SSL_set_fd(SSL *ssl, int fd)
+{
+	return real_SSL_set_fd(ssl, fd);
+}
+
+static int (*real_SSL_shutdown)(SSL *ssl);
+
+int SSL_shutdown(SSL *ssl)
+{
+	return real_SSL_shutdown(ssl);
+}
+
+static int (*real_SSL_write)(SSL *ssl, const void *buf, int num);
+
+int SSL_write(SSL *ssl, const void *buf, int num)
+{
+	return real_SSL_write(ssl, buf, num);
+}
+
+static const SSL_METHOD *(*real_SSLv23_client_method)(void);
+
+const SSL_METHOD *SSLv23_client_method(void)
+{
+	return real_SSLv23_client_method();
+}
+
+static const SSL_METHOD *(*real_SSLv23_server_method)(void);
+
+const SSL_METHOD *SSLv23_server_method(void)
+{
+	return real_SSLv23_server_method();
+}
+
+static const SSL_METHOD *(*real_SSLv3_client_method)(void);
+
+const SSL_METHOD *SSLv3_client_method(void)
+{
+	return real_SSLv3_client_method();
+}
+
+static const SSL_METHOD *(*real_TLSv1_client_method)(void);
+
+const SSL_METHOD *TLSv1_client_method(void)
+{
+	return real_TLSv1_client_method();
+}
+
 #endif /* HAVE_OPENSSL */
 
 /*!
@@ -74,25 +303,112 @@
 {
 #ifdef HAVE_OPENSSL
 	unsigned int i;
-
-	SSL_library_init();
-	SSL_load_error_strings();
-	ERR_load_crypto_strings();
-	ERR_load_BIO_strings();
+	int (*real_SSL_library_init)(void);
+	void (*real_CRYPTO_set_id_callback)(unsigned long (*)(void));
+	void (*real_CRYPTO_set_locking_callback)(void (*)(int, int, const char *, int));
+	void (*real_SSL_load_error_strings)(void);
+	void (*real_ERR_load_SSL_strings)(void);
+	void (*real_ERR_load_crypto_strings)(void);
+	void (*real_ERR_load_BIO_strings)(void);
+	const char *errstr;
+
+	/* clear any previous dynamic linker errors */
+	dlerror();
+	get_OpenSSL_function(SSL_library_init);
+	if ((errstr = dlerror()) != NULL) {
+		ast_debug(1, "unable to get real address of SSL_library_init: %s\n", errstr);
+		/* there is no way to continue in this situation... SSL will
+		 * likely be broken in this process
+		 */
+		return -1;
+	} else {
+		real_SSL_library_init();
+	}
+
+	/* Make OpenSSL usage thread-safe. */
+
+	dlerror();
+	get_OpenSSL_function(CRYPTO_set_id_callback);
+	if ((errstr = dlerror()) != NULL) {
+		ast_debug(1, "unable to get real address of CRYPTO_set_id_callback: %s\n", errstr);
+		/* there is no way to continue in this situation... SSL will
+		 * likely be broken in this process
+		 */
+		return -1;
+	} else {
+		real_CRYPTO_set_id_callback(ssl_threadid);
+	}
+
+	dlerror();
+	get_OpenSSL_function(CRYPTO_set_locking_callback);
+	if ((errstr = dlerror()) != NULL) {
+		ast_debug(1, "unable to get real address of CRYPTO_set_locking_callback: %s\n", errstr);
+		/* there is no way to continue in this situation... SSL will
+		 * likely be broken in this process
+		 */
+		return -1;
+	} else {
+		ssl_num_locks = CRYPTO_num_locks();
+		if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) {
+			return -1;
+		}
+		for (i = 0; i < ssl_num_locks; i++) {
+			ast_mutex_init(&ssl_locks[i]);
+		}
+		real_CRYPTO_set_locking_callback(ssl_lock);
+	}
+
+	/* after this point, we don't check for errors from the dlsym() calls,
+	 * under the assumption that if the ones above were successful, all
+	 * the rest will be too. this assumption holds as long as OpenSSL still
+	 * provides all of these functions.
+	 */
+
+	get_OpenSSL_function(SSL_load_error_strings);
+	real_SSL_load_error_strings();
+
+	get_OpenSSL_function(ERR_load_SSL_strings);
+	real_ERR_load_SSL_strings();
+
+	get_OpenSSL_function(ERR_load_crypto_strings);
+	real_ERR_load_crypto_strings();
+
+	get_OpenSSL_function(ERR_load_BIO_strings);
+	real_ERR_load_BIO_strings();
+
+	/* now retrieve the pointers to all the OpenSSL library functions used
+	 * by code in the main Asterisk binary, so that we can route them through
+	 * this library.
+	 */
+	get_OpenSSL_function(SSL_CTX_check_private_key);
+	get_OpenSSL_function(SSL_CTX_load_verify_locations);
+	get_OpenSSL_function(SSL_CTX_new);
+	get_OpenSSL_function(SSL_CTX_set_cipher_list);
+	get_OpenSSL_function(SSL_CTX_use_PrivateKey_file);
+	get_OpenSSL_function(SSL_CTX_use_certificate_file);
+	get_OpenSSL_function(SSL_accept);
+	get_OpenSSL_function(SSL_connect);
+	get_OpenSSL_function(SSL_free);
+	get_OpenSSL_function(SSL_get_error);
+	get_OpenSSL_function(SSL_get_fd);
+	get_OpenSSL_function(SSL_get_peer_certificate);
+	get_OpenSSL_function(SSL_get_verify_result);
+	get_OpenSSL_function(SSL_new);
+	get_OpenSSL_function(SSL_read);
+	get_OpenSSL_function(SSL_set_fd);
+	get_OpenSSL_function(SSL_shutdown);
+	get_OpenSSL_function(SSL_write);
+	get_OpenSSL_function(SSLv23_client_method);
+	get_OpenSSL_function(SSLv23_server_method);
+	get_OpenSSL_function(SSLv3_client_method);
+	get_OpenSSL_function(TLSv1_client_method);
+
+#if 0
+	/* currently this is just another call to SSL_library_init, so we don't call it */
 	OpenSSL_add_all_algorithms();
-
-	/* Make OpenSSL thread-safe. */
-
-	CRYPTO_set_id_callback(ssl_threadid);
-
-	ssl_num_locks = CRYPTO_num_locks();
-	if (!(ssl_locks = ast_calloc(ssl_num_locks, sizeof(ssl_locks[0])))) {
-		return -1;
-	}
-	for (i = 0; i < ssl_num_locks; i++) {
-		ast_mutex_init(&ssl_locks[i]);
-	}
-	CRYPTO_set_locking_callback(ssl_lock);
+#endif
+
+	startup_complete = 1;
 
 #endif /* HAVE_OPENSSL */
 	return 0;

Modified: team/kpfleming/libasteriskssl/makeopts.in
URL: http://svnview.digium.com/svn/asterisk/team/kpfleming/libasteriskssl/makeopts.in?view=diff&rev=351447&r1=351409&r2=351447
==============================================================================
--- team/kpfleming/libasteriskssl/makeopts.in (original)
+++ team/kpfleming/libasteriskssl/makeopts.in Wed Jan 18 11:51:24 2012
@@ -81,6 +81,7 @@
 ASTETCDIR = @astetcdir@
 ASTHEADERDIR = @astheaderdir@
 ASTLIBDIR = @astlibdir@
+ASTMODDIR = @astmoddir@
 ASTMANDIR = @astmandir@
 astvarlibdir = @astvarlibdir@
 ASTVARLIBDIR = @astvarlibdir@

More information about the asterisk-commits mailing list