[svn-commits] mjordan: trunk r417900 - in /trunk: ./ include/asterisk/ main/

SVN commits to the Digium repositories svn-commits at lists.digium.com
Thu Jul 3 11:55:53 CDT 2014 

Author: mjordan
Date: Thu Jul  3 11:55:44 2014
New Revision: 417900

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=417900
Log:
main/tcptls: Add checks for OpenSSL Elliptic Curve support

The patch for ASTERISK-23905 that added PFS support in Asterisk depends on the
elliptic curve library support being present in OpenSSL. As it turns out, some
versions of OpenSSL don't have this library - notably the version running on
our build agents.

This patch fixes the build by providing a configure check for the specific
library calls that the PFS patch relies on.

Review: https://reviewboard.asterisk.org/r/3709/

Modified:
    trunk/configure
    trunk/configure.ac
    trunk/include/asterisk/autoconfig.h.in
    trunk/main/tcptls.c

Modified: trunk/configure.ac
URL: http://svnview.digium.com/svn/asterisk/trunk/configure.ac?view=diff&rev=417900&r1=417899&r2=417900
==============================================================================
--- trunk/configure.ac (original)
+++ trunk/configure.ac Thu Jul  3 11:55:44 2014
@@ -391,6 +391,7 @@
 AST_EXT_LIB_SETUP([CRYPT], [password and data encryption], [crypt])
 AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography], [crypto])
 AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_SRTP], [OpenSSL SRTP Extension Support], [CRYPTO], [crypto])
+AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_EC], [OpenSSL Elliptic Curve Support], [CRYPTO], [crypto])
 AST_EXT_LIB_SETUP([DAHDI], [DAHDI], [dahdi])
 AST_EXT_LIB_SETUP([FFMPEG], [Ffmpeg and avcodec], [avcodec])
 AST_EXT_LIB_SETUP([GSM], [External GSM], [gsm], [, use 'internal' GSM otherwise])
@@ -2231,6 +2232,11 @@
         AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto])
 fi
 
+if test "$PBX_OPENSSL" = "1";
+then
+	AST_EXT_LIB_CHECK([OPENSSL_EC], [ssl], [EC_KEY_new_by_curve_name], [openssl/ec.h], [-lcrypto])
+fi
+
 AST_EXT_LIB_CHECK([SRTP], [srtp], [srtp_init], [srtp/srtp.h])
 
 if test "$PBX_SRTP" = "1";

Modified: trunk/include/asterisk/autoconfig.h.in
URL: http://svnview.digium.com/svn/asterisk/trunk/include/asterisk/autoconfig.h.in?view=diff&rev=417900&r1=417899&r2=417900
==============================================================================
--- trunk/include/asterisk/autoconfig.h.in (original)
+++ trunk/include/asterisk/autoconfig.h.in Thu Jul  3 11:55:44 2014
@@ -544,6 +544,9 @@
 
 /* Define to 1 if you have the OpenSSL Secure Sockets Layer library. */
 #undef HAVE_OPENSSL
+
+/* Define to 1 if CRYPTO has the OpenSSL Elliptic Curve Support feature. */
+#undef HAVE_OPENSSL_EC
 
 /* Define to 1 if CRYPTO has the OpenSSL SRTP Extension Support feature. */
 #undef HAVE_OPENSSL_SRTP

Modified: trunk/main/tcptls.c
URL: http://svnview.digium.com/svn/asterisk/trunk/main/tcptls.c?view=diff&rev=417900&r1=417899&r2=417900
==============================================================================
--- trunk/main/tcptls.c (original)
+++ trunk/main/tcptls.c Thu Jul  3 11:55:44 2014
@@ -825,6 +825,8 @@
 		}
 	}
 
+#ifdef HAVE_OPENSSL_EC
+
 	if (!ast_strlen_zero(cfg->pvtfile)) {
 		BIO *bio = BIO_new_file(cfg->pvtfile, "r");
 		if (bio != NULL) {
@@ -856,6 +858,8 @@
 			EC_KEY_free(ecdh);
 		}
 	}
+
+#endif /* #ifdef HAVE_OPENSSL_EC */
 
 	ast_verb(2, "TLS/SSL certificate ok\n");	/* We should log which one that is ok. This message doesn't really make sense in production use */
 	return 1;

More information about the svn-commits mailing list