[Asterisk-code-review] Build: Fix issues building without SSL. (asterisk[13])

Corey Farrell asteriskteam at digium.com
Sun Nov 19 14:01:04 CST 2017 

Corey Farrell has uploaded this change for review. ( https://gerrit.asterisk.org/7294


Change subject: Build: Fix issues building without SSL.
......................................................................

Build: Fix issues building without SSL.

* Add configure check for modern vs legacy SSL library, determined by
  existence of the SSL_library_init symbol.
* Update libasteriskssl to use the configure result instead of trying to
  interpret versions that might be in headers.
* Use variables produced by configure to link the SSL and uuid libraries
  into libasteriskpj.so instead hard-coding them.

ASTERISK-27431

Change-Id: I3977931fd3ef8c4e4376349ccddb354eb839b58d
---
M configure
M configure.ac
M include/asterisk/autoconfig.h.in
M main/Makefile
M main/libasteriskssl.c
5 files changed, 56 insertions(+), 26 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/94/7294/1

diff --git a/configure b/configure
index f64883b..96c9de6 100755
--- a/configure
+++ b/configure
@@ -32684,10 +32684,6 @@
 fi
 
 
-fi
-
-if test "$PBX_OPENSSL" = "1";
-then
 
 if test "x${PBX_OPENSSL_EC}" != "x1" -a "${USE_OPENSSL_EC}" != "no"; then
    pbxlibdir=""
@@ -32792,10 +32788,6 @@
 fi
 
 
-fi
-
-if test "$PBX_OPENSSL" = "1";
-then
 
     if test "x${PBX_SSL_OP_NO_TLSV1_1}" != "x1"; then
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_OP_NO_TLSv1_1 in openssl/ssl.h" >&5
@@ -32888,6 +32880,39 @@
     fi
 
 
+
+	saved_LIBS="${LIBS}"
+	LIBS="${LIBS} ${OPENSSL_LIB}"
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether SSL library is modern" >&5
+$as_echo_n "checking whether SSL library is modern... " >&6; }
+	# if the SSL library is modern we will fail to link against SSL_library_init.
+	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int SSL_library_init(void);
+int
+main ()
+{
+SSL_library_init();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+
+			{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAVE_MODERN_SSL 1" >>confdefs.h
+
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+	LIBS="${saved_LIBS}"
 fi
 
 
diff --git a/configure.ac b/configure.ac
index 30ff4ac..eccc79c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2451,19 +2451,25 @@
 
 if test "$PBX_OPENSSL" = "1";
 then
-        AST_CHECK_OSPTK([4], [0], [0])
-        AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto])
-fi
-
-if test "$PBX_OPENSSL" = "1";
-then
+	AST_CHECK_OSPTK([4], [0], [0])
+	AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto])
 	AST_EXT_LIB_CHECK([OPENSSL_EC], [ssl], [EC_KEY_new_by_curve_name], [openssl/ec.h], [-lcrypto])
-fi
+	AST_C_DEFINE_CHECK([SSL_OP_NO_TLSV1_1], [SSL_OP_NO_TLSv1_1], [openssl/ssl.h])
+	AST_C_DEFINE_CHECK([SSL_OP_NO_TLSV1_2], [SSL_OP_NO_TLSv1_2], [openssl/ssl.h])
 
-if test "$PBX_OPENSSL" = "1";
-then
-        AST_C_DEFINE_CHECK([SSL_OP_NO_TLSV1_1], [SSL_OP_NO_TLSv1_1], [openssl/ssl.h])
-        AST_C_DEFINE_CHECK([SSL_OP_NO_TLSV1_2], [SSL_OP_NO_TLSv1_2], [openssl/ssl.h])
+	saved_LIBS="${LIBS}"
+	LIBS="${LIBS} ${OPENSSL_LIB}"
+	AC_MSG_CHECKING(whether SSL library is modern)
+	# if the SSL library is modern we will fail to link against SSL_library_init.
+	AC_LINK_IFELSE(
+		[AC_LANG_PROGRAM([int SSL_library_init(void);],[SSL_library_init();])],
+		[AC_MSG_RESULT(no)],
+		[
+			AC_MSG_RESULT(yes)
+			AC_DEFINE([HAVE_MODERN_SSL], [1], [Define to 1 if you have a modern SSL library.])
+		]
+	)
+	LIBS="${saved_LIBS}"
 fi
 
 AST_EXT_LIB_CHECK([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [2])
diff --git a/include/asterisk/autoconfig.h.in b/include/asterisk/autoconfig.h.in
index d142fe9..49b421c 100644
--- a/include/asterisk/autoconfig.h.in
+++ b/include/asterisk/autoconfig.h.in
@@ -498,6 +498,9 @@
 /* Define to 1 if you have a working `mmap' system call. */
 #undef HAVE_MMAP
 
+/* Define to 1 if you have a modern SSL library. */
+#undef HAVE_MODERN_SSL
+
 /* Define if your system has the MSG_NOSIGNAL headers. */
 #undef HAVE_MSG_NOSIGNAL
 
diff --git a/main/Makefile b/main/Makefile
index efb0caf..a157a7d 100644
--- a/main/Makefile
+++ b/main/Makefile
@@ -273,7 +273,7 @@
 
 $(ASTPJ_LIB).$(ASTPJ_SO_VERSION): _ASTLDFLAGS+=-Wl,-soname=$(ASTPJ_LIB).$(ASTPJ_SO_VERSION) $(PJ_LDFLAGS)
 $(ASTPJ_LIB).$(ASTPJ_SO_VERSION): _ASTCFLAGS+=-fPIC -DAST_MODULE=\"asteriskpj\" $(PJ_CFLAGS)
-$(ASTPJ_LIB).$(ASTPJ_SO_VERSION): LIBS+=$(PJPROJECT_LDLIBS) -lssl -lcrypto -luuid -lm -lpthread $(RT_LIB)
+$(ASTPJ_LIB).$(ASTPJ_SO_VERSION): LIBS+=$(PJPROJECT_LDLIBS) $(OPENSSL_LIB) $(UUID_LIB) -lm -lpthread $(RT_LIB)
 ifeq ($(GNU_LD),1)
     $(ASTPJ_LIB).$(ASTPJ_SO_VERSION): SO_SUPPRESS_SYMBOLS=-Wl,--version-script,libasteriskpj.exports,--warn-common
 endif
@@ -298,7 +298,7 @@
 # /lib or /usr/lib
 $(ASTPJ_LIB): _ASTLDFLAGS+=-dynamiclib -install_name $(ASTLIBDIR)/$(ASTPJ_LIB) $(PJ_LDFLAGS)
 $(ASTPJ_LIB): _ASTCFLAGS+=-fPIC -DAST_MODULE=\"asteriskpj\" $(PJ_CFLAGS)
-$(ASTPJ_LIB): LIBS+=$(PJPROJECT_LIBS)  -lssl -lcrypto -luuid -lm -lpthread $(RT_LIB)
+$(ASTPJ_LIB): LIBS+=$(PJPROJECT_LIBS) $(OPENSSL_LIB) $(UUID_LIB) -lm -lpthread $(RT_LIB)
 $(ASTPJ_LIB): SOLINK=$(DYLINK)
 
 # Special rules for building a shared library (not a dynamically loadable module)
diff --git a/main/libasteriskssl.c b/main/libasteriskssl.c
index a89f191..d4bf740 100644
--- a/main/libasteriskssl.c
+++ b/main/libasteriskssl.c
@@ -33,13 +33,9 @@
 
 #include "asterisk/_private.h" /* ast_ssl_init() */
 
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL) && !defined(HAVE_MODERN_SSL)
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#endif
-
-#if defined(HAVE_OPENSSL) && \
-	!defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
 #include <dlfcn.h>
 

-- 
To view, visit https://gerrit.asterisk.org/7294
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3977931fd3ef8c4e4376349ccddb354eb839b58d
Gerrit-Change-Number: 7294
Gerrit-PatchSet: 1
Gerrit-Owner: Corey Farrell <git at cfware.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171119/29fcadb7/attachment.html>

More information about the asterisk-code-review mailing list