<p>Corey Farrell has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/7294">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">Build: Fix issues building without SSL.<br><br>* Add configure check for modern vs legacy SSL library, determined by<br> existence of the SSL_library_init symbol.<br>* Update libasteriskssl to use the configure result instead of trying to<br> interpret versions that might be in headers.<br>* Use variables produced by configure to link the SSL and uuid libraries<br> into libasteriskpj.so instead hard-coding them.<br><br>ASTERISK-27431<br><br>Change-Id: I3977931fd3ef8c4e4376349ccddb354eb839b58d<br>---<br>M configure<br>M configure.ac<br>M include/asterisk/autoconfig.h.in<br>M main/Makefile<br>M main/libasteriskssl.c<br>5 files changed, 56 insertions(+), 26 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/94/7294/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/configure b/configure<br>index f64883b..96c9de6 100755<br>--- a/configure<br>+++ b/configure<br>@@ -32684,10 +32684,6 @@<br> fi<br> <br> <br>-fi<br>-<br>-if test "$PBX_OPENSSL" = "1";<br>-then<br> <br> if test "x${PBX_OPENSSL_EC}" != "x1" -a "${USE_OPENSSL_EC}" != "no"; then<br> pbxlibdir=""<br>@@ -32792,10 +32788,6 @@<br> fi<br> <br> <br>-fi<br>-<br>-if test "$PBX_OPENSSL" = "1";<br>-then<br> <br> if test "x${PBX_SSL_OP_NO_TLSV1_1}" != "x1"; then<br> { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_OP_NO_TLSv1_1 in openssl/ssl.h" >&5<br>@@ -32888,6 +32880,39 @@<br> fi<br> <br> <br>+<br>+ saved_LIBS="${LIBS}"<br>+ LIBS="${LIBS} ${OPENSSL_LIB}"<br>+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether SSL library is modern" >&5<br>+$as_echo_n "checking whether SSL library is modern... " >&6; }<br>+ # if the SSL library is modern we will fail to link against SSL_library_init.<br>+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext<br>+/* end confdefs.h. */<br>+int SSL_library_init(void);<br>+int<br>+main ()<br>+{<br>+SSL_library_init();<br>+ ;<br>+ return 0;<br>+}<br>+_ACEOF<br>+if ac_fn_c_try_link "$LINENO"; then :<br>+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5<br>+$as_echo "no" >&6; }<br>+else<br>+<br>+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5<br>+$as_echo "yes" >&6; }<br>+<br>+$as_echo "#define HAVE_MODERN_SSL 1" >>confdefs.h<br>+<br>+<br>+<br>+fi<br>+rm -f core conftest.err conftest.$ac_objext \<br>+ conftest$ac_exeext conftest.$ac_ext<br>+ LIBS="${saved_LIBS}"<br> fi<br> <br> <br>diff --git a/configure.ac b/configure.ac<br>index 30ff4ac..eccc79c 100644<br>--- a/configure.ac<br>+++ b/configure.ac<br>@@ -2451,19 +2451,25 @@<br> <br> if test "$PBX_OPENSSL" = "1";<br> then<br>- AST_CHECK_OSPTK([4], [0], [0])<br>- AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto])<br>-fi<br>-<br>-if test "$PBX_OPENSSL" = "1";<br>-then<br>+ AST_CHECK_OSPTK([4], [0], [0])<br>+ AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto])<br> AST_EXT_LIB_CHECK([OPENSSL_EC], [ssl], [EC_KEY_new_by_curve_name], [openssl/ec.h], [-lcrypto])<br>-fi<br>+ AST_C_DEFINE_CHECK([SSL_OP_NO_TLSV1_1], [SSL_OP_NO_TLSv1_1], [openssl/ssl.h])<br>+ AST_C_DEFINE_CHECK([SSL_OP_NO_TLSV1_2], [SSL_OP_NO_TLSv1_2], [openssl/ssl.h])<br> <br>-if test "$PBX_OPENSSL" = "1";<br>-then<br>- AST_C_DEFINE_CHECK([SSL_OP_NO_TLSV1_1], [SSL_OP_NO_TLSv1_1], [openssl/ssl.h])<br>- AST_C_DEFINE_CHECK([SSL_OP_NO_TLSV1_2], [SSL_OP_NO_TLSv1_2], [openssl/ssl.h])<br>+ saved_LIBS="${LIBS}"<br>+ LIBS="${LIBS} ${OPENSSL_LIB}"<br>+ AC_MSG_CHECKING(whether SSL library is modern)<br>+ # if the SSL library is modern we will fail to link against SSL_library_init.<br>+ AC_LINK_IFELSE(<br>+ [AC_LANG_PROGRAM([int SSL_library_init(void);],[SSL_library_init();])],<br>+ [AC_MSG_RESULT(no)],<br>+ [<br>+ AC_MSG_RESULT(yes)<br>+ AC_DEFINE([HAVE_MODERN_SSL], [1], [Define to 1 if you have a modern SSL library.])<br>+ ]<br>+ )<br>+ LIBS="${saved_LIBS}"<br> fi<br> <br> AST_EXT_LIB_CHECK([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [2])<br>diff --git a/include/asterisk/autoconfig.h.in b/include/asterisk/autoconfig.h.in<br>index d142fe9..49b421c 100644<br>--- a/include/asterisk/autoconfig.h.in<br>+++ b/include/asterisk/autoconfig.h.in<br>@@ -498,6 +498,9 @@<br> /* Define to 1 if you have a working `mmap' system call. */<br> #undef HAVE_MMAP<br> <br>+/* Define to 1 if you have a modern SSL library. */<br>+#undef HAVE_MODERN_SSL<br>+<br> /* Define if your system has the MSG_NOSIGNAL headers. */<br> #undef HAVE_MSG_NOSIGNAL<br> <br>diff --git a/main/Makefile b/main/Makefile<br>index efb0caf..a157a7d 100644<br>--- a/main/Makefile<br>+++ b/main/Makefile<br>@@ -273,7 +273,7 @@<br> <br> $(ASTPJ_LIB).$(ASTPJ_SO_VERSION): _ASTLDFLAGS+=-Wl,-soname=$(ASTPJ_LIB).$(ASTPJ_SO_VERSION) $(PJ_LDFLAGS)<br> $(ASTPJ_LIB).$(ASTPJ_SO_VERSION): _ASTCFLAGS+=-fPIC -DAST_MODULE=\"asteriskpj\" $(PJ_CFLAGS)<br>-$(ASTPJ_LIB).$(ASTPJ_SO_VERSION): LIBS+=$(PJPROJECT_LDLIBS) -lssl -lcrypto -luuid -lm -lpthread $(RT_LIB)<br>+$(ASTPJ_LIB).$(ASTPJ_SO_VERSION): LIBS+=$(PJPROJECT_LDLIBS) $(OPENSSL_LIB) $(UUID_LIB) -lm -lpthread $(RT_LIB)<br> ifeq ($(GNU_LD),1)<br> $(ASTPJ_LIB).$(ASTPJ_SO_VERSION): SO_SUPPRESS_SYMBOLS=-Wl,--version-script,libasteriskpj.exports,--warn-common<br> endif<br>@@ -298,7 +298,7 @@<br> # /lib or /usr/lib<br> $(ASTPJ_LIB): _ASTLDFLAGS+=-dynamiclib -install_name $(ASTLIBDIR)/$(ASTPJ_LIB) $(PJ_LDFLAGS)<br> $(ASTPJ_LIB): _ASTCFLAGS+=-fPIC -DAST_MODULE=\"asteriskpj\" $(PJ_CFLAGS)<br>-$(ASTPJ_LIB): LIBS+=$(PJPROJECT_LIBS) -lssl -lcrypto -luuid -lm -lpthread $(RT_LIB)<br>+$(ASTPJ_LIB): LIBS+=$(PJPROJECT_LIBS) $(OPENSSL_LIB) $(UUID_LIB) -lm -lpthread $(RT_LIB)<br> $(ASTPJ_LIB): SOLINK=$(DYLINK)<br> <br> # Special rules for building a shared library (not a dynamically loadable module)<br>diff --git a/main/libasteriskssl.c b/main/libasteriskssl.c<br>index a89f191..d4bf740 100644<br>--- a/main/libasteriskssl.c<br>+++ b/main/libasteriskssl.c<br>@@ -33,13 +33,9 @@<br> <br> #include "asterisk/_private.h" /* ast_ssl_init() */<br> <br>-#ifdef HAVE_OPENSSL<br>+#if defined(HAVE_OPENSSL) && !defined(HAVE_MODERN_SSL)<br> #include <openssl/ssl.h><br> #include <openssl/err.h><br>-#endif<br>-<br>-#if defined(HAVE_OPENSSL) && \<br>- !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)<br> <br> #include <dlfcn.h><br> <br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/7294">change 7294</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7294"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 13 </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I3977931fd3ef8c4e4376349ccddb354eb839b58d </div>
<div style="display:none"> Gerrit-Change-Number: 7294 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Corey Farrell <git@cfware.com> </div>