<p>Joshua Colp <strong>merged</strong> this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/11469">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Kevin Harwell: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved
Joshua Colp: Approved for Submit
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_rtp_asterisk: Add support for DTLS packet fragmentation.<br><br>This change adds support for larger TLS certificates by allowing<br>OpenSSL to fragment the DTLS packets according to the configured<br>MTU. By default this is set to 1200.<br><br>This is accomplished by implementing our own BIO method that<br>supports MTU querying. The configured MTU is returned to OpenSSL<br>which fragments the packet accordingly. When a packet is to be<br>sent it is done directly out the RTP instance.<br><br>ASTERISK-28018<br><br>Change-Id: If2d5032019a28ffd48f43e9e93ed71dbdbf39c06<br>---<br>M configs/samples/rtp.conf.sample<br>M configure<br>M configure.ac<br>A doc/CHANGES-staging/res_rtp_asterisk_dtls_fragmentation.txt<br>M include/asterisk/autoconfig.h.in<br>M menuselect/configure<br>M res/res_rtp_asterisk.c<br>7 files changed, 284 insertions(+), 54 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/configs/samples/rtp.conf.sample b/configs/samples/rtp.conf.sample</span><br><span>index a2664e4..a94707e 100644</span><br><span>--- a/configs/samples/rtp.conf.sample</span><br><span>+++ b/configs/samples/rtp.conf.sample</span><br><span>@@ -102,6 +102,10 @@</span><br><span> ;</span><br><span> ; ice_blacklist =</span><br><span> ;</span><br><span style="color: hsl(120, 100%, 40%);">+; The MTU to use for DTLS packet fragmentation. This option is set to 1200</span><br><span style="color: hsl(120, 100%, 40%);">+; by default. The minimum MTU is 256.</span><br><span style="color: hsl(120, 100%, 40%);">+; dtls_mtu = 1200</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span> [ice_host_candidates]</span><br><span> ;</span><br><span> ; When Asterisk is behind a static one-to-one NAT and ICE is in use, ICE will</span><br><span>diff --git a/configure b/configure</span><br><span>index 2a704b5..92143a4 100755</span><br><span>--- a/configure</span><br><span>+++ b/configure</span><br><span>@@ -1152,6 +1152,10 @@</span><br><span> DAHDI_DIR</span><br><span> DAHDI_INCLUDE</span><br><span> DAHDI_LIB</span><br><span style="color: hsl(120, 100%, 40%);">+PBX_OPENSSL_BIO_METHOD</span><br><span style="color: hsl(120, 100%, 40%);">+OPENSSL_BIO_METHOD_DIR</span><br><span style="color: hsl(120, 100%, 40%);">+OPENSSL_BIO_METHOD_INCLUDE</span><br><span style="color: hsl(120, 100%, 40%);">+OPENSSL_BIO_METHOD_LIB</span><br><span> PBX_OPENSSL_SRTP</span><br><span> OPENSSL_SRTP_DIR</span><br><span> OPENSSL_SRTP_INCLUDE</span><br><span>@@ -9827,6 +9831,18 @@</span><br><span> </span><br><span> </span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+OPENSSL_BIO_METHOD_DESCRIP="OpenSSL BIO Method Support"</span><br><span style="color: hsl(120, 100%, 40%);">+OPENSSL_BIO_METHOD_OPTION=crypto</span><br><span style="color: hsl(120, 100%, 40%);">+OPENSSL_BIO_METHOD_DIR=${CRYPTO_DIR}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+PBX_OPENSSL_BIO_METHOD=0</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> DAHDI_DESCRIP="DAHDI"</span><br><span> DAHDI_OPTION="dahdi"</span><br><span> PBX_DAHDI=0</span><br><span>@@ -31149,6 +31165,102 @@</span><br><span> fi</span><br><span> </span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+if test "x${PBX_OPENSSL_BIO_METHOD}" != "x1" -a "${USE_OPENSSL_BIO_METHOD}" != "no"; then</span><br><span style="color: hsl(120, 100%, 40%);">+ pbxlibdir=""</span><br><span style="color: hsl(120, 100%, 40%);">+ # if --with-OPENSSL_BIO_METHOD=DIR has been specified, use it.</span><br><span style="color: hsl(120, 100%, 40%);">+ if test "x${OPENSSL_BIO_METHOD_DIR}" != "x"; then</span><br><span style="color: hsl(120, 100%, 40%);">+ if test -d ${OPENSSL_BIO_METHOD_DIR}/lib; then</span><br><span style="color: hsl(120, 100%, 40%);">+ pbxlibdir="-L${OPENSSL_BIO_METHOD_DIR}/lib"</span><br><span style="color: hsl(120, 100%, 40%);">+ else</span><br><span style="color: hsl(120, 100%, 40%);">+ pbxlibdir="-L${OPENSSL_BIO_METHOD_DIR}"</span><br><span style="color: hsl(120, 100%, 40%);">+ fi</span><br><span style="color: hsl(120, 100%, 40%);">+ fi</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_ext_lib_check_save_CFLAGS="${CFLAGS}"</span><br><span style="color: hsl(120, 100%, 40%);">+ CFLAGS="${CFLAGS} "</span><br><span style="color: hsl(120, 100%, 40%);">+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BIO_meth_new in -lssl" >&5</span><br><span style="color: hsl(120, 100%, 40%);">+$as_echo_n "checking for BIO_meth_new in -lssl... " >&6; }</span><br><span style="color: hsl(120, 100%, 40%);">+if ${ac_cv_lib_ssl_BIO_meth_new+:} false; then :</span><br><span style="color: hsl(120, 100%, 40%);">+ $as_echo_n "(cached) " >&6</span><br><span style="color: hsl(120, 100%, 40%);">+else</span><br><span style="color: hsl(120, 100%, 40%);">+ ac_check_lib_save_LIBS=$LIBS</span><br><span style="color: hsl(120, 100%, 40%);">+LIBS="-lssl ${pbxlibdir} -lcrypto $LIBS"</span><br><span style="color: hsl(120, 100%, 40%);">+cat confdefs.h - <<_ACEOF >conftest.$ac_ext</span><br><span style="color: hsl(120, 100%, 40%);">+/* end confdefs.h. */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/* Override any GCC internal prototype to avoid an error.</span><br><span style="color: hsl(120, 100%, 40%);">+ Use char because int might match the return type of a GCC</span><br><span style="color: hsl(120, 100%, 40%);">+ builtin and then its argument prototype would still apply. */</span><br><span style="color: hsl(120, 100%, 40%);">+#ifdef __cplusplus</span><br><span style="color: hsl(120, 100%, 40%);">+extern "C"</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+char BIO_meth_new ();</span><br><span style="color: hsl(120, 100%, 40%);">+int</span><br><span style="color: hsl(120, 100%, 40%);">+main ()</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+return BIO_meth_new ();</span><br><span style="color: hsl(120, 100%, 40%);">+ ;</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+_ACEOF</span><br><span style="color: hsl(120, 100%, 40%);">+if ac_fn_c_try_link "$LINENO"; then :</span><br><span style="color: hsl(120, 100%, 40%);">+ ac_cv_lib_ssl_BIO_meth_new=yes</span><br><span style="color: hsl(120, 100%, 40%);">+else</span><br><span style="color: hsl(120, 100%, 40%);">+ ac_cv_lib_ssl_BIO_meth_new=no</span><br><span style="color: hsl(120, 100%, 40%);">+fi</span><br><span style="color: hsl(120, 100%, 40%);">+rm -f core conftest.err conftest.$ac_objext \</span><br><span style="color: hsl(120, 100%, 40%);">+ conftest$ac_exeext conftest.$ac_ext</span><br><span style="color: hsl(120, 100%, 40%);">+LIBS=$ac_check_lib_save_LIBS</span><br><span style="color: hsl(120, 100%, 40%);">+fi</span><br><span style="color: hsl(120, 100%, 40%);">+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_BIO_meth_new" >&5</span><br><span style="color: hsl(120, 100%, 40%);">+$as_echo "$ac_cv_lib_ssl_BIO_meth_new" >&6; }</span><br><span style="color: hsl(120, 100%, 40%);">+if test "x$ac_cv_lib_ssl_BIO_meth_new" = xyes; then :</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_OPENSSL_BIO_METHOD_FOUND=yes</span><br><span style="color: hsl(120, 100%, 40%);">+else</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_OPENSSL_BIO_METHOD_FOUND=no</span><br><span style="color: hsl(120, 100%, 40%);">+fi</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ CFLAGS="${ast_ext_lib_check_save_CFLAGS}"</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ # now check for the header.</span><br><span style="color: hsl(120, 100%, 40%);">+ if test "${AST_OPENSSL_BIO_METHOD_FOUND}" = "yes"; then</span><br><span style="color: hsl(120, 100%, 40%);">+ OPENSSL_BIO_METHOD_LIB="${pbxlibdir} -lssl -lcrypto"</span><br><span style="color: hsl(120, 100%, 40%);">+ # if --with-OPENSSL_BIO_METHOD=DIR has been specified, use it.</span><br><span style="color: hsl(120, 100%, 40%);">+ if test "x${OPENSSL_BIO_METHOD_DIR}" != "x"; then</span><br><span style="color: hsl(120, 100%, 40%);">+ OPENSSL_BIO_METHOD_INCLUDE="-I${OPENSSL_BIO_METHOD_DIR}/include"</span><br><span style="color: hsl(120, 100%, 40%);">+ fi</span><br><span style="color: hsl(120, 100%, 40%);">+ OPENSSL_BIO_METHOD_INCLUDE="${OPENSSL_BIO_METHOD_INCLUDE} "</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ # check for the header</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_ext_lib_check_saved_CPPFLAGS="${CPPFLAGS}"</span><br><span style="color: hsl(120, 100%, 40%);">+ CPPFLAGS="${CPPFLAGS} ${OPENSSL_BIO_METHOD_INCLUDE}"</span><br><span style="color: hsl(120, 100%, 40%);">+ ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default"</span><br><span style="color: hsl(120, 100%, 40%);">+if test "x$ac_cv_header_openssl_ssl_h" = xyes; then :</span><br><span style="color: hsl(120, 100%, 40%);">+ OPENSSL_BIO_METHOD_HEADER_FOUND=1</span><br><span style="color: hsl(120, 100%, 40%);">+else</span><br><span style="color: hsl(120, 100%, 40%);">+ OPENSSL_BIO_METHOD_HEADER_FOUND=0</span><br><span style="color: hsl(120, 100%, 40%);">+fi</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ CPPFLAGS="${ast_ext_lib_check_saved_CPPFLAGS}"</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if test "x${OPENSSL_BIO_METHOD_HEADER_FOUND}" = "x0" ; then</span><br><span style="color: hsl(120, 100%, 40%);">+ OPENSSL_BIO_METHOD_LIB=""</span><br><span style="color: hsl(120, 100%, 40%);">+ OPENSSL_BIO_METHOD_INCLUDE=""</span><br><span style="color: hsl(120, 100%, 40%);">+ else</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ PBX_OPENSSL_BIO_METHOD=1</span><br><span style="color: hsl(120, 100%, 40%);">+ cat >>confdefs.h <<_ACEOF</span><br><span style="color: hsl(120, 100%, 40%);">+#define HAVE_OPENSSL_BIO_METHOD 1</span><br><span style="color: hsl(120, 100%, 40%);">+_ACEOF</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ fi</span><br><span style="color: hsl(120, 100%, 40%);">+ fi</span><br><span style="color: hsl(120, 100%, 40%);">+fi</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> fi</span><br><span> </span><br><span> if test "$PBX_OPENSSL" = "1";</span><br><span>diff --git a/configure.ac b/configure.ac</span><br><span>index e65f159..b2fcb85 100644</span><br><span>--- a/configure.ac</span><br><span>+++ b/configure.ac</span><br><span>@@ -480,6 +480,7 @@</span><br><span> AST_EXT_LIB_SETUP([CRYPT], [password and data encryption], [crypt])</span><br><span> AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography], [crypto])</span><br><span> AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_SRTP], [OpenSSL SRTP Extension Support], [CRYPTO], [crypto])</span><br><span style="color: hsl(120, 100%, 40%);">+AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_BIO_METHOD], [OpenSSL BIO Method Support], [CRYPTO], [crypto])</span><br><span> AST_EXT_LIB_SETUP([DAHDI], [DAHDI], [dahdi])</span><br><span> AST_EXT_LIB_SETUP([FFMPEG], [Ffmpeg and avcodec], [avcodec])</span><br><span> AST_EXT_LIB_SETUP([GSM], [External GSM], [gsm], [, use 'internal' GSM otherwise])</span><br><span>@@ -2588,6 +2589,7 @@</span><br><span> if test "$PBX_CRYPTO" = "1";</span><br><span> then</span><br><span> AST_EXT_LIB_CHECK([OPENSSL], [ssl], [SSL_connect], [openssl/ssl.h], [-lcrypto])</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_EXT_LIB_CHECK([OPENSSL_BIO_METHOD], [ssl], [BIO_meth_new], [openssl/ssl.h], [-lcrypto])</span><br><span> fi</span><br><span> </span><br><span> if test "$PBX_OPENSSL" = "1";</span><br><span>diff --git a/doc/CHANGES-staging/res_rtp_asterisk_dtls_fragmentation.txt b/doc/CHANGES-staging/res_rtp_asterisk_dtls_fragmentation.txt</span><br><span>new file mode 100644</span><br><span>index 0000000..dfc5984</span><br><span>--- /dev/null</span><br><span>+++ b/doc/CHANGES-staging/res_rtp_asterisk_dtls_fragmentation.txt</span><br><span>@@ -0,0 +1,5 @@</span><br><span style="color: hsl(120, 100%, 40%);">+Subject: res_rtp_asterisk</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+DTLS packets will now be fragmented according to the MTU as set in rtp.conf. This</span><br><span style="color: hsl(120, 100%, 40%);">+allows larger certificates to be used for the DTLS negotiation. By default this value</span><br><span style="color: hsl(120, 100%, 40%);">+is 1200.</span><br><span>diff --git a/include/asterisk/autoconfig.h.in b/include/asterisk/autoconfig.h.in</span><br><span>index 71df798..8f7aaa1 100644</span><br><span>--- a/include/asterisk/autoconfig.h.in</span><br><span>+++ b/include/asterisk/autoconfig.h.in</span><br><span>@@ -582,6 +582,9 @@</span><br><span> /* Define to 1 if you have the OpenSSL Secure Sockets Layer library. */</span><br><span> #undef HAVE_OPENSSL</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+/* Define to 1 if CRYPTO has the OpenSSL BIO Method Support feature. */</span><br><span style="color: hsl(120, 100%, 40%);">+#undef HAVE_OPENSSL_BIO_METHOD</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /* Define to 1 if CRYPTO has the OpenSSL SRTP Extension Support feature. */</span><br><span> #undef HAVE_OPENSSL_SRTP</span><br><span> </span><br><span>diff --git a/menuselect/configure b/menuselect/configure</span><br><span>index 8efb637..fd7d24b 100755</span><br><span>--- a/menuselect/configure</span><br><span>+++ b/menuselect/configure</span><br><span>@@ -692,6 +692,7 @@</span><br><span> docdir</span><br><span> oldincludedir</span><br><span> includedir</span><br><span style="color: hsl(120, 100%, 40%);">+runstatedir</span><br><span> localstatedir</span><br><span> sharedstatedir</span><br><span> sysconfdir</span><br><span>@@ -772,6 +773,7 @@</span><br><span> sysconfdir='${prefix}/etc'</span><br><span> sharedstatedir='${prefix}/com'</span><br><span> localstatedir='${prefix}/var'</span><br><span style="color: hsl(120, 100%, 40%);">+runstatedir='${localstatedir}/run'</span><br><span> includedir='${prefix}/include'</span><br><span> oldincludedir='/usr/include'</span><br><span> docdir='${datarootdir}/doc/${PACKAGE}'</span><br><span>@@ -1024,6 +1026,15 @@</span><br><span> | -silent | --silent | --silen | --sile | --sil)</span><br><span> silent=yes ;;</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ -runstatedir | --runstatedir | --runstatedi | --runstated \</span><br><span style="color: hsl(120, 100%, 40%);">+ | --runstate | --runstat | --runsta | --runst | --runs \</span><br><span style="color: hsl(120, 100%, 40%);">+ | --run | --ru | --r)</span><br><span style="color: hsl(120, 100%, 40%);">+ ac_prev=runstatedir ;;</span><br><span style="color: hsl(120, 100%, 40%);">+ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \</span><br><span style="color: hsl(120, 100%, 40%);">+ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \</span><br><span style="color: hsl(120, 100%, 40%);">+ | --run=* | --ru=* | --r=*)</span><br><span style="color: hsl(120, 100%, 40%);">+ runstatedir=$ac_optarg ;;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)</span><br><span> ac_prev=sbindir ;;</span><br><span> -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \</span><br><span>@@ -1161,7 +1172,7 @@</span><br><span> for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \</span><br><span> datadir sysconfdir sharedstatedir localstatedir includedir \</span><br><span> oldincludedir docdir infodir htmldir dvidir pdfdir psdir \</span><br><span style="color: hsl(0, 100%, 40%);">- libdir localedir mandir</span><br><span style="color: hsl(120, 100%, 40%);">+ libdir localedir mandir runstatedir</span><br><span> do</span><br><span> eval ac_val=\$$ac_var</span><br><span> # Remove trailing slashes.</span><br><span>@@ -1314,6 +1325,7 @@</span><br><span> --sysconfdir=DIR read-only single-machine data [PREFIX/etc]</span><br><span> --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]</span><br><span> --localstatedir=DIR modifiable single-machine data [PREFIX/var]</span><br><span style="color: hsl(120, 100%, 40%);">+ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]</span><br><span> --libdir=DIR object code libraries [EPREFIX/lib]</span><br><span> --includedir=DIR C header files [PREFIX/include]</span><br><span> --oldincludedir=DIR C header files for non-gcc [/usr/include]</span><br><span>diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c</span><br><span>index 335a329..b55a7d5 100644</span><br><span>--- a/res/res_rtp_asterisk.c</span><br><span>+++ b/res/res_rtp_asterisk.c</span><br><span>@@ -174,6 +174,7 @@</span><br><span> </span><br><span> #define DEFAULT_STRICT_RTP STRICT_RTP_YES /*!< Enabled by default */</span><br><span> #define DEFAULT_ICESUPPORT 1</span><br><span style="color: hsl(120, 100%, 40%);">+#define DEFAULT_DTLS_MTU 1200</span><br><span> </span><br><span> extern struct ast_srtp_res *res_srtp;</span><br><span> extern struct ast_srtp_policy_res *res_srtp_policy;</span><br><span>@@ -203,6 +204,9 @@</span><br><span> static int turnport = DEFAULT_TURN_PORT;</span><br><span> static pj_str_t turnusername;</span><br><span> static pj_str_t turnpassword;</span><br><span style="color: hsl(120, 100%, 40%);">+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_SRTP)</span><br><span style="color: hsl(120, 100%, 40%);">+static int dtls_mtu = DEFAULT_DTLS_MTU;</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span> </span><br><span> static struct ast_ha *ice_blacklist = NULL; /*!< Blacklisted ICE networks */</span><br><span> static ast_rwlock_t ice_blacklist_lock = AST_RWLOCK_INIT_VALUE;</span><br><span>@@ -593,13 +597,101 @@</span><br><span> </span><br><span> #if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_SRTP)</span><br><span> static int ast_rtp_activate(struct ast_rtp_instance *instance);</span><br><span style="color: hsl(0, 100%, 40%);">-static void dtls_srtp_check_pending(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp);</span><br><span> static void dtls_srtp_start_timeout_timer(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp);</span><br><span> static void dtls_srtp_stop_timeout_timer(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp);</span><br><span style="color: hsl(120, 100%, 40%);">+static int dtls_bio_write(BIO *bio, const char *buf, int len);</span><br><span style="color: hsl(120, 100%, 40%);">+static long dtls_bio_ctrl(BIO *bio, int cmd, long arg1, void *arg2);</span><br><span style="color: hsl(120, 100%, 40%);">+static int dtls_bio_new(BIO *bio);</span><br><span style="color: hsl(120, 100%, 40%);">+static int dtls_bio_free(BIO *bio);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#ifndef HAVE_OPENSSL_BIO_METHOD</span><br><span style="color: hsl(120, 100%, 40%);">+static BIO_METHOD dtls_bio_methods = {</span><br><span style="color: hsl(120, 100%, 40%);">+ .type = BIO_TYPE_BIO,</span><br><span style="color: hsl(120, 100%, 40%);">+ .name = "rtp write",</span><br><span style="color: hsl(120, 100%, 40%);">+ .bwrite = dtls_bio_write,</span><br><span style="color: hsl(120, 100%, 40%);">+ .ctrl = dtls_bio_ctrl,</span><br><span style="color: hsl(120, 100%, 40%);">+ .create = dtls_bio_new,</span><br><span style="color: hsl(120, 100%, 40%);">+ .destroy = dtls_bio_free,</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+#else</span><br><span style="color: hsl(120, 100%, 40%);">+static BIO_METHOD *dtls_bio_methods;</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span> #endif</span><br><span> </span><br><span> static int __rtp_sendto(struct ast_rtp_instance *instance, void *buf, size_t size, int flags, struct ast_sockaddr *sa, int rtcp, int *via_ice, int use_srtp);</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_SRTP)</span><br><span style="color: hsl(120, 100%, 40%);">+static int dtls_bio_new(BIO *bio)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+#ifdef HAVE_OPENSSL_BIO_METHOD</span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_set_init(bio, 1);</span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_set_data(bio, NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_set_shutdown(bio, 0);</span><br><span style="color: hsl(120, 100%, 40%);">+#else</span><br><span style="color: hsl(120, 100%, 40%);">+ bio->init = 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ bio->ptr = NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+ bio->flags = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+ return 1;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+static int dtls_bio_free(BIO *bio)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ /* The pointer on the BIO is that of the RTP instance. It is not reference counted as the BIO</span><br><span style="color: hsl(120, 100%, 40%);">+ * lifetime is tied to the instance, and actions on the BIO are taken by the thread handling</span><br><span style="color: hsl(120, 100%, 40%);">+ * the RTP instance - not another thread.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+#ifdef HAVE_OPENSSL_BIO_METHOD</span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_set_data(bio, NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+#else</span><br><span style="color: hsl(120, 100%, 40%);">+ bio->ptr = NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+ return 1;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+static int dtls_bio_write(BIO *bio, const char *buf, int len)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+#ifdef HAVE_OPENSSL_BIO_METHOD</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_rtp_instance *instance = BIO_get_data(bio);</span><br><span style="color: hsl(120, 100%, 40%);">+#else</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_rtp_instance *instance = bio->ptr;</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);</span><br><span style="color: hsl(120, 100%, 40%);">+ int rtcp = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_sockaddr remote_address = { {0, } };</span><br><span style="color: hsl(120, 100%, 40%);">+ int ice;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (rtp->rtcp && rtp->rtcp->dtls.write_bio == bio) {</span><br><span style="color: hsl(120, 100%, 40%);">+ rtcp = 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_sockaddr_copy(&remote_address, &rtp->rtcp->them);</span><br><span style="color: hsl(120, 100%, 40%);">+ } else {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_rtp_instance_get_remote_address(instance, &remote_address);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_sockaddr_isnull(&remote_address)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return __rtp_sendto(instance, (char *)buf, len, 0, &remote_address, rtcp, &ice, 0);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+static long dtls_bio_ctrl(BIO *bio, int cmd, long arg1, void *arg2)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ switch (cmd) {</span><br><span style="color: hsl(120, 100%, 40%);">+ case BIO_CTRL_FLUSH:</span><br><span style="color: hsl(120, 100%, 40%);">+ return 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ case BIO_CTRL_DGRAM_QUERY_MTU:</span><br><span style="color: hsl(120, 100%, 40%);">+ return dtls_mtu;</span><br><span style="color: hsl(120, 100%, 40%);">+ case BIO_CTRL_WPENDING:</span><br><span style="color: hsl(120, 100%, 40%);">+ case BIO_CTRL_PENDING:</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0L;</span><br><span style="color: hsl(120, 100%, 40%);">+ default:</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> #ifdef HAVE_PJPROJECT</span><br><span> /*! \brief Helper function which clears the ICE host candidate mapping */</span><br><span> static void host_candidate_overrides_clear(void)</span><br><span>@@ -1630,7 +1722,7 @@</span><br><span> }</span><br><span> </span><br><span> static int dtls_details_initialize(struct dtls_details *dtls, SSL_CTX *ssl_ctx,</span><br><span style="color: hsl(0, 100%, 40%);">- enum ast_rtp_dtls_setup setup)</span><br><span style="color: hsl(120, 100%, 40%);">+ enum ast_rtp_dtls_setup setup, struct ast_rtp_instance *instance)</span><br><span> {</span><br><span> dtls->dtls_setup = setup;</span><br><span> </span><br><span>@@ -1645,12 +1737,20 @@</span><br><span> }</span><br><span> BIO_set_mem_eof_return(dtls->read_bio, -1);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (!(dtls->write_bio = BIO_new(BIO_s_mem()))) {</span><br><span style="color: hsl(120, 100%, 40%);">+#ifdef HAVE_OPENSSL_BIO_METHOD</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!(dtls->write_bio = BIO_new(dtls_bio_methods))) {</span><br><span> ast_log(LOG_ERROR, "Failed to allocate memory for outbound SSL traffic\n");</span><br><span> goto error;</span><br><span> }</span><br><span style="color: hsl(0, 100%, 40%);">- BIO_set_mem_eof_return(dtls->write_bio, -1);</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_set_data(dtls->write_bio, instance);</span><br><span style="color: hsl(120, 100%, 40%);">+#else</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!(dtls->write_bio = BIO_new(&dtls_bio_methods))) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "Failed to allocate memory for outbound SSL traffic\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ goto error;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ dtls->write_bio->ptr = instance;</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span> SSL_set_bio(dtls->ssl, dtls->read_bio, dtls->write_bio);</span><br><span> </span><br><span> if (dtls->dtls_setup == AST_RTP_DTLS_SETUP_PASSIVE) {</span><br><span>@@ -1688,7 +1788,7 @@</span><br><span> return 0;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- return dtls_details_initialize(&rtp->rtcp->dtls, rtp->ssl_ctx, rtp->dtls.dtls_setup);</span><br><span style="color: hsl(120, 100%, 40%);">+ return dtls_details_initialize(&rtp->rtcp->dtls, rtp->ssl_ctx, rtp->dtls.dtls_setup, instance);</span><br><span> }</span><br><span> </span><br><span> static const SSL_METHOD *get_dtls_method(void)</span><br><span>@@ -2081,7 +2181,7 @@</span><br><span> rtp->rekey = dtls_cfg->rekey;</span><br><span> rtp->suite = dtls_cfg->suite;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- res = dtls_details_initialize(&rtp->dtls, rtp->ssl_ctx, dtls_cfg->default_setup);</span><br><span style="color: hsl(120, 100%, 40%);">+ res = dtls_details_initialize(&rtp->dtls, rtp->ssl_ctx, dtls_cfg->default_setup, instance);</span><br><span> if (!res) {</span><br><span> dtls_setup_rtcp(instance);</span><br><span> }</span><br><span>@@ -2337,12 +2437,6 @@</span><br><span> * timer before we have a chance to even start it.</span><br><span> */</span><br><span> dtls_srtp_start_timeout_timer(instance, rtp, rtcp);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- /*</span><br><span style="color: hsl(0, 100%, 40%);">- * We must call dtls_srtp_check_pending() after starting the timer.</span><br><span style="color: hsl(0, 100%, 40%);">- * Otherwise we won't prevent the race condition.</span><br><span style="color: hsl(0, 100%, 40%);">- */</span><br><span style="color: hsl(0, 100%, 40%);">- dtls_srtp_check_pending(instance, rtp, rtcp);</span><br><span> }</span><br><span> #endif</span><br><span> </span><br><span>@@ -2533,7 +2627,6 @@</span><br><span> struct timeval dtls_timeout;</span><br><span> </span><br><span> DTLSv1_handle_timeout(dtls->ssl);</span><br><span style="color: hsl(0, 100%, 40%);">- dtls_srtp_check_pending(instance, rtp, rtcp);</span><br><span> </span><br><span> /* If a timeout can't be retrieved then this recurring scheduled item must stop */</span><br><span> if (!DTLSv1_get_timeout(dtls->ssl, &dtls_timeout)) {</span><br><span>@@ -2604,40 +2697,6 @@</span><br><span> AST_SCHED_DEL_UNREF(rtp->sched, dtls->timeout_timer, ao2_ref(instance, -1));</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-/*! \pre instance is locked */</span><br><span style="color: hsl(0, 100%, 40%);">-static void dtls_srtp_check_pending(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp)</span><br><span style="color: hsl(0, 100%, 40%);">-{</span><br><span style="color: hsl(0, 100%, 40%);">- struct dtls_details *dtls = !rtcp ? &rtp->dtls : &rtp->rtcp->dtls;</span><br><span style="color: hsl(0, 100%, 40%);">- size_t pending;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (!dtls->ssl || !dtls->write_bio) {</span><br><span style="color: hsl(0, 100%, 40%);">- return;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- pending = BIO_ctrl_pending(dtls->write_bio);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (pending > 0) {</span><br><span style="color: hsl(0, 100%, 40%);">- char outgoing[pending];</span><br><span style="color: hsl(0, 100%, 40%);">- size_t out;</span><br><span style="color: hsl(0, 100%, 40%);">- struct ast_sockaddr remote_address = { {0, } };</span><br><span style="color: hsl(0, 100%, 40%);">- int ice;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (!rtcp) {</span><br><span style="color: hsl(0, 100%, 40%);">- ast_rtp_instance_get_remote_address(instance, &remote_address);</span><br><span style="color: hsl(0, 100%, 40%);">- } else {</span><br><span style="color: hsl(0, 100%, 40%);">- ast_sockaddr_copy(&remote_address, &rtp->rtcp->them);</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- /* If we do not yet know an address to send this to defer it until we do */</span><br><span style="color: hsl(0, 100%, 40%);">- if (ast_sockaddr_isnull(&remote_address)) {</span><br><span style="color: hsl(0, 100%, 40%);">- return;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- out = BIO_read(dtls->write_bio, outgoing, sizeof(outgoing));</span><br><span style="color: hsl(0, 100%, 40%);">- __rtp_sendto(instance, outgoing, out, 0, &remote_address, rtcp, &ice, 0);</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-}</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> /* Scheduler callback */</span><br><span> static int dtls_srtp_renegotiate(const void *data)</span><br><span> {</span><br><span>@@ -2648,12 +2707,10 @@</span><br><span> </span><br><span> SSL_renegotiate(rtp->dtls.ssl);</span><br><span> SSL_do_handshake(rtp->dtls.ssl);</span><br><span style="color: hsl(0, 100%, 40%);">- dtls_srtp_check_pending(instance, rtp, 0);</span><br><span> </span><br><span> if (rtp->rtcp && rtp->rtcp->dtls.ssl && rtp->rtcp->dtls.ssl != rtp->dtls.ssl) {</span><br><span> SSL_renegotiate(rtp->rtcp->dtls.ssl);</span><br><span> SSL_do_handshake(rtp->rtcp->dtls.ssl);</span><br><span style="color: hsl(0, 100%, 40%);">- dtls_srtp_check_pending(instance, rtp, 1);</span><br><span> }</span><br><span> </span><br><span> rtp->rekeyid = -1;</span><br><span>@@ -2904,8 +2961,6 @@</span><br><span> SSL_set_accept_state(dtls->ssl);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- dtls_srtp_check_pending(instance, rtp, rtcp);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> BIO_write(dtls->read_bio, buf, len);</span><br><span> </span><br><span> len = SSL_read(dtls->ssl, buf, len);</span><br><span>@@ -2917,8 +2972,6 @@</span><br><span> return -1;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- dtls_srtp_check_pending(instance, rtp, rtcp);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> if (SSL_is_init_finished(dtls->ssl)) {</span><br><span> /* Any further connections will be existing since this is now established */</span><br><span> dtls->connection = AST_RTP_DTLS_CONNECTION_EXISTING;</span><br><span>@@ -8559,6 +8612,10 @@</span><br><span> blacklist_clear(&stun_blacklist_lock, &stun_blacklist);</span><br><span> #endif</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_SRTP)</span><br><span style="color: hsl(120, 100%, 40%);">+ dtls_mtu = DEFAULT_DTLS_MTU;</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> if ((s = ast_variable_retrieve(cfg, "general", "rtpstart"))) {</span><br><span> rtpstart = atoi(s);</span><br><span> if (rtpstart < MINIMUM_RTP_PORT)</span><br><span>@@ -8692,6 +8749,15 @@</span><br><span> /* Read STUN blacklist configuration lines */</span><br><span> blacklist_config_load(cfg, "stun_blacklist", &stun_blacklist_lock, &stun_blacklist);</span><br><span> #endif</span><br><span style="color: hsl(120, 100%, 40%);">+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_SRTP)</span><br><span style="color: hsl(120, 100%, 40%);">+ if ((s = ast_variable_retrieve(cfg, "general", "dtls_mtu"))) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if ((sscanf(s, "%d", &dtls_mtu) != 1) || dtls_mtu < 256) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_WARNING, "Value for 'dtls_mtu' could not be read, using default of '%d' instead\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ DEFAULT_DTLS_MTU);</span><br><span style="color: hsl(120, 100%, 40%);">+ dtls_mtu = DEFAULT_DTLS_MTU;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span> </span><br><span> ast_config_destroy(cfg);</span><br><span> </span><br><span>@@ -8769,7 +8835,24 @@</span><br><span> </span><br><span> #endif</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_SRTP) && defined(HAVE_OPENSSL_BIO_METHOD)</span><br><span style="color: hsl(120, 100%, 40%);">+ dtls_bio_methods = BIO_meth_new(BIO_TYPE_BIO, "rtp write");</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!dtls_bio_methods) {</span><br><span style="color: hsl(120, 100%, 40%);">+#ifdef HAVE_PJPROJECT</span><br><span style="color: hsl(120, 100%, 40%);">+ rtp_terminate_pjproject();</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+ return AST_MODULE_LOAD_DECLINE;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_meth_set_write(dtls_bio_methods, dtls_bio_write);</span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_meth_set_ctrl(dtls_bio_methods, dtls_bio_ctrl);</span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_meth_set_create(dtls_bio_methods, dtls_bio_new);</span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_meth_set_destroy(dtls_bio_methods, dtls_bio_free);</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> if (ast_rtp_engine_register(&asterisk_rtp_engine)) {</span><br><span style="color: hsl(120, 100%, 40%);">+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_SRTP) && defined(HAVE_OPENSSL_BIO_METHOD)</span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_meth_free(dtls_bio_methods);</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span> #ifdef HAVE_PJPROJECT</span><br><span> rtp_terminate_pjproject();</span><br><span> #endif</span><br><span>@@ -8777,6 +8860,9 @@</span><br><span> }</span><br><span> </span><br><span> if (ast_cli_register_multiple(cli_rtp, ARRAY_LEN(cli_rtp))) {</span><br><span style="color: hsl(120, 100%, 40%);">+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_SRTP) && defined(HAVE_OPENSSL_BIO_METHOD)</span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_meth_free(dtls_bio_methods);</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span> #ifdef HAVE_PJPROJECT</span><br><span> ast_rtp_engine_unregister(&asterisk_rtp_engine);</span><br><span> rtp_terminate_pjproject();</span><br><span>@@ -8794,6 +8880,12 @@</span><br><span> ast_rtp_engine_unregister(&asterisk_rtp_engine);</span><br><span> ast_cli_unregister_multiple(cli_rtp, ARRAY_LEN(cli_rtp));</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#if defined(HAVE_OPENSSL) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) && !defined(OPENSSL_NO_SRTP) && defined(HAVE_OPENSSL_BIO_METHOD)</span><br><span style="color: hsl(120, 100%, 40%);">+ if (dtls_bio_methods) {</span><br><span style="color: hsl(120, 100%, 40%);">+ BIO_meth_free(dtls_bio_methods);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> #ifdef HAVE_PJPROJECT</span><br><span> host_candidate_overrides_clear();</span><br><span> pj_thread_register_check();</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/11469">change 11469</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/11469"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: If2d5032019a28ffd48f43e9e93ed71dbdbf39c06 </div>
<div style="display:none"> Gerrit-Change-Number: 11469 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: Joshua Colp <jcolp@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>