DAHDI_DIR
DAHDI_INCLUDE
DAHDI_LIB
-PBX_OPENSSL_EC
-OPENSSL_EC_DIR
-OPENSSL_EC_INCLUDE
-OPENSSL_EC_LIB
PBX_OPENSSL_SRTP
OPENSSL_SRTP_DIR
OPENSSL_SRTP_INCLUDE
-OPENSSL_EC_DESCRIP="OpenSSL Elliptic Curve Support"
-OPENSSL_EC_OPTION=crypto
-OPENSSL_EC_DIR=${CRYPTO_DIR}
-
-PBX_OPENSSL_EC=0
-
-
-
-
-
-
-
DAHDI_DESCRIP="DAHDI"
DAHDI_OPTION="dahdi"
PBX_DAHDI=0
fi
-fi
-
-if test "$PBX_OPENSSL" = "1";
-then
-
-if test "x${PBX_OPENSSL_EC}" != "x1" -a "${USE_OPENSSL_EC}" != "no"; then
- pbxlibdir=""
- # if --with-OPENSSL_EC=DIR has been specified, use it.
- if test "x${OPENSSL_EC_DIR}" != "x"; then
- if test -d ${OPENSSL_EC_DIR}/lib; then
- pbxlibdir="-L${OPENSSL_EC_DIR}/lib"
- else
- pbxlibdir="-L${OPENSSL_EC_DIR}"
- fi
- fi
-
- ast_ext_lib_check_save_CFLAGS="${CFLAGS}"
- CFLAGS="${CFLAGS} "
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EC_KEY_new_by_curve_name in -lssl" >&5
-$as_echo_n "checking for EC_KEY_new_by_curve_name in -lssl... " >&6; }
-if ${ac_cv_lib_ssl_EC_KEY_new_by_curve_name+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl ${pbxlibdir} -lcrypto $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char EC_KEY_new_by_curve_name ();
-int
-main ()
-{
-return EC_KEY_new_by_curve_name ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_ssl_EC_KEY_new_by_curve_name=yes
-else
- ac_cv_lib_ssl_EC_KEY_new_by_curve_name=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_EC_KEY_new_by_curve_name" >&5
-$as_echo "$ac_cv_lib_ssl_EC_KEY_new_by_curve_name" >&6; }
-if test "x$ac_cv_lib_ssl_EC_KEY_new_by_curve_name" = xyes; then :
- AST_OPENSSL_EC_FOUND=yes
-else
- AST_OPENSSL_EC_FOUND=no
-fi
-
- CFLAGS="${ast_ext_lib_check_save_CFLAGS}"
-
-
- # now check for the header.
- if test "${AST_OPENSSL_EC_FOUND}" = "yes"; then
- OPENSSL_EC_LIB="${pbxlibdir} -lssl -lcrypto"
- # if --with-OPENSSL_EC=DIR has been specified, use it.
- if test "x${OPENSSL_EC_DIR}" != "x"; then
- OPENSSL_EC_INCLUDE="-I${OPENSSL_EC_DIR}/include"
- fi
- OPENSSL_EC_INCLUDE="${OPENSSL_EC_INCLUDE} "
-
- # check for the header
- ast_ext_lib_check_saved_CPPFLAGS="${CPPFLAGS}"
- CPPFLAGS="${CPPFLAGS} ${OPENSSL_EC_INCLUDE}"
- ac_fn_c_check_header_mongrel "$LINENO" "openssl/ec.h" "ac_cv_header_openssl_ec_h" "$ac_includes_default"
-if test "x$ac_cv_header_openssl_ec_h" = xyes; then :
- OPENSSL_EC_HEADER_FOUND=1
-else
- OPENSSL_EC_HEADER_FOUND=0
-fi
-
-
- CPPFLAGS="${ast_ext_lib_check_saved_CPPFLAGS}"
-
- if test "x${OPENSSL_EC_HEADER_FOUND}" = "x0" ; then
- OPENSSL_EC_LIB=""
- OPENSSL_EC_INCLUDE=""
- else
-
- PBX_OPENSSL_EC=1
- cat >>confdefs.h <<_ACEOF
-#define HAVE_OPENSSL_EC 1
-_ACEOF
-
- fi
- fi
-fi
-
-
fi
AST_EXT_LIB_SETUP([CRYPT], [password and data encryption], [crypt])
AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography], [crypto])
AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_SRTP], [OpenSSL SRTP Extension Support], [CRYPTO], [crypto])
-AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_EC], [OpenSSL Elliptic Curve Support], [CRYPTO], [crypto])
AST_EXT_LIB_SETUP([DAHDI], [DAHDI], [dahdi])
AST_EXT_LIB_SETUP([FFMPEG], [Ffmpeg and avcodec], [avcodec])
AST_EXT_LIB_SETUP([GSM], [External GSM], [gsm], [, use 'internal' GSM otherwise])
AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto])
fi
-if test "$PBX_OPENSSL" = "1";
-then
- AST_EXT_LIB_CHECK([OPENSSL_EC], [ssl], [EC_KEY_new_by_curve_name], [openssl/ec.h], [-lcrypto])
-fi
-
AST_EXT_LIB_CHECK([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [2])
AST_EXT_LIB_CHECK_SHARED([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [], [
AC_MSG_WARN([***])
/* Define to 1 if you have the OpenSSL Secure Sockets Layer library. */
#undef HAVE_OPENSSL
-/* Define to 1 if CRYPTO has the OpenSSL Elliptic Curve Support feature. */
-#undef HAVE_OPENSSL_EC
-
/* Define to 1 if CRYPTO has the OpenSSL SRTP Extension Support feature. */
#undef HAVE_OPENSSL_SRTP
#include <fcntl.h>
#ifdef HAVE_OPENSSL_SRTP
+#include <openssl/opensslconf.h>
+#include <openssl/opensslv.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
+#if !defined(OPENSSL_NO_ECDH) && (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+#include <openssl/bn.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
#endif
#ifdef HAVE_PJPROJECT
X509 *certificate;
};
-#ifdef HAVE_OPENSSL_EC
-
static void configure_dhparams(const struct ast_rtp *rtp, const struct ast_rtp_dtls_cfg *dtls_cfg)
{
+#if !defined(OPENSSL_NO_ECDH) && (OPENSSL_VERSION_NUMBER >= 0x10000000L) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
EC_KEY *ecdh;
+#endif
+#ifndef OPENSSL_NO_DH
if (!ast_strlen_zero(dtls_cfg->pvtfile)) {
BIO *bio = BIO_new_file(dtls_cfg->pvtfile, "r");
if (bio) {
BIO_free(bio);
}
}
+#endif /* !OPENSSL_NO_DH */
+#if !defined(OPENSSL_NO_ECDH) && (OPENSSL_VERSION_NUMBER >= 0x10000000L) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
/* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (ecdh) {
}
EC_KEY_free(ecdh);
}
+#endif /* !OPENSSL_NO_ECDH */
}
+#if !defined(OPENSSL_NO_ECDH) && (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+
static int create_ephemeral_ec_keypair(EVP_PKEY **keypair)
{
EC_KEY *eckey = NULL;
* Validity period - Current Chrome & Firefox make it 31 days starting
* with yesterday at the current time, so we will do the same.
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (!X509_time_adj_ex(X509_get_notBefore(cert), -1, 0, NULL)
|| !X509_time_adj_ex(X509_get_notAfter(cert), 30, 0, NULL)) {
goto error;
}
+#else
+ if (!X509_time_adj_ex(X509_getm_notBefore(cert), -1, 0, NULL)
+ || !X509_time_adj_ex(X509_getm_notAfter(cert), 30, 0, NULL)) {
+ goto error;
+ }
+#endif
/* Set the name and issuer */
if (!(name = X509_get_subject_name(cert))
#else
-static void configure_dhparams(const struct ast_rtp *rtp, const struct ast_rtp_dtls_cfg *dtls_cfg)
-{
-}
-
static int create_certificate_ephemeral(struct ast_rtp_instance *instance,
const struct ast_rtp_dtls_cfg *dtls_cfg,
struct dtls_cert_info *cert_info)
return -1;
}
-#endif /* HAVE_OPENSSL_EC */
+#endif /* !OPENSSL_NO_ECDH */
static int create_certificate_from_file(struct ast_rtp_instance *instance,
const struct ast_rtp_dtls_cfg *dtls_cfg,
projects / thirdparty / asterisk.git / commitdiff
