fi
fi
-
-if test "x${PBX_OPENSSL_SRTP}" != "x1" -a "${USE_OPENSSL_SRTP}" != "no"; then
- pbxlibdir=""
- # if --with-OPENSSL_SRTP=DIR has been specified, use it.
- if test "x${OPENSSL_SRTP_DIR}" != "x"; then
- if test -d ${OPENSSL_SRTP_DIR}/lib; then
- pbxlibdir="-L${OPENSSL_SRTP_DIR}/lib"
- else
- pbxlibdir="-L${OPENSSL_SRTP_DIR}"
- fi
- fi
-
- ast_ext_lib_check_save_CFLAGS="${CFLAGS}"
- CFLAGS="${CFLAGS} "
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_tlsext_use_srtp in -lssl" >&5
-$as_echo_n "checking for SSL_CTX_set_tlsext_use_srtp in -lssl... " >&6; }
-if ${ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl ${pbxlibdir} -lcrypto $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_CTX_set_tlsext_use_srtp ();
-int
-main ()
-{
-return SSL_CTX_set_tlsext_use_srtp ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp=yes
-else
- ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" >&5
-$as_echo "$ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" >&6; }
-if test "x$ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" = xyes; then :
- AST_OPENSSL_SRTP_FOUND=yes
-else
- AST_OPENSSL_SRTP_FOUND=no
-fi
-
- CFLAGS="${ast_ext_lib_check_save_CFLAGS}"
-
-
- # now check for the header.
- if test "${AST_OPENSSL_SRTP_FOUND}" = "yes"; then
- OPENSSL_SRTP_LIB="${pbxlibdir} -lssl -lcrypto"
- # if --with-OPENSSL_SRTP=DIR has been specified, use it.
- if test "x${OPENSSL_SRTP_DIR}" != "x"; then
- OPENSSL_SRTP_INCLUDE="-I${OPENSSL_SRTP_DIR}/include"
- fi
- OPENSSL_SRTP_INCLUDE="${OPENSSL_SRTP_INCLUDE} "
-
- # check for the header
- ast_ext_lib_check_saved_CPPFLAGS="${CPPFLAGS}"
- CPPFLAGS="${CPPFLAGS} ${OPENSSL_SRTP_INCLUDE}"
- ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default"
-if test "x$ac_cv_header_openssl_ssl_h" = xyes; then :
- OPENSSL_SRTP_HEADER_FOUND=1
-else
- OPENSSL_SRTP_HEADER_FOUND=0
-fi
-
-
- CPPFLAGS="${ast_ext_lib_check_saved_CPPFLAGS}"
-
- if test "x${OPENSSL_SRTP_HEADER_FOUND}" = "x0" ; then
- OPENSSL_SRTP_LIB=""
- OPENSSL_SRTP_INCLUDE=""
- else
-
- PBX_OPENSSL_SRTP=1
- cat >>confdefs.h <<_ACEOF
-#define HAVE_OPENSSL_SRTP 1
-_ACEOF
-
- fi
- fi
-fi
-
-
fi
#include <signal.h>
#include <fcntl.h>
-#ifdef HAVE_OPENSSL_SRTP
+#ifdef HAVE_OPENSSL
#include <openssl/opensslconf.h>
#include <openssl/opensslv.h>
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/dh.h>
#endif
#endif
+#endif
#ifdef HAVE_PJPROJECT
#include <pjlib.h>
enum ast_media_type stream_type;
};
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
struct dtls_details {
SSL *ssl; /*!< SSL session */
BIO *read_bio; /*!< Memory buffer for reading */
unsigned int ice_num_components; /*!< The number of ICE components */
#endif
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
SSL_CTX *ssl_ctx; /*!< SSL context */
enum ast_rtp_dtls_verify dtls_verify; /*!< What to verify */
enum ast_srtp_suite suite; /*!< SRTP crypto suite */
/* VP8: sequence number for the RTCP FIR FCI */
int firseq;
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
struct dtls_details dtls; /*!< DTLS state information */
#endif
static int ast_rtp_extension_enable(struct ast_rtp_instance *instance, enum ast_rtp_extension extension);
static int ast_rtp_bundle(struct ast_rtp_instance *child, struct ast_rtp_instance *parent);
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
static int ast_rtp_activate(struct ast_rtp_instance *instance);
static void dtls_srtp_check_pending(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp);
static void dtls_srtp_start_timeout_timer(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp);
};
#endif
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
static int dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
/* We don't want to actually verify the certificate so just accept what they have provided */
#ifdef HAVE_PJPROJECT
.ice = &ast_rtp_ice,
#endif
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
.dtls = &ast_rtp_dtls,
.activate = ast_rtp_activate,
#endif
.bundle = ast_rtp_bundle,
};
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
/*! \pre instance is locked */
static void dtls_perform_handshake(struct ast_rtp_instance *instance, struct dtls_details *dtls, int rtcp)
{
}
#endif
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
static void dtls_perform_setup(struct dtls_details *dtls)
{
if (!dtls->ssl || !SSL_is_init_finished(dtls->ssl)) {
}
}
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
dtls_perform_setup(&rtp->dtls);
dtls_perform_handshake(instance, &rtp->dtls, 0);
return 1;
}
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
/*! \pre instance is locked */
static int dtls_srtp_handle_timeout(struct ast_rtp_instance *instance, int rtcp)
{
return len;
}
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
/* If this is an SSL packet pass it to OpenSSL for processing. RFC section for first byte value:
* https://tools.ietf.org/html/rfc5764#section-5.1.2 */
if ((*in >= 20) && (*in <= 63)) {
}
#endif
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
rtp->rekeyid = -1;
rtp->dtls.timeout_timer = -1;
#endif
struct timespec ts = { .tv_sec = wait.tv_sec, .tv_nsec = wait.tv_usec * 1000, };
#endif
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
ast_rtp_dtls_stop(instance);
#endif
return;
}
rtp->rtcp->s = -1;
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
rtp->rtcp->dtls.timeout_timer = -1;
#endif
rtp->rtcp->schedid = -1;
rtp_add_candidates_to_ice(instance, rtp, &rtp->rtcp->us, ast_sockaddr_port(&rtp->rtcp->us), AST_RTP_ICE_COMPONENT_RTCP, TRANSPORT_SOCKET_RTCP);
}
#endif
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
dtls_setup_rtcp(instance);
#endif
} else {
rtp->rtcp->s = rtp->s;
ast_rtp_instance_get_remote_address(instance, &addr);
ast_sockaddr_copy(&rtp->rtcp->them, &addr);
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
if (rtp->rtcp->dtls.ssl && rtp->rtcp->dtls.ssl != rtp->dtls.ssl) {
SSL_free(rtp->rtcp->dtls.ssl);
}
if (rtp->rtcp->s > -1 && rtp->rtcp->s != rtp->s) {
close(rtp->rtcp->s);
}
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
ao2_unlock(instance);
dtls_srtp_stop_timeout_timer(instance, rtp, 1);
ao2_lock(instance);
struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);
struct ast_sockaddr addr = { {0,} };
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
ao2_unlock(instance);
AST_SCHED_DEL_UNREF(rtp->sched, rtp->rekeyid, ao2_ref(instance, -1));
AST_VECTOR_APPEND(&parent_rtp->ssrc_mapping, mapping);
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
/* If DTLS-SRTP is already in use then add the local SSRC to it, otherwise it will get added once DTLS
* negotiation has been completed.
*/
return 0;
}
-#ifdef HAVE_OPENSSL_SRTP
+#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L)
/*! \pre instance is locked */
static int ast_rtp_activate(struct ast_rtp_instance *instance)
{
projects / thirdparty / asterisk.git / commitdiff
