Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

main/tcptls: Add checks for OpenSSL Elliptic Curve support

Browse Source 
The patch for ASTERISK-23905 that added PFS support in Asterisk depends on the
elliptic curve library support being present in OpenSSL. As it turns out, some
versions of OpenSSL don't have this library - notably the version running on
our build agents.

This patch fixes the build by providing a configure check for the specific
library calls that the PFS patch relies on.

Review: https://reviewboard.asterisk.org/r/3709/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417900 65c4cc65-6c06-0410-ace0-fbb531ad65f3
changes/97/197/1
Matthew Jordan 11 years ago
parent aa370d6105
commit 758b13858b
4 changed files with 384 additions and 259 deletions
Show Stats Download Patch File Download Diff File

630
configure vendored
View File

File diff suppressed because it is too large Load Diff

6
configure.ac
Unescape View File

@ -391,6 +391,7 @@ AST_EXT_LIB_SETUP([CURSES], [curses], [curses])
AST_EXT_LIB_SETUP([CRYPT], [password and data encryption], [crypt])
AST_EXT_LIB_SETUP([CRYPTO], [OpenSSL Cryptography], [crypto])
AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_SRTP], [OpenSSL SRTP Extension Support], [CRYPTO], [crypto])
AST_EXT_LIB_SETUP_OPTIONAL([OPENSSL_EC], [OpenSSL Elliptic Curve Support], [CRYPTO], [crypto])
AST_EXT_LIB_SETUP([DAHDI], [DAHDI], [dahdi])
AST_EXT_LIB_SETUP([FFMPEG], [Ffmpeg and avcodec], [avcodec])
AST_EXT_LIB_SETUP([GSM], [External GSM], [gsm], [, use 'internal' GSM otherwise])
@ -2231,6 +2232,11 @@ then
AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto])
fi
if test "$PBX_OPENSSL" = "1";
then
AST_EXT_LIB_CHECK([OPENSSL_EC], [ssl], [EC_KEY_new_by_curve_name], [openssl/ec.h], [-lcrypto])
fi
AST_EXT_LIB_CHECK([SRTP], [srtp], [srtp_init], [srtp/srtp.h])
if test "$PBX_SRTP" = "1";

3
include/asterisk/autoconfig.h.in
Unescape View File

@ -545,6 +545,9 @@
/* Define to 1 if you have the OpenSSL Secure Sockets Layer library. */
#undef HAVE_OPENSSL
/* Define to 1 if CRYPTO has the OpenSSL Elliptic Curve Support feature. */
#undef HAVE_OPENSSL_EC
/* Define to 1 if CRYPTO has the OpenSSL SRTP Extension Support feature. */
#undef HAVE_OPENSSL_SRTP

4
main/tcptls.c
Unescape View File

@ -825,6 +825,8 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
}
}
#ifdef HAVE_OPENSSL_EC
if (!ast_strlen_zero(cfg->pvtfile)) {
BIO *bio = BIO_new_file(cfg->pvtfile, "r");
if (bio != NULL) {
@ -857,6 +859,8 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
}
}
#endif /* #ifdef HAVE_OPENSSL_EC */
ast_verb(2, "TLS/SSL certificate ok\n"); /* We should log which one that is ok. This message doesn't really make sense in production use */
return 1;
#endif

Write Preview
Loading…
Cancel
Save