diff --git a/configure b/configure index a7862c9604..91fe3160ae 100755 --- a/configure +++ b/configure @@ -30470,102 +30470,6 @@ $as_echo "no" >&6; } fi fi - -if test "x${PBX_OPENSSL_SRTP}" != "x1" -a "${USE_OPENSSL_SRTP}" != "no"; then - pbxlibdir="" - # if --with-OPENSSL_SRTP=DIR has been specified, use it. - if test "x${OPENSSL_SRTP_DIR}" != "x"; then - if test -d ${OPENSSL_SRTP_DIR}/lib; then - pbxlibdir="-L${OPENSSL_SRTP_DIR}/lib" - else - pbxlibdir="-L${OPENSSL_SRTP_DIR}" - fi - fi - - ast_ext_lib_check_save_CFLAGS="${CFLAGS}" - CFLAGS="${CFLAGS} " - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_tlsext_use_srtp in -lssl" >&5 -$as_echo_n "checking for SSL_CTX_set_tlsext_use_srtp in -lssl... " >&6; } -if ${ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl ${pbxlibdir} -lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SSL_CTX_set_tlsext_use_srtp (); -int -main () -{ -return SSL_CTX_set_tlsext_use_srtp (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp=yes -else - ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" >&5 -$as_echo "$ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" >&6; } -if test "x$ac_cv_lib_ssl_SSL_CTX_set_tlsext_use_srtp" = xyes; then : - AST_OPENSSL_SRTP_FOUND=yes -else - AST_OPENSSL_SRTP_FOUND=no -fi - - CFLAGS="${ast_ext_lib_check_save_CFLAGS}" - - - # now check for the header. - if test "${AST_OPENSSL_SRTP_FOUND}" = "yes"; then - OPENSSL_SRTP_LIB="${pbxlibdir} -lssl -lcrypto" - # if --with-OPENSSL_SRTP=DIR has been specified, use it. - if test "x${OPENSSL_SRTP_DIR}" != "x"; then - OPENSSL_SRTP_INCLUDE="-I${OPENSSL_SRTP_DIR}/include" - fi - OPENSSL_SRTP_INCLUDE="${OPENSSL_SRTP_INCLUDE} " - - # check for the header - ast_ext_lib_check_saved_CPPFLAGS="${CPPFLAGS}" - CPPFLAGS="${CPPFLAGS} ${OPENSSL_SRTP_INCLUDE}" - ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default" -if test "x$ac_cv_header_openssl_ssl_h" = xyes; then : - OPENSSL_SRTP_HEADER_FOUND=1 -else - OPENSSL_SRTP_HEADER_FOUND=0 -fi - - - CPPFLAGS="${ast_ext_lib_check_saved_CPPFLAGS}" - - if test "x${OPENSSL_SRTP_HEADER_FOUND}" = "x0" ; then - OPENSSL_SRTP_LIB="" - OPENSSL_SRTP_INCLUDE="" - else - - PBX_OPENSSL_SRTP=1 - cat >>confdefs.h <<_ACEOF -#define HAVE_OPENSSL_SRTP 1 -_ACEOF - - fi - fi -fi - - fi diff --git a/configure.ac b/configure.ac index fe5ab57943..b6ded90245 100644 --- a/configure.ac +++ b/configure.ac @@ -2504,7 +2504,6 @@ fi if test "$PBX_OPENSSL" = "1"; then AST_CHECK_OSPTK([4], [0], [0]) - AST_EXT_LIB_CHECK([OPENSSL_SRTP], [ssl], [SSL_CTX_set_tlsext_use_srtp], [openssl/ssl.h], [-lcrypto]) fi AST_EXT_LIB_CHECK([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [2]) diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c index f979763942..1a1307f11f 100644 --- a/res/res_rtp_asterisk.c +++ b/res/res_rtp_asterisk.c @@ -42,9 +42,10 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include #include -#ifdef HAVE_OPENSSL_SRTP +#ifdef HAVE_OPENSSL #include #include +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) #include #include #include @@ -52,6 +53,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include #endif #endif +#endif #ifdef HAVE_PJPROJECT #include @@ -268,7 +270,7 @@ struct rtp_learning_info { enum ast_media_type stream_type; }; -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) struct dtls_details { SSL *ssl; /*!< SSL session */ BIO *read_bio; /*!< Memory buffer for reading */ @@ -391,7 +393,7 @@ struct ast_rtp { unsigned int ice_num_components; /*!< The number of ICE components */ #endif -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) SSL_CTX *ssl_ctx; /*!< SSL context */ enum ast_rtp_dtls_verify dtls_verify; /*!< What to verify */ enum ast_srtp_suite suite; /*!< SRTP crypto suite */ @@ -468,7 +470,7 @@ struct ast_rtcp { /* VP8: sequence number for the RTCP FIR FCI */ int firseq; -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) struct dtls_details dtls; /*!< DTLS state information */ #endif @@ -522,7 +524,7 @@ static void ast_rtp_stop(struct ast_rtp_instance *instance); static int ast_rtp_qos_set(struct ast_rtp_instance *instance, int tos, int cos, const char* desc); static int ast_rtp_sendcng(struct ast_rtp_instance *instance, int level); -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) static int ast_rtp_activate(struct ast_rtp_instance *instance); static void dtls_srtp_check_pending(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp); static void dtls_srtp_start_timeout_timer(struct ast_rtp_instance *instance, struct ast_rtp *rtp, int rtcp); @@ -1541,7 +1543,7 @@ static struct ast_rtp_engine_ice ast_rtp_ice = { }; #endif -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) static int dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) { /* We don't want to actually verify the certificate so just accept what they have provided */ @@ -1997,13 +1999,13 @@ static struct ast_rtp_engine asterisk_rtp_engine = { #ifdef HAVE_PJPROJECT .ice = &ast_rtp_ice, #endif -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) .dtls = &ast_rtp_dtls, .activate = ast_rtp_activate, #endif }; -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) /*! \pre instance is locked */ static void dtls_perform_handshake(struct ast_rtp_instance *instance, struct dtls_details *dtls, int rtcp) { @@ -2064,7 +2066,7 @@ static void ast_rtp_on_ice_complete(pj_ice_sess *ice, pj_status_t status) } } -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) dtls_perform_handshake(instance, &rtp->dtls, 0); if (rtp->rtcp && rtp->rtcp->type == AST_RTP_INSTANCE_RTCP_STANDARD) { @@ -2195,7 +2197,7 @@ static inline int rtcp_debug_test_addr(struct ast_sockaddr *addr) return 1; } -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) /*! \pre instance is locked */ static int dtls_srtp_handle_timeout(struct ast_rtp_instance *instance, int rtcp) { @@ -2519,7 +2521,7 @@ static int __rtp_recvfrom(struct ast_rtp_instance *instance, void *buf, size_t s return len; } -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) /* If this is an SSL packet pass it to OpenSSL for processing. RFC section for first byte value: * https://tools.ietf.org/html/rfc5764#section-5.1.2 */ if ((*in >= 20) && (*in <= 63)) { @@ -3223,7 +3225,7 @@ static int ast_rtp_new(struct ast_rtp_instance *instance, /* Record any information we may need */ rtp->sched = sched; -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) rtp->rekeyid = -1; rtp->dtls.timeout_timer = -1; #endif @@ -3244,7 +3246,7 @@ static int ast_rtp_destroy(struct ast_rtp_instance *instance) struct timespec ts = { .tv_sec = wait.tv_sec, .tv_nsec = wait.tv_usec * 1000, }; #endif -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) ast_rtp_dtls_stop(instance); #endif @@ -5859,7 +5861,7 @@ static void ast_rtp_prop_set(struct ast_rtp_instance *instance, enum ast_rtp_pro return; } rtp->rtcp->s = -1; -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) rtp->rtcp->dtls.timeout_timer = -1; #endif rtp->rtcp->schedid = -1; @@ -5922,7 +5924,7 @@ static void ast_rtp_prop_set(struct ast_rtp_instance *instance, enum ast_rtp_pro rtp_add_candidates_to_ice(instance, rtp, &rtp->rtcp->us, ast_sockaddr_port(&rtp->rtcp->us), AST_RTP_ICE_COMPONENT_RTCP, TRANSPORT_SOCKET_RTCP); } #endif -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) dtls_setup_rtcp(instance); #endif } else { @@ -5942,7 +5944,7 @@ static void ast_rtp_prop_set(struct ast_rtp_instance *instance, enum ast_rtp_pro rtp->rtcp->s = rtp->s; ast_rtp_instance_get_remote_address(instance, &addr); ast_sockaddr_copy(&rtp->rtcp->them, &addr); -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) if (rtp->rtcp->dtls.ssl && rtp->rtcp->dtls.ssl != rtp->dtls.ssl) { SSL_free(rtp->rtcp->dtls.ssl); } @@ -5970,7 +5972,7 @@ static void ast_rtp_prop_set(struct ast_rtp_instance *instance, enum ast_rtp_pro if (rtp->rtcp->s > -1 && rtp->rtcp->s != rtp->s) { close(rtp->rtcp->s); } -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) ao2_unlock(instance); dtls_srtp_stop_timeout_timer(instance, rtp, 1); ao2_lock(instance); @@ -6212,7 +6214,7 @@ static void ast_rtp_stop(struct ast_rtp_instance *instance) struct ast_rtp *rtp = ast_rtp_instance_get_data(instance); struct ast_sockaddr addr = { {0,} }; -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) ao2_unlock(instance); AST_SCHED_DEL_UNREF(rtp->sched, rtp->rekeyid, ao2_ref(instance, -1)); @@ -6307,7 +6309,7 @@ static int ast_rtp_sendcng(struct ast_rtp_instance *instance, int level) return res; } -#ifdef HAVE_OPENSSL_SRTP +#if !defined(OPENSSL_NO_SRTP) && (OPENSSL_VERSION_NUMBER >= 0x10001000L) static void dtls_perform_setup(struct dtls_details *dtls) { if (!dtls->ssl || !SSL_is_init_finished(dtls->ssl)) {