Changeset 5537


Ignore:
Timestamp:
Jan 23, 2017 3:34:17 AM (8 years ago)
Author:
nanang
Message:

Close #1932: Support OpenSSL 1.1.0.

Location:
pjproject/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/aconfigure

    r5517 r5537  
    756756oldincludedir 
    757757includedir 
    758 runstatedir 
    759758localstatedir 
    760759sharedstatedir 
     
    879878sharedstatedir='${prefix}/com' 
    880879localstatedir='${prefix}/var' 
    881 runstatedir='${localstatedir}/run' 
    882880includedir='${prefix}/include' 
    883881oldincludedir='/usr/include' 
     
    11321130    silent=yes ;; 
    11331131 
    1134   -runstatedir | --runstatedir | --runstatedi | --runstated \ 
    1135   | --runstate | --runstat | --runsta | --runst | --runs \ 
    1136   | --run | --ru | --r) 
    1137     ac_prev=runstatedir ;; 
    1138   -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ 
    1139   | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ 
    1140   | --run=* | --ru=* | --r=*) 
    1141     runstatedir=$ac_optarg ;; 
    1142  
    11431132  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) 
    11441133    ac_prev=sbindir ;; 
     
    12781267                datadir sysconfdir sharedstatedir localstatedir includedir \ 
    12791268                oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ 
    1280                 libdir localedir mandir runstatedir 
     1269                libdir localedir mandir 
    12811270do 
    12821271  eval ac_val=\$$ac_var 
     
    14311420  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com] 
    14321421  --localstatedir=DIR     modifiable single-machine data [PREFIX/var] 
    1433   --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run] 
    14341422  --libdir=DIR            object code libraries [EPREFIX/lib] 
    14351423  --includedir=DIR        C header files [PREFIX/include] 
     
    78667854fi 
    78677855 
    7868                 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_library_init in -lssl" >&5 
    7869 $as_echo_n "checking for SSL_library_init in -lssl... " >&6; } 
    7870 if ${ac_cv_lib_ssl_SSL_library_init+:} false; then : 
     7856                { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_new in -lssl" >&5 
     7857$as_echo_n "checking for SSL_CTX_new in -lssl... " >&6; } 
     7858if ${ac_cv_lib_ssl_SSL_CTX_new+:} false; then : 
    78717859  $as_echo_n "(cached) " >&6 
    78727860else 
     
    78827870extern "C" 
    78837871#endif 
    7884 char SSL_library_init (); 
     7872char SSL_CTX_new (); 
    78857873int 
    78867874main () 
    78877875{ 
    7888 return SSL_library_init (); 
     7876return SSL_CTX_new (); 
    78897877  ; 
    78907878  return 0; 
     
    78927880_ACEOF 
    78937881if ac_fn_c_try_link "$LINENO"; then : 
    7894   ac_cv_lib_ssl_SSL_library_init=yes 
    7895 else 
    7896   ac_cv_lib_ssl_SSL_library_init=no 
     7882  ac_cv_lib_ssl_SSL_CTX_new=yes 
     7883else 
     7884  ac_cv_lib_ssl_SSL_CTX_new=no 
    78977885fi 
    78987886rm -f core conftest.err conftest.$ac_objext \ 
     
    79007888LIBS=$ac_check_lib_save_LIBS 
    79017889fi 
    7902 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_library_init" >&5 
    7903 $as_echo "$ac_cv_lib_ssl_SSL_library_init" >&6; } 
    7904 if test "x$ac_cv_lib_ssl_SSL_library_init" = xyes; then : 
     7890{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_new" >&5 
     7891$as_echo "$ac_cv_lib_ssl_SSL_CTX_new" >&6; } 
     7892if test "x$ac_cv_lib_ssl_SSL_CTX_new" = xyes; then : 
    79057893  libssl_present=1 && LIBS="-lssl $LIBS" 
    79067894fi 
     
    79117899 
    79127900                        # Check if SRTP should be compiled with OpenSSL 
    7913                         # support, to enable cryptos such as AES GCM 
    7914                         { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_aes_128_gcm in -lcrypto" >&5 
    7915 $as_echo_n "checking for EVP_aes_128_gcm in -lcrypto... " >&6; } 
    7916 if ${ac_cv_lib_crypto_EVP_aes_128_gcm+:} false; then : 
    7917   $as_echo_n "(cached) " >&6 
    7918 else 
    7919   ac_check_lib_save_LIBS=$LIBS 
    7920 LIBS="-lcrypto  $LIBS" 
    7921 cat confdefs.h - <<_ACEOF >conftest.$ac_ext 
     7901                        # support, to enable cryptos such as AES GCM. 
     7902 
     7903                        # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type. 
     7904                        # AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1]) 
     7905                        cat confdefs.h - <<_ACEOF >conftest.$ac_ext 
    79227906/* end confdefs.h.  */ 
    7923  
    7924 /* Override any GCC internal prototype to avoid an error. 
    7925    Use char because int might match the return type of a GCC 
    7926    builtin and then its argument prototype would still apply.  */ 
    7927 #ifdef __cplusplus 
    7928 extern "C" 
    7929 #endif 
    7930 char EVP_aes_128_gcm (); 
     7907#include <openssl/evp.h> 
    79317908int 
    79327909main () 
    79337910{ 
    7934 return EVP_aes_128_gcm (); 
     7911EVP_CIPHER_CTX ctx;EVP_aes_128_gcm(); 
    79357912  ; 
    79367913  return 0; 
    79377914} 
    79387915_ACEOF 
    7939 if ac_fn_c_try_link "$LINENO"; then : 
    7940   ac_cv_lib_crypto_EVP_aes_128_gcm=yes 
    7941 else 
    7942   ac_cv_lib_crypto_EVP_aes_128_gcm=no 
    7943 fi 
    7944 rm -f core conftest.err conftest.$ac_objext \ 
    7945     conftest$ac_exeext conftest.$ac_ext 
    7946 LIBS=$ac_check_lib_save_LIBS 
    7947 fi 
    7948 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_aes_128_gcm" >&5 
    7949 $as_echo "$ac_cv_lib_crypto_EVP_aes_128_gcm" >&6; } 
    7950 if test "x$ac_cv_lib_crypto_EVP_aes_128_gcm" = xyes; then : 
     7916if ac_fn_c_try_compile "$LINENO"; then : 
    79517917  ac_ssl_has_aes_gcm=1 
    79527918fi 
    7953  
     7919rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext 
    79547920                        if test "x$ac_ssl_has_aes_gcm" = "x1"; then 
    79557921                                { $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL has AES GCM support, SRTP will use OpenSSL" >&5 
  • pjproject/trunk/aconfigure.ac

    r5517 r5537  
    15561556                AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1]) 
    15571557                AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"]) 
    1558                 AC_CHECK_LIB(ssl,SSL_library_init,[libssl_present=1 && LIBS="-lssl $LIBS"]) 
     1558                AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"]) 
    15591559                if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then 
    15601560                        AC_MSG_RESULT([OpenSSL library found, SSL support enabled]) 
    15611561                         
    15621562                        # Check if SRTP should be compiled with OpenSSL 
    1563                         # support, to enable cryptos such as AES GCM 
    1564                         AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1]) 
     1563                        # support, to enable cryptos such as AES GCM. 
     1564                         
     1565                        # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type. 
     1566                        # AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1]) 
     1567                        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]], 
     1568                                                          [EVP_CIPHER_CTX ctx;EVP_aes_128_gcm();])], 
     1569                                          [ac_ssl_has_aes_gcm=1]) 
    15651570                        if test "x$ac_ssl_has_aes_gcm" = "x1"; then 
    15661571                                AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL]) 
  • pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

    r5517 r5537  
    4646 * Include OpenSSL headers  
    4747 */ 
     48#include <openssl/asn1.h> 
    4849#include <openssl/bio.h> 
    4950#include <openssl/ssl.h> 
     
    111112#endif 
    112113 
     114 
     115#if OPENSSL_VERSION_NUMBER >= 0x10100000L 
     116#  define OPENSSL_NO_SSL2           /* seems to be removed in 1.1.0 */ 
     117#  define M_ASN1_STRING_data(x)     ASN1_STRING_get0_data(x) 
     118#  define M_ASN1_STRING_length(x)   ASN1_STRING_length(x) 
     119#else 
     120#  define SSL_CIPHER_get_id(c)      (c)->id 
     121#  define SSL_set_session(ssl, s)   (ssl)->session = (s) 
     122#endif 
     123 
     124 
    113125#ifdef _MSC_VER 
    114126#  pragma comment( lib, "libeay32") 
    115127#  pragma comment( lib, "ssleay32") 
     128#  pragma comment( lib, "crypt32") 
    116129#endif 
    117130 
     
    432445            c = sk_SSL_CIPHER_value(sk_cipher,i); 
    433446            openssl_ciphers[i].id = (pj_ssl_cipher) 
    434                                     (pj_uint32_t)c->id & 0x00FFFFFF; 
     447                                    (pj_uint32_t)SSL_CIPHER_get_id(c) & 
     448                                    0x00FFFFFF; 
    435449            openssl_ciphers[i].name = SSL_CIPHER_get_name(c); 
    436450        } 
    437451        openssl_cipher_num = n; 
    438452 
    439         ssl->session = SSL_SESSION_new(); 
     453        SSL_set_session(ssl, SSL_SESSION_new()); 
    440454 
    441455#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL 
     
    10141028            c = sk_SSL_CIPHER_value(sk_cipher, j); 
    10151029            if (ssock->param.ciphers[i] == (pj_ssl_cipher) 
    1016                                            ((pj_uint32_t)c->id & 0x00FFFFFF)) 
     1030                                           ((pj_uint32_t)SSL_CIPHER_get_id(c) & 
     1031                                           0x00FFFFFF)) 
    10171032            { 
    10181033                const char *c_name; 
     
    10671082    } 
    10681083 
    1069     if( ssock->ossl_ssl->server ) { 
     1084    if( SSL_is_server(ssock->ossl_ssl) ) { 
    10701085        ret = SSL_set1_curves(ssock->ossl_ssl, curves, 
    10711086                              ssock->param.curves_num); 
     
    12261241    char buf[512]; 
    12271242    pj_uint8_t serial_no[64] = {0}; /* should be >= sizeof(ci->serial_no) */ 
    1228     pj_uint8_t *q; 
     1243    const pj_uint8_t *q; 
    12291244    unsigned len; 
    12301245    GENERAL_NAMES *names = NULL; 
     
    12361251 
    12371252    /* Get serial no */ 
    1238     q = (pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x)); 
     1253    q = (const pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x)); 
    12391254    len = M_ASN1_STRING_length(X509_get_serialNumber(x)); 
    12401255    if (len > sizeof(ci->serial_no))  
     
    26432658        /* Current cipher */ 
    26442659        cipher = SSL_get_current_cipher(ssock->ossl_ssl); 
    2645         info->cipher = (cipher->id & 0x00FFFFFF); 
     2660        info->cipher = (SSL_CIPHER_get_id(cipher) & 0x00FFFFFF); 
    26462661 
    26472662        /* Remote address */ 
Note: See TracChangeset for help on using the changeset viewer.