Changeset 5797


Ignore:
Timestamp:
May 29, 2018 3:07:05 AM (6 years ago)
Author:
riza
Message:

Re #2059 (misc):

  • Fix warning when using LibreSSL.
  • Fix error build when using OpenSSL with './config no-dh' option.
  • Fix error build when using OpenSSL with './config no-deprecated' option.
  • Modification to r5787.

Thanks to Alexander Traud for the patch.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

    r5787 r5797  
    5454#include <openssl/err.h> 
    5555#include <openssl/x509v3.h> 
     56#if !defined(OPENSSL_NO_DH) 
     57#   include <openssl/dh.h> 
     58#endif 
     59 
    5660#include <openssl/rand.h> 
    5761#include <openssl/opensslconf.h> 
    5862#include <openssl/opensslv.h> 
    5963 
    60 #define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER)) 
     64#if defined(LIBRESSL_VERSION_NUMBER) 
     65#       define USING_LIBRESSL 1 
     66#else 
     67#       define USING_LIBRESSL 0 
     68#endif 
    6169 
    6270#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \ 
     
    778786static pj_status_t create_ssl(pj_ssl_sock_t *ssock) 
    779787{ 
     788#if !defined(OPENSSL_NO_DH) 
    780789    BIO *bio; 
    781790    DH *dh; 
    782791    long options; 
    783 #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L 
    784     EC_KEY *ecdh; 
    785792#endif 
    786793    SSL_METHOD *ssl_method = NULL; 
     
    934941            } 
    935942 
     943#if !defined(OPENSSL_NO_DH) 
    936944            if (ssock->is_server) { 
    937945                bio = BIO_new_file(cert->privkey_file.ptr, "r"); 
     
    954962                } 
    955963            } 
     964#endif 
    956965        } 
    957966    } 
     
    10011010        } 
    10021011 
    1003 #if OPENSSL_VERSION_NUMBER < 0x10100000L 
    10041012    #ifndef SSL_CTRL_SET_ECDH_AUTO 
    10051013        #define SSL_CTRL_SET_ECDH_AUTO 94 
     
    10101018            PJ_LOG(4,(ssock->pool->obj_name, "SSL ECDH initialized " 
    10111019                      "(automatic), faster PFS ciphers enabled")); 
    1012     #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L 
     1020    #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && \ 
     1021        OPENSSL_VERSION_NUMBER < 0x10100000L 
    10131022        } else { 
    10141023            /* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */ 
    1015             ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 
     1024            EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 
    10161025            if (ecdh != NULL) { 
    10171026                if (SSL_CTX_set_tmp_ecdh(ctx, ecdh)) { 
     
    10231032    #endif 
    10241033        } 
    1025 #else // OPENSSL_VERSION_NUMBER < 0x10100000L 
    1026     PJ_LOG(4,(ssock->pool->obj_name, "SSL ECDH already initialized " 
    1027               "(OpenSSL 1.1.0+), faster PFS cipher-suites enabled")); 
    1028 #endif // OPENSSL_VERSION_NUMBER < 0x10100000L 
    10291034    } else { 
    10301035        X509_STORE *pkix_validation_store = SSL_CTX_get_cert_store(ctx); 
     
    27112716 
    27122717    for (i = 0; i < openssl_curves_num; ++i) { 
    2713         if (!pj_ansi_stricmp(openssl_curves[i].name, curve_name)) 
     2718        if (openssl_curves[i].name && 
     2719                !pj_ansi_stricmp(openssl_curves[i].name, curve_name)) 
     2720        { 
    27142721            return openssl_curves[i].id; 
     2722        } 
    27152723    } 
    27162724 
Note: See TracChangeset for help on using the changeset viewer.