Changeset 5797 for pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c
- Timestamp:
- May 29, 2018 3:07:05 AM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c
r5787 r5797 54 54 #include <openssl/err.h> 55 55 #include <openssl/x509v3.h> 56 #if !defined(OPENSSL_NO_DH) 57 # include <openssl/dh.h> 58 #endif 59 56 60 #include <openssl/rand.h> 57 61 #include <openssl/opensslconf.h> 58 62 #include <openssl/opensslv.h> 59 63 60 #define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER)) 64 #if defined(LIBRESSL_VERSION_NUMBER) 65 # define USING_LIBRESSL 1 66 #else 67 # define USING_LIBRESSL 0 68 #endif 61 69 62 70 #if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \ … … 778 786 static pj_status_t create_ssl(pj_ssl_sock_t *ssock) 779 787 { 788 #if !defined(OPENSSL_NO_DH) 780 789 BIO *bio; 781 790 DH *dh; 782 791 long options; 783 #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L784 EC_KEY *ecdh;785 792 #endif 786 793 SSL_METHOD *ssl_method = NULL; … … 934 941 } 935 942 943 #if !defined(OPENSSL_NO_DH) 936 944 if (ssock->is_server) { 937 945 bio = BIO_new_file(cert->privkey_file.ptr, "r"); … … 954 962 } 955 963 } 964 #endif 956 965 } 957 966 } … … 1001 1010 } 1002 1011 1003 #if OPENSSL_VERSION_NUMBER < 0x10100000L1004 1012 #ifndef SSL_CTRL_SET_ECDH_AUTO 1005 1013 #define SSL_CTRL_SET_ECDH_AUTO 94 … … 1010 1018 PJ_LOG(4,(ssock->pool->obj_name, "SSL ECDH initialized " 1011 1019 "(automatic), faster PFS ciphers enabled")); 1012 #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L 1020 #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && \ 1021 OPENSSL_VERSION_NUMBER < 0x10100000L 1013 1022 } else { 1014 1023 /* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */ 1015 ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);1024 EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 1016 1025 if (ecdh != NULL) { 1017 1026 if (SSL_CTX_set_tmp_ecdh(ctx, ecdh)) { … … 1023 1032 #endif 1024 1033 } 1025 #else // OPENSSL_VERSION_NUMBER < 0x10100000L1026 PJ_LOG(4,(ssock->pool->obj_name, "SSL ECDH already initialized "1027 "(OpenSSL 1.1.0+), faster PFS cipher-suites enabled"));1028 #endif // OPENSSL_VERSION_NUMBER < 0x10100000L1029 1034 } else { 1030 1035 X509_STORE *pkix_validation_store = SSL_CTX_get_cert_store(ctx); … … 2711 2716 2712 2717 for (i = 0; i < openssl_curves_num; ++i) { 2713 if (!pj_ansi_stricmp(openssl_curves[i].name, curve_name)) 2718 if (openssl_curves[i].name && 2719 !pj_ansi_stricmp(openssl_curves[i].name, curve_name)) 2720 { 2714 2721 return openssl_curves[i].id; 2722 } 2715 2723 } 2716 2724
Note: See TracChangeset
for help on using the changeset viewer.