diff options
author | Mark Duncan <mark@syon.co.jp> | 2015-07-28 19:33:39 +0900 |
---|---|---|
committer | Matt Jordan <mjordan@digium.com> | 2015-08-03 09:58:02 -0500 |
commit | aed068844c1c9748da9c67b74ea4d90622be8f46 (patch) | |
tree | 96c90bc89a571a6cec4ffdce7480d70752b46eb6 /configure | |
parent | 20ee33e22e3724c35ab3078c5032b87af5b4920c (diff) |
res/res_rtp_asterisk: Add ECDH support
This will add ECDH support to Asterisk. It will
detect auto ECDH support in OpenSSL
(1.0.2b and above) during ./configure. If this is
available, it will use it,
otherwise it will fall back to prime256v1 (this
behavior is consistent with
other projects such as Apache and nginx).
This fixes WebRTC being broken in Firefox 38+ due
to Firefox now only supporting
ciphers with perfect forward secrecy.
ASTERISK-25265 #close
Change-Id: I8c13b33a2a79c0bde2e69e4ba6afa5ab9351465b
Diffstat (limited to 'configure')
-rwxr-xr-x | configure | 63 |
1 files changed, 63 insertions, 0 deletions
@@ -1089,6 +1089,10 @@ PBX_DAHDI DAHDI_DIR DAHDI_INCLUDE DAHDI_LIB +PBX_OPENSSL_ECDH_AUTO +OPENSSL_ECDH_AUTO_DIR +OPENSSL_ECDH_AUTO_INCLUDE +OPENSSL_ECDH_AUTO_LIB PBX_OPENSSL_EC OPENSSL_EC_DIR OPENSSL_EC_INCLUDE @@ -8696,6 +8700,18 @@ PBX_OPENSSL_EC=0 +OPENSSL_ECDH_AUTO_DESCRIP="OpenSSL Auto ECDH Support" +OPENSSL_ECDH_AUTO_OPTION=crypto +OPENSSL_ECDH_AUTO_DIR=${CRYPTO_DIR} + +PBX_OPENSSL_ECDH_AUTO=0 + + + + + + + DAHDI_DESCRIP="DAHDI" DAHDI_OPTION="dahdi" PBX_DAHDI=0 @@ -30266,6 +30282,53 @@ fi fi +if test "$PBX_OPENSSL" = "1"; +then + + if test "x${PBX_OPENSSL_ECDH_AUTO}" != "x1" -a "${USE_OPENSSL_ECDH_AUTO}" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_ecdh_auto declared in openssl/ssl.h" >&5 +$as_echo_n "checking for SSL_CTX_set_ecdh_auto declared in openssl/ssl.h... " >&6; } + saved_cppflags="${CPPFLAGS}" + if test "x${OPENSSL_ECDH_AUTO_DIR}" != "x"; then + OPENSSL_ECDH_AUTO_INCLUDE="-I${OPENSSL_ECDH_AUTO_DIR}/include" + fi + CPPFLAGS="${CPPFLAGS} ${OPENSSL_ECDH_AUTO_INCLUDE}" + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include <openssl/ssl.h> +int +main () +{ +#if !defined(SSL_CTX_set_ecdh_auto) + (void) SSL_CTX_set_ecdh_auto; + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + PBX_OPENSSL_ECDH_AUTO=1 + +$as_echo "#define HAVE_OPENSSL_ECDH_AUTO 1" >>confdefs.h + + + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + CPPFLAGS="${saved_cppflags}" + fi + +fi + if test "x${PBX_SRTP}" != "x1" -a "${USE_SRTP}" != "no"; then pbxlibdir="" |