res/res_rtp_asterisk: Add ECDH support

This will add ECDH support to Asterisk. It will detect auto ECDH support in OpenSSL (1.0.2b and above) during ./configure. If this is available, it will use it, otherwise it will fall back to prime256v1 (this behavior is consistent with other projects such as Apache and nginx). This fixes WebRTC being broken in Firefox 38+ due to Firefox now only supporting ciphers with perfect forward secrecy. ASTERISK-25265 #close Change-Id: I8c13b33a2a79c0bde2e69e4ba6afa5ab9351465b
author: Mark Duncan <mark@syon.co.jp> 2015-07-28 19:33:39 +0900
committer: Mark Duncan <mark@syon.co.jp> 2015-07-29 11:24:49 +0900
commit: 1d081ec9707159287b1a4a0bb52a78a81663ad32 (patch)
tree: 4d5b105c666ed2158feeef8b257f62a728398218 /configure
parent: 309dd2a4090ccdd1ea31d8d5415a645daddd3883 (diff)
1 files changed, 63 insertions, 0 deletions
diff --git a/configure b/configure
index 731b2f7a9..25bfc5869 100755
--- a/configure
+++ b/configure
@@ -1097,6 +1097,10 @@ PBX_DAHDI
 DAHDI_DIR
 DAHDI_INCLUDE
 DAHDI_LIB
+PBX_OPENSSL_ECDH_AUTO
+OPENSSL_ECDH_AUTO_DIR
+OPENSSL_ECDH_AUTO_INCLUDE
+OPENSSL_ECDH_AUTO_LIB
 PBX_OPENSSL_EC
 OPENSSL_EC_DIR
 OPENSSL_EC_INCLUDE
@@ -8706,6 +8710,18 @@ PBX_OPENSSL_EC=0
 
 
 
+OPENSSL_ECDH_AUTO_DESCRIP="OpenSSL Auto ECDH Support"
+OPENSSL_ECDH_AUTO_OPTION=crypto
+OPENSSL_ECDH_AUTO_DIR=${CRYPTO_DIR}
+
+PBX_OPENSSL_ECDH_AUTO=0
+
+
+
+
+
+
+
     DAHDI_DESCRIP="DAHDI"
     DAHDI_OPTION="dahdi"
     PBX_DAHDI=0
@@ -30529,6 +30545,53 @@ fi
 
 fi
 
+if test "$PBX_OPENSSL" = "1";
+then
+
+    if test "x${PBX_OPENSSL_ECDH_AUTO}" != "x1" -a "${USE_OPENSSL_ECDH_AUTO}" != "no"; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_ecdh_auto declared in openssl/ssl.h" >&5
+$as_echo_n "checking for SSL_CTX_set_ecdh_auto declared in openssl/ssl.h... " >&6; }
+        saved_cppflags="${CPPFLAGS}"
+        if test "x${OPENSSL_ECDH_AUTO_DIR}" != "x"; then
+            OPENSSL_ECDH_AUTO_INCLUDE="-I${OPENSSL_ECDH_AUTO_DIR}/include"
+        fi
+        CPPFLAGS="${CPPFLAGS} ${OPENSSL_ECDH_AUTO_INCLUDE}"
+
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+ #include <openssl/ssl.h>
+int
+main ()
+{
+#if !defined(SSL_CTX_set_ecdh_auto)
+                                    (void) SSL_CTX_set_ecdh_auto;
+                                #endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+     { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+                PBX_OPENSSL_ECDH_AUTO=1
+
+$as_echo "#define HAVE_OPENSSL_ECDH_AUTO 1" >>confdefs.h
+
+
+
+else
+     { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+        CPPFLAGS="${saved_cppflags}"
+    fi
+
+fi
+
 
 if test "x${PBX_SRTP}" != "x1" -a "${USE_SRTP}" != "no"; then
    pbxlibdir=""
author	Mark Duncan <mark@syon.co.jp>	2015-07-28 19:33:39 +0900
committer	Mark Duncan <mark@syon.co.jp>	2015-07-29 11:24:49 +0900
commit	1d081ec9707159287b1a4a0bb52a78a81663ad32 (patch)
tree	4d5b105c666ed2158feeef8b257f62a728398218 /configure
parent	309dd2a4090ccdd1ea31d8d5415a645daddd3883 (diff)