res_rtp_asterisk: Allow OpenSSL configured with no-deprecated.

Furthermore, allow OpenSSL configured with no-dh. Additionally, this change allows auto-negotiation of the elliptic curve/group for servers, not only with OpenSSL 1.0.2 but also with OpenSSL 1.1.0 and newer. This enables X25519 (since OpenSSL 1.1.0) and X448 (since OpenSSL 1.1.1) as a side-effect. ASTERISK-27910 Change-Id: I5b0dd47c5194ee17f830f869d629d7ef212cf537
2025-09-03 19:28:53 +00:00 · 2018-06-08 22:09:00 +02:00
parent 1205bcb69f
commit ef2386fcd7
4 changed files with 10 additions and 130 deletions
--- a/116
+++ b/116
@@ -1118,10 +1118,6 @@ PBX_DAHDI
 DAHDI_DIR
 DAHDI_INCLUDE
 DAHDI_LIB
-PBX_OPENSSL_EC
-OPENSSL_EC_DIR
-OPENSSL_EC_INCLUDE
-OPENSSL_EC_LIB
 PBX_OPENSSL_SRTP
 OPENSSL_SRTP_DIR
 OPENSSL_SRTP_INCLUDE
@@ -9596,18 +9592,6 @@ PBX_OPENSSL_SRTP=0



-OPENSSL_EC_DESCRIP="OpenSSL Elliptic Curve Support"
-OPENSSL_EC_OPTION=crypto
-OPENSSL_EC_DIR=${CRYPTO_DIR}
-
-PBX_OPENSSL_EC=0
-
-
-
-
-
-
-
    DAHDI_DESCRIP="DAHDI"
    DAHDI_OPTION="dahdi"
    PBX_DAHDI=0
@@ -30582,106 +30566,6 @@ _ACEOF
 fi


-fi
-
-if test "$PBX_OPENSSL" = "1";
-then
-
-if test "x${PBX_OPENSSL_EC}" != "x1" -a "${USE_OPENSSL_EC}" != "no"; then
-   pbxlibdir=""
-   # if --with-OPENSSL_EC=DIR has been specified, use it.
-   if test "x${OPENSSL_EC_DIR}" != "x"; then
-      if test -d ${OPENSSL_EC_DIR}/lib; then
-         pbxlibdir="-L${OPENSSL_EC_DIR}/lib"
-      else
-         pbxlibdir="-L${OPENSSL_EC_DIR}"
-      fi
-   fi
-
-      ast_ext_lib_check_save_CFLAGS="${CFLAGS}"
-      CFLAGS="${CFLAGS} "
-      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EC_KEY_new_by_curve_name in -lssl" >&5
-$as_echo_n "checking for EC_KEY_new_by_curve_name in -lssl... " >&6; }
-if ${ac_cv_lib_ssl_EC_KEY_new_by_curve_name+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl ${pbxlibdir} -lcrypto $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char EC_KEY_new_by_curve_name ();
-int
-main ()
-{
-return EC_KEY_new_by_curve_name ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_ssl_EC_KEY_new_by_curve_name=yes
-else
-  ac_cv_lib_ssl_EC_KEY_new_by_curve_name=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_EC_KEY_new_by_curve_name" >&5
-$as_echo "$ac_cv_lib_ssl_EC_KEY_new_by_curve_name" >&6; }
-if test "x$ac_cv_lib_ssl_EC_KEY_new_by_curve_name" = xyes; then :
-  AST_OPENSSL_EC_FOUND=yes
-else
-  AST_OPENSSL_EC_FOUND=no
-fi
-
-      CFLAGS="${ast_ext_lib_check_save_CFLAGS}"
-
-
-   # now check for the header.
-   if test "${AST_OPENSSL_EC_FOUND}" = "yes"; then
-      OPENSSL_EC_LIB="${pbxlibdir} -lssl -lcrypto"
-      # if --with-OPENSSL_EC=DIR has been specified, use it.
-      if test "x${OPENSSL_EC_DIR}" != "x"; then
-         OPENSSL_EC_INCLUDE="-I${OPENSSL_EC_DIR}/include"
-      fi
-      OPENSSL_EC_INCLUDE="${OPENSSL_EC_INCLUDE} "
-
-         # check for the header
-         ast_ext_lib_check_saved_CPPFLAGS="${CPPFLAGS}"
-         CPPFLAGS="${CPPFLAGS} ${OPENSSL_EC_INCLUDE}"
-         ac_fn_c_check_header_mongrel "$LINENO" "openssl/ec.h" "ac_cv_header_openssl_ec_h" "$ac_includes_default"
-if test "x$ac_cv_header_openssl_ec_h" = xyes; then :
-  OPENSSL_EC_HEADER_FOUND=1
-else
-  OPENSSL_EC_HEADER_FOUND=0
-fi
-
-
-         CPPFLAGS="${ast_ext_lib_check_saved_CPPFLAGS}"
-
-      if test "x${OPENSSL_EC_HEADER_FOUND}" = "x0" ; then
-         OPENSSL_EC_LIB=""
-         OPENSSL_EC_INCLUDE=""
-      else
-
-         PBX_OPENSSL_EC=1
-         cat >>confdefs.h <<_ACEOF
-#define HAVE_OPENSSL_EC 1
-_ACEOF
-
-      fi
-   fi
-fi
-
-
 fi