#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
-#include <openssl/ssl.h>
#include <openssl/x509v3.h>
#include <vector>
#include "talk/base/common.h"
#include "talk/base/logging.h"
#include "talk/base/stream.h"
+#include "talk/base/openssl.h"
#include "talk/base/openssladapter.h"
#include "talk/base/openssldigest.h"
#include "talk/base/opensslidentity.h"
namespace talk_base {
-#if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
-#define HAVE_DTLS_SRTP
-#endif
-
-#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
-#define HAVE_DTLS
-#endif
-
-#ifdef HAVE_DTLS_SRTP
// SRTP cipher suite table
struct SrtpCipherMapEntry {
const char* external_name;
{"AES_CM_128_HMAC_SHA1_32", "SRTP_AES128_CM_SHA1_32"},
{NULL, NULL}
};
-#endif
//////////////////////////////////////////////////////////////////////
// StreamBIO
bool use_context,
uint8* result,
size_t result_len) {
-#ifdef HAVE_DTLS_SRTP
int i;
i = SSL_export_keying_material(ssl_, result, result_len,
return false;
return true;
-#else
- return false;
-#endif
}
bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers(
if (state_ != SSL_NONE)
return false;
-#ifdef HAVE_DTLS_SRTP
for (std::vector<std::string>::const_iterator cipher = ciphers.begin();
cipher != ciphers.end(); ++cipher) {
bool found = false;
srtp_ciphers_ = internal_ciphers;
return true;
-#else
- return false;
-#endif
}
bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) {
-#ifdef HAVE_DTLS_SRTP
ASSERT(state_ == SSL_CONNECTED);
if (state_ != SSL_CONNECTED)
return false;
ASSERT(false); // This should never happen
return false;
-#else
- return false;
-#endif
}
int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) {
case SSL_ERROR_WANT_READ: {
LOG(LS_VERBOSE) << " -- error want read";
-#ifdef HAVE_DTLS
struct timeval timeout;
if (DTLSv1_get_timeout(ssl_, &timeout)) {
int delay = timeout.tv_sec * 1000 + timeout.tv_usec/1000;
Thread::Current()->PostDelayed(delay, this, MSG_TIMEOUT, 0);
}
-#endif
}
break;
// Process our own messages and then pass others to the superclass
if (MSG_TIMEOUT == msg->message_id) {
LOG(LS_INFO) << "DTLS timeout expired";
-#ifdef HAVE_DTLS
DTLSv1_handle_timeout(ssl_);
-#endif
ContinueSSL();
} else {
StreamInterface::OnMessage(msg);
SSL_CTX *ctx = NULL;
if (role_ == SSL_CLIENT) {
-#ifdef HAVE_DTLS
ctx = SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ?
DTLSv1_client_method() : TLSv1_client_method());
-#else
- ctx = SSL_CTX_new(TLSv1_client_method());
-#endif
} else {
-#ifdef HAVE_DTLS
ctx = SSL_CTX_new(ssl_mode_ == SSL_MODE_DTLS ?
DTLSv1_server_method() : TLSv1_server_method());
-#else
- ctx = SSL_CTX_new(TLSv1_server_method());
-#endif
}
if (ctx == NULL)
return NULL;
SSL_CTX_set_verify_depth(ctx, 4);
SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
-#ifdef HAVE_DTLS_SRTP
if (!srtp_ciphers_.empty()) {
if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {
SSL_CTX_free(ctx);
return NULL;
}
}
-#endif
return ctx;
}
}
bool OpenSSLStreamAdapter::HaveDtls() {
-#ifdef HAVE_DTLS
return true;
-#else
- return false;
-#endif
}
bool OpenSSLStreamAdapter::HaveDtlsSrtp() {
-#ifdef HAVE_DTLS_SRTP
return true;
-#else
- return false;
-#endif
}
bool OpenSSLStreamAdapter::HaveExporter() {
-#ifdef HAVE_DTLS_SRTP
return true;
-#else
- return false;
-#endif
}
} // namespace talk_base