diff --git a/src/apps/common/apputils.c b/src/apps/common/apputils.c index 0a0c9ee..aa4a4f3 100644 --- a/src/apps/common/apputils.c +++ b/src/apps/common/apputils.c @@ -349,7 +349,7 @@ int set_socket_df(evutil_socket_t fd, int family, int value) static int get_mtu_from_ssl(SSL* ssl) { int ret = SOSO_MTU; -#if !defined(TURN_NO_DTLS) +#if DTLSv1_SUPPORTED if(ssl) ret = BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); #else @@ -395,7 +395,7 @@ int decrease_mtu(SSL* ssl, int mtu, int verbose) if (verbose) TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "1. mtu to use: %d\n", mtu); -#if !defined(TURN_NO_DTLS) +#if DTLSv1_SUPPORTED SSL_set_mtu(ssl,mtu); BIO_ctrl(SSL_get_wbio(ssl), BIO_CTRL_DGRAM_SET_MTU, mtu, NULL); #endif @@ -416,7 +416,7 @@ int set_mtu_df(SSL* ssl, evutil_socket_t fd, int family, int mtu, int df_value, set_query_mtu(ssl); if(verbose) TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"3. mtu to use: %d\n",mtu); -#if !defined(TURN_NO_DTLS) +#if DTLSv1_SUPPORTED SSL_set_mtu(ssl,mtu); @@ -847,25 +847,26 @@ static const char* turn_get_method(const SSL_METHOD *method, const char* mdefaul return "TLSv1.0"; } else if(method == TLSv1_client_method()) { return "TLSv1.0"; -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED } else if(method == TLSv1_1_server_method()) { return "TLSv1.1"; } else if(method == TLSv1_1_client_method()) { return "TLSv1.1"; -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED } else if(method == TLSv1_2_server_method()) { return "TLSv1.2"; } else if(method == TLSv1_2_client_method()) { return "TLSv1.2"; #endif #endif -#if !defined(TURN_NO_DTLS) +#if DTLSv1_SUPPORTED + } else if(method == DTLSv1_server_method()) { return "DTLSv1.0"; } else if(method == DTLSv1_client_method()) { return "DTLSv1.0"; -#if defined(SSL_OP_NO_DTLSv1_2) +#if DTLSv1_2_SUPPORTED } else if(method == DTLSv1_2_server_method()) { return "DTLSv1.2"; } else if(method == DTLSv1_2_client_method()) { diff --git a/src/apps/common/apputils.h b/src/apps/common/apputils.h index 0868d6e..37d2400 100644 --- a/src/apps/common/apputils.h +++ b/src/apps/common/apputils.h @@ -53,15 +53,64 @@ extern "C" { extern int IS_TURN_SERVER; +/* ALPN */ + +#define OPENSSL_FIRST_ALPN_VERSION (0x10002003L) + +#define STUN_ALPN "stun.nat-discovery" +#define TURN_ALPN "stun.turn" +#define HTTP_ALPN "http/1.1" + +#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION +#define ALPN_SUPPORTED 1 +#else +#define ALPN_SUPPORTED 0 +#endif + +/* TLS */ + +#if defined(TURN_NO_TLS) +#define TLS_SUPPORTED 0 +#define TLSv1_1_SUPPORTED 0 +#define TLSv1_2_SUPPORTED 0 +#else +#define TLS_SUPPORTED 1 +#if defined(SSL_TXT_TLSV1_1) +#define TLSv1_1_SUPPORTED 1 +#else +#define TLSv1_1_SUPPORTED 0 +#endif + +#if defined(SSL_TXT_TLSV1_2) +#define TLSv1_2_SUPPORTED 1 +#else +#define TLSv1_2_SUPPORTED 0 +#endif +#endif + +#define OPENSSL_FIRST_DTLSv1_2_VERSION (0x10002003L) + +#if defined(TURN_NO_DTLS) +#define DTLSv1_SUPPORTED 0 +#define DTLSv1_2_SUPPORTED 0 +#else +#define DTLSv1_SUPPORTED 1 +#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_DTLSv1_2_VERSION +#define DTLSv1_2_SUPPORTED 1 +#else +#define DTLSv1_2_SUPPORTED 0 +#endif +#endif + /////////// SSL ////////////////////////// enum _TURN_TLS_TYPE { TURN_TLS_NO=0, TURN_TLS_SSL23, TURN_TLS_v1_0, -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED TURN_TLS_v1_1, -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED TURN_TLS_v1_2, #endif #endif diff --git a/src/apps/relay/dtls_listener.c b/src/apps/relay/dtls_listener.c index 2f02224..f45e4bb 100644 --- a/src/apps/relay/dtls_listener.c +++ b/src/apps/relay/dtls_listener.c @@ -58,9 +58,11 @@ struct dtls_listener_relay_server_info { ioa_engine_handle e; turn_turnserver *ts; int verbose; +#if DTLSv1_SUPPORTED SSL_CTX *dtls_ctx; -#if defined(SSL_OP_NO_DTLSv1_2) +#if DTLSv1_2_SUPPORTED SSL_CTX *dtls_ctx_v1_2; +#endif #endif struct event *udp_listen_ev; ioa_socket_handle udp_listen_s; @@ -126,7 +128,7 @@ int get_dtls_version(const unsigned char* buf, int len) { ///////////// utils ///////////////////// -#if !defined(TURN_NO_DTLS) +#if DTLSv1_SUPPORTED static void calculate_cookie(SSL* ssl, unsigned char *cookie_secret, unsigned int cookie_length) { long rv=(long)ssl; @@ -277,7 +279,7 @@ static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_ty timeout.tv_usec = 0; BIO_ctrl(wbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); -#if defined(SSL_OP_NO_DTLSv1_2) +#if DTLSv1_2_SUPPORTED if(get_dtls_version(ioa_network_buffer_data(nbh), (int)ioa_network_buffer_get_size(nbh)) == 1) { connecting_ssl = SSL_NEW(server->dtls_ctx_v1_2); @@ -426,7 +428,7 @@ static int handle_udp_packet(dtls_listener_relay_server_type *server, chs = NULL; -#if !defined(TURN_NO_DTLS) +#if DTLSv1_SUPPORTED if (!turn_params.no_dtls && is_dtls_handshake_message(ioa_network_buffer_data(sm->m.sm.nd.nbh), (int)ioa_network_buffer_get_size(sm->m.sm.nd.nbh))) { @@ -535,7 +537,7 @@ static int create_new_connected_udp_socket( ret->current_tos = s->current_tos; ret->default_tos = s->default_tos; -#if !defined(TURN_NO_DTLS) +#if DTLSv1_SUPPORTED if (!turn_params.no_dtls && is_dtls_handshake_message( ioa_network_buffer_data(server->sm.m.sm.nd.nbh), @@ -558,7 +560,7 @@ static int create_new_connected_udp_socket( timeout.tv_usec = 0; BIO_ctrl(wbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); -#if defined(SSL_OP_NO_DTLSv1_2) +#if DTLSv1_2_SUPPORTED if(get_dtls_version(ioa_network_buffer_data(server->sm.m.sm.nd.nbh), (int)ioa_network_buffer_get_size(server->sm.m.sm.nd.nbh)) == 1) { connecting_ssl = SSL_NEW(server->dtls_ctx_v1_2); @@ -897,7 +899,7 @@ static int init_server(dtls_listener_relay_server_type* server, if(!server) return -1; server->dtls_ctx = e->dtls_ctx; -#if defined(SSL_OP_NO_DTLSv1_2) +#if DTLSv1_2_SUPPORTED server->dtls_ctx_v1_2 = e->dtls_ctx_v1_2; #endif server->ts = ts; @@ -925,13 +927,13 @@ static int init_server(dtls_listener_relay_server_type* server, SSL_CTX_set_read_ahead(server->dtls_ctx, 1); -#if !defined(TURN_NO_DTLS) +#if DTLSv1_SUPPORTED SSL_CTX_set_cookie_generate_cb(server->dtls_ctx, generate_cookie); SSL_CTX_set_cookie_verify_cb(server->dtls_ctx, verify_cookie); #endif } -#if defined(SSL_OP_NO_DTLSv1_2) +#if DTLSv1_2_SUPPORTED if(server->dtls_ctx_v1_2) { #if defined(REQUEST_CLIENT_CERT) @@ -941,7 +943,7 @@ static int init_server(dtls_listener_relay_server_type* server, SSL_CTX_set_read_ahead(server->dtls_ctx_v1_2, 1); - #if !defined(TURN_NO_DTLS) + #if DTLSv1_SUPPORTED SSL_CTX_set_cookie_generate_cb(server->dtls_ctx_v1_2, generate_cookie); SSL_CTX_set_cookie_verify_cb(server->dtls_ctx_v1_2, verify_cookie); #endif diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index bc4ff64..ac95e8e 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -66,27 +66,29 @@ static int anon_credentials = 0; turn_params_t turn_params = { NULL, NULL, -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED NULL, -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED NULL, #endif #endif +#if DTLSv1_SUPPORTED NULL, -#if defined(SSL_OP_NO_DTLSv1_2) +#endif +#if DTLSv1_2_SUPPORTED NULL, #endif DH_1066, "", DEFAULT_EC_CURVE_NAME, "", "turn_server_cert.pem","turn_server_pkey.pem", "", "", 0,0,0,0,0, -#if defined(TURN_NO_TLS) +#if !TLS_SUPPORTED 1, #else 0, #endif -#if defined(TURN_NO_DTLS) +#if !DTLSv1_SUPPORTED 1, #else 0, @@ -1219,14 +1221,14 @@ static void set_option(int c, char *value) turn_params.no_tcp_relay = get_bool_value(value); break; case NO_TLS_OPT: -#if defined(TURN_NO_TLS) +#if !TLS_SUPPORTED turn_params.no_tls = 1; #else turn_params.no_tls = get_bool_value(value); #endif break; case NO_DTLS_OPT: -#if !defined(TURN_NO_DTLS) +#if DTLSv1_SUPPORTED turn_params.no_dtls = get_bool_value(value); #else turn_params.no_dtls = 1; @@ -1610,13 +1612,13 @@ static void print_features(unsigned long mfn) TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "\n\n==== Show him the instruments, Practical Frost: ====\n\n"); -#if defined(TURN_NO_TLS) +#if !TLS_SUPPORTED TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS is not supported\n"); #else TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "TLS supported\n"); #endif -#if defined(TURN_NO_DTLS) +#if !DTLSv1_SUPPORTED TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS is not supported\n"); #else TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS supported\n"); @@ -1796,11 +1798,11 @@ int main(int argc, char **argv) optind = 0; -#if defined(TURN_NO_TLS) +#if !TLS_SUPPORTED turn_params.no_tls = 1; #endif -#if defined(TURN_NO_DTLS) +#if !DTLSv1_SUPPORTED turn_params.no_dtls = 1; #endif @@ -2339,7 +2341,7 @@ static int pem_password_func(char *buf, int size, int rwflag, void *password) return (strlen(buf)); } -#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION +#if ALPN_SUPPORTED static int ServerALPNCallback(SSL *s, const unsigned char **out, @@ -2388,7 +2390,7 @@ static int ServerALPNCallback(SSL *s, static void set_ctx(SSL_CTX* ctx, const char *protocol) { -#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION +#if ALPN_SUPPORTED SSL_CTX_set_alpn_select_cb(ctx, ServerALPNCallback, NULL); #endif @@ -2528,12 +2530,12 @@ static void set_ctx(SSL_CTX* ctx, const char *protocol) op |= SSL_OP_NO_TLSv1_2; #endif -#if defined(SSL_OP_NO_DTLSv1) +#if defined(SSL_OP_NO_DTLSv1) && DTLSv1_SUPPORTED if(turn_params.no_tlsv1) op |= SSL_OP_NO_DTLSv1; #endif -#if defined(SSL_OP_NO_DTLSv1_2) +#if defined(SSL_OP_NO_DTLSv1_2) && DTLSv1_2_SUPPORTED if(turn_params.no_tlsv1_2) op |= SSL_OP_NO_DTLSv1_2; #endif @@ -2560,7 +2562,7 @@ static void openssl_setup(void) SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); -#if defined(TURN_NO_TLS) +#if !TLS_SUPPORTED if(!turn_params.no_tls) { TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "WARNING: TLS is not supported\n"); turn_params.no_tls = 1; @@ -2590,12 +2592,12 @@ static void openssl_setup(void) turn_params.tls_ctx_v1_0 = SSL_CTX_new(TLSv1_server_method()); set_ctx(turn_params.tls_ctx_v1_0,"TLS1.0"); } -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED if(!turn_params.no_tlsv1_1) { turn_params.tls_ctx_v1_1 = SSL_CTX_new(TLSv1_1_server_method()); set_ctx(turn_params.tls_ctx_v1_1,"TLS1.1"); } -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED if(!turn_params.no_tlsv1_2) { turn_params.tls_ctx_v1_2 = SSL_CTX_new(TLSv1_2_server_method()); set_ctx(turn_params.tls_ctx_v1_2,"TLS1.2"); @@ -2606,7 +2608,7 @@ static void openssl_setup(void) } if(!turn_params.no_dtls) { -#if defined(TURN_NO_DTLS) +#if !DTLSv1_SUPPORTED TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "ERROR: DTLS is not supported.\n"); #else if(OPENSSL_VERSION_NUMBER < 0x10000000L) { @@ -2616,7 +2618,7 @@ static void openssl_setup(void) set_ctx(turn_params.dtls_ctx,"DTLS"); SSL_CTX_set_read_ahead(turn_params.dtls_ctx, 1); -#if defined(SSL_OP_NO_DTLSv1_2) +#if DTLSv1_2_SUPPORTED turn_params.dtls_ctx_v1_2 = SSL_CTX_new(DTLSv1_2_server_method()); set_ctx(turn_params.dtls_ctx_v1_2,"DTLS1,2"); SSL_CTX_set_read_ahead(turn_params.dtls_ctx_v1_2, 1); diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index 06fbee7..edf4e82 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -180,15 +180,17 @@ typedef struct _turn_params_ { SSL_CTX *tls_ctx_v1_0; -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED SSL_CTX *tls_ctx_v1_1; -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED SSL_CTX *tls_ctx_v1_2; #endif #endif +#if DTLSv1_SUPPORTED SSL_CTX *dtls_ctx; -#if defined(SSL_OP_NO_DTLSv1_2) +#endif +#if DTLSv1_2_SUPPORTED SSL_CTX *dtls_ctx_v1_2; #endif diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c index ca7073d..0288037 100644 --- a/src/apps/relay/netengine.c +++ b/src/apps/relay/netengine.c @@ -941,14 +941,16 @@ static ioa_engine_handle create_new_listener_engine(void) #endif ); set_ssl_ctx(e, turn_params.tls_ctx_ssl23, turn_params.tls_ctx_v1_0, -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED turn_params.tls_ctx_v1_1, -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED turn_params.tls_ctx_v1_2, #endif #endif +#if DTLSv1_SUPPORTED turn_params.dtls_ctx -#if defined(SSL_OP_NO_DTLSv1_2) +#endif +#if DTLSv1_2_SUPPORTED ,turn_params.dtls_ctx_v1_2 #endif ); @@ -995,14 +997,16 @@ static void setup_listener(void) exit(-1); set_ssl_ctx(turn_params.listener.ioa_eng, turn_params.tls_ctx_ssl23, turn_params.tls_ctx_v1_0, -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED turn_params.tls_ctx_v1_1, -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED turn_params.tls_ctx_v1_2, #endif #endif +#if DTLSv1_SUPPORTED turn_params.dtls_ctx -#if defined(SSL_OP_NO_DTLSv1_2) +#endif +#if DTLSv1_2_SUPPORTED ,turn_params.dtls_ctx_v1_2 #endif ); @@ -1567,14 +1571,16 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int #endif ); set_ssl_ctx(rs->ioa_eng, turn_params.tls_ctx_ssl23, turn_params.tls_ctx_v1_0, -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED turn_params.tls_ctx_v1_1, -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED turn_params.tls_ctx_v1_2, #endif #endif +#if DTLSv1_SUPPORTED turn_params.dtls_ctx -#if defined(SSL_OP_NO_DTLSv1_2) +#endif +#if DTLSv1_2_SUPPORTED ,turn_params.dtls_ctx_v1_2 #endif ); diff --git a/src/apps/relay/ns_ioalib_engine_impl.c b/src/apps/relay/ns_ioalib_engine_impl.c index 1ae54d0..5fcc8b8 100644 --- a/src/apps/relay/ns_ioalib_engine_impl.c +++ b/src/apps/relay/ns_ioalib_engine_impl.c @@ -38,7 +38,7 @@ #include "ns_ioalib_impl.h" -#if !defined(TURN_NO_TLS) +#if TLS_SUPPORTED #include #endif @@ -434,28 +434,32 @@ ioa_engine_handle create_ioa_engine(super_memory_t *sm, void set_ssl_ctx(ioa_engine_handle e, SSL_CTX *tls_ctx_ssl23, SSL_CTX *tls_ctx_v1_0, -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED SSL_CTX *tls_ctx_v1_1, -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED SSL_CTX *tls_ctx_v1_2, #endif #endif +#if DTLSv1_SUPPORTED SSL_CTX *dtls_ctx -#if defined(SSL_OP_NO_DTLSv1_2) +#endif +#if DTLSv1_2_SUPPORTED ,SSL_CTX *dtls_ctx_v1_2 #endif ) { e->tls_ctx_ssl23 = tls_ctx_ssl23; e->tls_ctx_v1_0 = tls_ctx_v1_0; -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED e->tls_ctx_v1_1 = tls_ctx_v1_1; -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED e->tls_ctx_v1_2 = tls_ctx_v1_2; #endif #endif +#if DTLSv1_SUPPORTED e->dtls_ctx = dtls_ctx; -#if defined(SSL_OP_NO_DTLSv1_2) +#endif +#if DTLSv1_2_SUPPORTED e->dtls_ctx_v1_2 = dtls_ctx_v1_2; #endif } @@ -2242,7 +2246,8 @@ int udp_recvfrom(evutil_socket_t fd, ioa_addr* orig_addr, const ioa_addr *like_a return len; } -#if !defined(TURN_NO_TLS) +#if TLS_SUPPORTED + static TURN_TLS_TYPE check_tentative_tls(ioa_socket_raw fd) { TURN_TLS_TYPE ret = TURN_TLS_NO; @@ -2321,7 +2326,7 @@ static int socket_input_worker(ioa_socket_handle s) } if(s->st == TLS_SOCKET) { -#if !defined(TURN_NO_TLS) +#if TLS_SUPPORTED SSL *ctx = bufferevent_openssl_get_ssl(s->bev); if(!ctx || SSL_get_shutdown(ctx)) { s->tobeclosed = 1; @@ -2340,7 +2345,7 @@ static int socket_input_worker(ioa_socket_handle s) if(s->st == TENTATIVE_TCP_SOCKET) { EVENT_DEL(s->read_event); -#if !defined(TURN_NO_TLS) +#if TLS_SUPPORTED TURN_TLS_TYPE tls_type = check_tentative_tls(s->fd); if(tls_type) { s->st = TLS_SOCKET; @@ -2351,14 +2356,14 @@ static int socket_input_worker(ioa_socket_handle s) TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "!!!%s on socket: 0x%lx, st=%d, sat=%d: bev already exist\n", __FUNCTION__,(long)s, s->st, s->sat); } switch(tls_type) { -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED case TURN_TLS_v1_2: if(s->e->tls_ctx_v1_2) { set_socket_ssl(s,SSL_NEW(s->e->tls_ctx_v1_2)); } break; #endif -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED case TURN_TLS_v1_1: if(s->e->tls_ctx_v1_1) { set_socket_ssl(s,SSL_NEW(s->e->tls_ctx_v1_1)); @@ -2391,7 +2396,7 @@ static int socket_input_worker(ioa_socket_handle s) bufferevent_enable(s->bev, EV_READ|EV_WRITE); /* Start reading. */ } } else -#endif //TURN_NO_TLS +#endif //TLS_SUPPORTED { s->st = TCP_SOCKET; if(s->bev) { @@ -2443,7 +2448,7 @@ static int socket_input_worker(ioa_socket_handle s) s->broken = 1; log_socket_event(s, "socket read failed, to be closed",1); } else if(s->st == TLS_SOCKET) { -#if !defined(TURN_NO_TLS) +#if TLS_SUPPORTED SSL *ctx = bufferevent_openssl_get_ssl(s->bev); if(!ctx || SSL_get_shutdown(ctx)) { ret = -1; @@ -3083,7 +3088,7 @@ int send_data_from_ioa_socket_nbh(ioa_socket_handle s, ioa_addr* dest_addr, if (s->connected && s->bev) { if (s->st == TLS_SOCKET) { -#if !defined(TURN_NO_TLS) +#if TLS_SUPPORTED SSL *ctx = bufferevent_openssl_get_ssl(s->bev); if (!ctx || SSL_get_shutdown(ctx)) { s->tobeclosed = 1; @@ -3240,7 +3245,7 @@ int register_callback_on_ioa_socket(ioa_engine_handle e, ioa_socket_handle s, in return -1; } } else { -#if !defined(TURN_NO_TLS) +#if TLS_SUPPORTED if(!(s->ssl)) { //??? how we can get to this point ??? set_socket_ssl(s,SSL_NEW(e->tls_ctx_ssl23)); diff --git a/src/apps/relay/ns_ioalib_impl.h b/src/apps/relay/ns_ioalib_impl.h index c17fffd..989cefb 100644 --- a/src/apps/relay/ns_ioalib_impl.h +++ b/src/apps/relay/ns_ioalib_impl.h @@ -143,14 +143,16 @@ struct _ioa_engine stun_buffer_list bufs; SSL_CTX *tls_ctx_ssl23; SSL_CTX *tls_ctx_v1_0; -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED SSL_CTX *tls_ctx_v1_1; -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED SSL_CTX *tls_ctx_v1_2; #endif #endif +#if DTLSv1_SUPPORTED SSL_CTX *dtls_ctx; -#if defined(SSL_OP_NO_DTLSv1_2) +#endif +#if DTLSv1_2_SUPPORTED SSL_CTX *dtls_ctx_v1_2; #endif turn_time_t jiffie; /* bandwidth check interval */ @@ -254,14 +256,16 @@ ioa_engine_handle create_ioa_engine(super_memory_t *sm, void set_ssl_ctx(ioa_engine_handle e, SSL_CTX *tls_ctx_ssl23, SSL_CTX *tls_ctx_v1_0, -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED SSL_CTX *tls_ctx_v1_1, -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED SSL_CTX *tls_ctx_v1_2, #endif #endif +#if DTLSv1_SUPPORTED SSL_CTX *dtls_ctx -#if defined(SSL_OP_NO_DTLSv1_2) +#endif +#if DTLSv1_2_SUPPORTED ,SSL_CTX *dtls_ctx_v1_2 #endif ); diff --git a/src/apps/uclient/mainuclient.c b/src/apps/uclient/mainuclient.c index dbe41fd..ecd3f54 100644 --- a/src/apps/uclient/mainuclient.c +++ b/src/apps/uclient/mainuclient.c @@ -517,18 +517,18 @@ int main(int argc, char **argv) root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_client_method()); SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite); root_tls_ctx_num++; -#if defined(SSL_TXT_TLSV1_1) +#if TLSv1_1_SUPPORTED root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_1_client_method()); SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite); root_tls_ctx_num++; -#if defined(SSL_TXT_TLSV1_2) +#if TLSv1_2_SUPPORTED root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(TLSv1_2_client_method()); SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite); root_tls_ctx_num++; #endif #endif } else { -#if defined(TURN_NO_DTLS) +#if !DTLSv1_SUPPORTED fprintf(stderr,"ERROR: DTLS is not supported.\n"); exit(-1); #else @@ -538,7 +538,7 @@ int main(int argc, char **argv) root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLSv1_client_method()); SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite); root_tls_ctx_num++; -#if defined(SSL_OP_NO_DTLSv1_2) +#if DTLSv1_2_SUPPORTED root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(DTLSv1_2_client_method()); SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite); root_tls_ctx_num++; diff --git a/src/apps/uclient/startuclient.c b/src/apps/uclient/startuclient.c index 40dcd7f..cfed67f 100644 --- a/src/apps/uclient/startuclient.c +++ b/src/apps/uclient/startuclient.c @@ -50,7 +50,7 @@ static uint64_t current_reservation_token = 0; static int allocate_rtcp = 0; static const int never_allocate_rtcp = 0; -#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION +#if ALPN_SUPPORTED static const unsigned char kALPNProtos[] = "\x09stun.turn\x12stun.nat-discovery"; static const size_t kALPNProtosLen = sizeof(kALPNProtos) - 1; #endif @@ -91,14 +91,14 @@ static SSL* tls_connect(ioa_socket_raw fd, ioa_addr *remote_addr, int *try_again ssl = SSL_NEW(root_tls_ctx[ctxtype]); -#if OPENSSL_VERSION_NUMBER >= OPENSSL_FIRST_ALPN_VERSION +#if ALPN_SUPPORTED SSL_set_alpn_protos(ssl, kALPNProtos, kALPNProtosLen); #endif if(use_tcp) { SSL_set_fd(ssl, fd); } else { -#if defined(TURN_NO_DTLS) +#if !DTLSv1_SUPPORTED UNUSED_ARG(remote_addr); fprintf(stderr,"ERROR: DTLS is not supported.\n"); exit(-1); diff --git a/src/ns_turn_defs.h b/src/ns_turn_defs.h index 8ad2eae..6443a10 100644 --- a/src/ns_turn_defs.h +++ b/src/ns_turn_defs.h @@ -216,14 +216,6 @@ typedef u32bits turn_time_t; #define DELETE_TURN_CHANNEL_KERNEL(handler) #endif -/* ALPN */ - -#define OPENSSL_FIRST_ALPN_VERSION (0x10002003L) - -#define STUN_ALPN "stun.nat-discovery" -#define TURN_ALPN "stun.turn" -#define HTTP_ALPN "http/1.1" - //////////////////////////////////////////////////////// #ifdef __cplusplus