I reproduce the problem on my linux amd64 machine.
$ cd openssl-1.0.1
$ ./config no-tls1
$ make depend
$ make
[...]
gcc -I../crypto -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO
-O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
-DGHASH_ASM -c -o d1_srtp.o d1_srtp.c
d1_srtp.c: In function ‘SSL_CTX_set_tlsext_use_srtp’:
d1_srtp.c:229: error: ‘SSL_CTX’ has no member named ‘srtp_profiles’
d1_srtp.c: In function ‘SSL_set_tlsext_use_srtp’:
d1_srtp.c:234: error: ‘SSL’ has no member named ‘srtp_profiles’
d1_srtp.c: In function ‘SSL_get_srtp_profiles’:
d1_srtp.c:242: error: ‘SSL’ has no member named ‘srtp_profiles’
d1_srtp.c:244: error: ‘SSL’ has no member named ‘srtp_profiles’
d1_srtp.c:247: error: ‘SSL_CTX’ has no member named ‘srtp_profiles’
d1_srtp.c:249: error: ‘SSL_CTX’ has no member named ‘srtp_profiles’
d1_srtp.c: In function ‘SSL_get_selected_srtp_profile’:
d1_srtp.c:258: error: ‘SSL’ has no member named ‘srtp_profile’
d1_srtp.c: In function ‘ssl_parse_clienthello_use_srtp_ext’:
d1_srtp.c:389: error: ‘SSL’ has no member named ‘srtp_profile’
d1_srtp.c: In function ‘ssl_add_serverhello_use_srtp_ext’:
d1_srtp.c:415: error: ‘SSL’ has no member named ‘srtp_profile’
d1_srtp.c:421: error: ‘SSL’ has no member named ‘srtp_profile’
d1_srtp.c:421: error: ‘SSL’ has no member named ‘srtp_profile’
d1_srtp.c:421: warning: left-hand operand of comma expression has no effect
d1_srtp.c:421: warning: left-hand operand of comma expression has no effect
d1_srtp.c:421: warning: value computed is not used
d1_srtp.c: In function ‘ssl_parse_serverhello_use_srtp_ext’:
d1_srtp.c:481: error: ‘SSL’ has no member named ‘srtp_profile’
I attached a patch to fix the problem.
The tests still fail, for some reason TLS is used (and failing) at some
point.
Regards,
Thomas
diff -ru openssl-1.0.1_orig/apps/s_client.c openssl-1.0.1/apps/s_client.c
--- openssl-1.0.1_orig/apps/s_client.c 2012-03-14 14:32:14.000000000 +0100
+++ openssl-1.0.1/apps/s_client.c 2012-03-26 23:01:24.000000000 +0200
@@ -951,11 +951,13 @@
jpake_secret = *++argv;
}
#endif
+#ifndef OPENSSL_NO_TLSEXT
else if (strcmp(*argv,"-use_srtp") == 0)
{
if (--argc < 1) goto bad;
srtp_profiles = *(++argv);
}
+#endif
else if (strcmp(*argv,"-keymatexport") == 0)
{
if (--argc < 1) goto bad;
@@ -1136,9 +1138,11 @@
BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
}
+#ifndef OPENSSL_NO_TLSEXT
if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif
+#endif
if (bugs)
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
else
@@ -2067,6 +2071,7 @@
}
#endif
+#ifndef OPENSSL_NO_TLSEXT
{
SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
@@ -2074,6 +2079,7 @@
BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n",
srtp_profile->name);
}
+#endif
SSL_SESSION_print(bio,SSL_get_session(s));
if (keymatexportlabel != NULL)
@@ -2084,6 +2090,7 @@
exportedkeymat = OPENSSL_malloc(keymatexportlen);
if (exportedkeymat != NULL)
{
+#ifndef OPENSSL_NO_TLSEXT
if (!SSL_export_keying_material(s, exportedkeymat,
keymatexportlen,
keymatexportlabel,
@@ -2093,6 +2100,7 @@
BIO_printf(bio, " Error\n");
}
else
+#endif
{
BIO_printf(bio, " Keying material: ");
for (i=0; i<keymatexportlen; i++)
diff -ru openssl-1.0.1_orig/apps/s_server.c openssl-1.0.1/apps/s_server.c
--- openssl-1.0.1_orig/apps/s_server.c 2012-02-12 00:21:09.000000000 +0100
+++ openssl-1.0.1/apps/s_server.c 2012-03-26 23:00:36.000000000 +0200
@@ -1560,8 +1560,10 @@
else
SSL_CTX_sess_set_cache_size(ctx,128);
+#ifndef OPENSSL_NO_TLSEXT
if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+#endif
#if 0
if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@@ -2452,6 +2454,7 @@
BIO_printf(bio_s_out, "\n");
}
#endif
+#ifndef OPENSSL_NO_TLSEXT
{
SRTP_PROTECTION_PROFILE *srtp_profile
= SSL_get_selected_srtp_profile(con);
@@ -2460,6 +2463,7 @@
BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n",
srtp_profile->name);
}
+#endif
if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
@@ -2484,6 +2488,7 @@
exportedkeymat = OPENSSL_malloc(keymatexportlen);
if (exportedkeymat != NULL)
{
+#ifndef OPENSSL_NO_TLSEXT
if (!SSL_export_keying_material(con, exportedkeymat,
keymatexportlen,
keymatexportlabel,
@@ -2493,6 +2498,7 @@
BIO_printf(bio_s_out, " Error\n");
}
else
+#endif
{
BIO_printf(bio_s_out, " Keying material: ");
for (i=0; i<keymatexportlen; i++)
diff -ru openssl-1.0.1_orig/ssl/d1_srtp.c openssl-1.0.1/ssl/d1_srtp.c
--- openssl-1.0.1_orig/ssl/d1_srtp.c 2012-02-11 23:53:48.000000000 +0100
+++ openssl-1.0.1/ssl/d1_srtp.c 2012-03-26 22:54:52.000000000 +0200
@@ -224,6 +224,7 @@
return 0;
}
+#ifndef OPENSSL_NO_TLSEXT
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles)
{
return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles);
@@ -488,6 +489,7 @@
*al=SSL_AD_DECODE_ERROR;
return 1;
}
+#endif
#endif
diff -ru openssl-1.0.1_orig/ssl/s3_clnt.c openssl-1.0.1/ssl/s3_clnt.c
--- openssl-1.0.1_orig/ssl/s3_clnt.c 2012-02-09 16:41:44.000000000 +0100
+++ openssl-1.0.1/ssl/s3_clnt.c 2012-03-26 23:04:56.000000000 +0200
@@ -1708,6 +1708,7 @@
/* if it was signed, check the signature */
if (pkey != NULL)
{
+#ifndef OPENSSL_NO_TLSEXT
if (TLS1_get_version(s) >= TLS1_2_VERSION)
{
int sigalg = tls12_get_sigid(pkey);
@@ -1738,6 +1739,7 @@
n -= 2;
}
else
+#endif
md = EVP_sha1();
n2s(p,i);
@@ -1913,6 +1915,7 @@
for (i=0; i<ctype_num; i++)
s->s3->tmp.ctype[i]= p[i];
p+=ctype_num;
+#ifndef OPENSSL_NO_TLSEXT
if (TLS1_get_version(s) >= TLS1_2_VERSION)
{
n2s(p, llen);
@@ -1933,6 +1936,7 @@
}
p += llen;
}
+#endif
/* get the CA RDNs */
n2s(p,llen);
@@ -2948,6 +2952,7 @@
/* For TLS v1.2 send signature algorithm and signature
* using agreed digest and cached handshake records.
*/
+#ifndef OPENSSL_NO_TLS1
if (TLS1_get_version(s) >= TLS1_2_VERSION)
{
long hdatalen = 0;
@@ -2980,6 +2985,7 @@
goto err;
}
else
+#endif
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
diff -ru openssl-1.0.1_orig/ssl/s3_srvr.c openssl-1.0.1/ssl/s3_srvr.c
--- openssl-1.0.1_orig/ssl/s3_srvr.c 2012-02-16 16:25:39.000000000 +0100
+++ openssl-1.0.1/ssl/s3_srvr.c 2012-03-26 23:03:14.000000000 +0200
@@ -1950,6 +1950,7 @@
{
/* For TLS1.2 and later send signature
* algorithm */
+#ifndef OPENSSL_NO_TLSEXT
if (TLS1_get_version(s) >= TLS1_2_VERSION)
{
if (!tls12_get_sigandhash(p, pkey, md))
@@ -1961,6 +1962,8 @@
}
p+=2;
}
+#endif
+
#ifdef SSL_DEBUG
fprintf(stderr, "Using hash %s\n",
EVP_MD_name(md));
@@ -2033,6 +2036,7 @@
p+=n;
n++;
+#ifndef OPENSSL_NO_TLSEXT
if (TLS1_get_version(s) >= TLS1_2_VERSION)
{
nl = tls12_get_req_sig_algs(s, p + 2);
@@ -2040,6 +2044,7 @@
p += nl + 2;
n += nl + 2;
}
+#endif
off=n;
p+=2;
@@ -2973,6 +2978,7 @@
}
else
{
+#ifndef OPENSSL_NO_TLSEXT
if (TLS1_get_version(s) >= TLS1_2_VERSION)
{
int sigalg = tls12_get_sigid(pkey);
@@ -3003,6 +3009,7 @@
p += 2;
n -= 2;
}
+#endif
n2s(p,i);
n-=2;
if (i > n)
diff -ru openssl-1.0.1_orig/ssl/ssl_lib.c openssl-1.0.1/ssl/ssl_lib.c
--- openssl-1.0.1_orig/ssl/ssl_lib.c 2012-01-05 11:22:39.000000000 +0100
+++ openssl-1.0.1/ssl/ssl_lib.c 2012-03-26 22:56:13.000000000 +0200
@@ -597,8 +597,10 @@
OPENSSL_free(s->next_proto_negotiated);
#endif
+#ifndef OPENSSL_NO_TLSEXT
if (s->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
OPENSSL_free(s);
}
@@ -1952,8 +1954,10 @@
a->comp_methods = NULL;
#endif
+#ifndef OPENSSL_NO_TLSEXT
if (a->srtp_profiles)
sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
#ifndef OPENSSL_NO_PSK
if (a->psk_identity_hint)
Seulement dans openssl-1.0.1/test: newkey.pem
Seulement dans openssl-1.0.1/test: testkey.pem
Seulement dans openssl-1.0.1/test: testreq.pem
