diff --git a/contrib/src/pjproject/SHA512SUMS b/contrib/src/pjproject/SHA512SUMS
index 8c708f76f2d7480df7d08d6021a1f8286a80bb8f..2a4b1aa4065c4b13fe9a1d276f336ebe8b3109ad 100644
--- a/contrib/src/pjproject/SHA512SUMS
+++ b/contrib/src/pjproject/SHA512SUMS
@@ -1 +1 @@
-ead780282a1b3df8ca326992d30b83236c3fdb9dbafb134b33d3f59484ce7253ca8014f2d7d8b98968a696b75e8a29a545b3aa34a66acdf55a21942ca9b30370 pjproject-2.2.1.tar.bz2
+164737bed8f688b2c555e2b4c701a568570a592fa7d1259da0be73a6a79f8c8157562cb941a1c00a0bea2954a8d13dd867bfc16b48c722ac4bde303986e4549a pjproject-2.4.tar.bz2
diff --git a/contrib/src/pjproject/aconfigureupdate.patch b/contrib/src/pjproject/aconfigureupdate.patch
deleted file mode 100644
index a010207430ea53cd0ac69ed866c49347b6e61b4d..0000000000000000000000000000000000000000
--- a/contrib/src/pjproject/aconfigureupdate.patch
+++ /dev/null
@@ -1,484 +0,0 @@
-From 5ddeabda001689893f43e60a96436904f0597457 Mon Sep 17 00:00:00 2001
-From: Vittorio Giovara <vittorio.giovara@savoirfairelinux.com>
-Date: Mon, 9 Jun 2014 18:17:42 -0400
-Subject: [PATCH] update aconfigure
-
----
- aconfigure | 207 +++++++++++++++++++++++++++++++------------------------------
- 1 file changed, 106 insertions(+), 101 deletions(-)
-
-diff --git a/aconfigure b/aconfigure
-index d4fc521..03f727f 100755
---- a/aconfigure
-+++ b/aconfigure
-@@ -1,11 +1,9 @@
- #! /bin/sh
- # Guess values for system-dependent variables and create Makefiles.
--# Generated by GNU Autoconf 2.68 for pjproject 2.x.
-+# Generated by GNU Autoconf 2.69 for pjproject 2.x.
- #
- #
--# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
--# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
--# Foundation, Inc.
-+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
- #
- #
- # This configure script is free software; the Free Software Foundation
-@@ -134,6 +132,31 @@ export LANGUAGE
- # CDPATH.
- (unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-+# Use a proper internal environment variable to ensure we don't fall
-+ # into an infinite loop, continuously re-executing ourselves.
-+ if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
-+ _as_can_reexec=no; export _as_can_reexec;
-+ # We cannot yet assume a decent shell, so we have to provide a
-+# neutralization value for shells without unset; and this also
-+# works around shells that cannot unset nonexistent variables.
-+# Preserve -v and -x to the replacement shell.
-+BASH_ENV=/dev/null
-+ENV=/dev/null
-+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-+case $- in # ((((
-+ *v*x* | *x*v* ) as_opts=-vx ;;
-+ *v* ) as_opts=-v ;;
-+ *x* ) as_opts=-x ;;
-+ * ) as_opts= ;;
-+esac
-+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-+# Admittedly, this is quite paranoid, since all the known shells bail
-+# out after a failed `exec'.
-+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-+as_fn_exit 255
-+ fi
-+ # We don't want this to propagate to other subprocesses.
-+ { _as_can_reexec=; unset _as_can_reexec;}
- if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
-@@ -167,7 +190,8 @@ if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
- else
- exitcode=1; echo positional parameters were not saved.
- fi
--test x\$exitcode = x0 || exit 1"
-+test x\$exitcode = x0 || exit 1
-+test -x / || exit 1"
- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
-@@ -212,21 +236,25 @@ IFS=$as_save_IFS
-
-
- if test "x$CONFIG_SHELL" != x; then :
-- # We cannot yet assume a decent shell, so we have to provide a
-- # neutralization value for shells without unset; and this also
-- # works around shells that cannot unset nonexistent variables.
-- # Preserve -v and -x to the replacement shell.
-- BASH_ENV=/dev/null
-- ENV=/dev/null
-- (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-- export CONFIG_SHELL
-- case $- in # ((((
-- *v*x* | *x*v* ) as_opts=-vx ;;
-- *v* ) as_opts=-v ;;
-- *x* ) as_opts=-x ;;
-- * ) as_opts= ;;
-- esac
-- exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"}
-+ export CONFIG_SHELL
-+ # We cannot yet assume a decent shell, so we have to provide a
-+# neutralization value for shells without unset; and this also
-+# works around shells that cannot unset nonexistent variables.
-+# Preserve -v and -x to the replacement shell.
-+BASH_ENV=/dev/null
-+ENV=/dev/null
-+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-+case $- in # ((((
-+ *v*x* | *x*v* ) as_opts=-vx ;;
-+ *v* ) as_opts=-v ;;
-+ *x* ) as_opts=-x ;;
-+ * ) as_opts= ;;
-+esac
-+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-+# Admittedly, this is quite paranoid, since all the known shells bail
-+# out after a failed `exec'.
-+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-+exit 255
- fi
-
- if test x$as_have_required = xno; then :
-@@ -328,6 +356,14 @@ $as_echo X"$as_dir" |
-
-
- } # as_fn_mkdir_p
-+
-+# as_fn_executable_p FILE
-+# -----------------------
-+# Test if FILE is an executable regular file.
-+as_fn_executable_p ()
-+{
-+ test -f "$1" && test -x "$1"
-+} # as_fn_executable_p
- # as_fn_append VAR VALUE
- # ----------------------
- # Append the text in VALUE to the end of the definition contained in VAR. Take
-@@ -449,6 +485,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
- chmod +x "$as_me.lineno" ||
- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
-
-+ # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
-+ # already done that, so ensure we don't try to do so again and fall
-+ # in an infinite loop. This has already happened in practice.
-+ _as_can_reexec=no; export _as_can_reexec
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
-@@ -483,16 +523,16 @@ if (echo >conf$$.file) 2>/dev/null; then
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
-- # In both cases, we have to default to `cp -p'.
-+ # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
-- as_ln_s='cp -p'
-+ as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
-- as_ln_s='cp -p'
-+ as_ln_s='cp -pR'
- fi
- else
-- as_ln_s='cp -p'
-+ as_ln_s='cp -pR'
- fi
- rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
- rmdir conf$$.dir 2>/dev/null
-@@ -504,28 +544,8 @@ else
- as_mkdir_p=false
- fi
-
--if test -x / >/dev/null 2>&1; then
-- as_test_x='test -x'
--else
-- if ls -dL / >/dev/null 2>&1; then
-- as_ls_L_option=L
-- else
-- as_ls_L_option=
-- fi
-- as_test_x='
-- eval sh -c '\''
-- if test -d "$1"; then
-- test -d "$1/.";
-- else
-- case $1 in #(
-- -*)set "./$1";;
-- esac;
-- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
-- ???[sx]*):;;*)false;;esac;fi
-- '\'' sh
-- '
--fi
--as_executable_p=$as_test_x
-+as_test_x='test -x'
-+as_executable_p=as_fn_executable_p
-
- # Sed expression to map a string onto a valid CPP name.
- as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-@@ -1252,8 +1272,6 @@ target=$target_alias
- if test "x$host_alias" != x; then
- if test "x$build_alias" = x; then
- cross_compiling=maybe
-- $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
-- If a cross compiler is detected then cross compile mode will be used" >&2
- elif test "x$build_alias" != "x$host_alias"; then
- cross_compiling=yes
- fi
-@@ -1567,9 +1585,9 @@ test -n "$ac_init_help" && exit $ac_status
- if $ac_init_version; then
- cat <<\_ACEOF
- pjproject configure 2.x
--generated by GNU Autoconf 2.68
-+generated by GNU Autoconf 2.69
-
--Copyright (C) 2010 Free Software Foundation, Inc.
-+Copyright (C) 2012 Free Software Foundation, Inc.
- This configure script is free software; the Free Software Foundation
- gives unlimited permission to copy, distribute and modify it.
- _ACEOF
-@@ -1683,7 +1701,7 @@ $as_echo "$ac_try_echo"; } >&5
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
-- $as_test_x conftest$ac_exeext
-+ test -x conftest$ac_exeext
- }; then :
- ac_retval=0
- else
-@@ -1970,7 +1988,7 @@ This file contains any messages produced by compilers while
- running configure, to aid debugging if configure makes a mistake.
-
- It was created by pjproject $as_me 2.x, which was
--generated by GNU Autoconf 2.68. Invocation command line was
-+generated by GNU Autoconf 2.69. Invocation command line was
-
- $ $0 $@
-
-@@ -2495,7 +2513,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -2535,7 +2553,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -2588,7 +2606,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -2629,7 +2647,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
-@@ -2687,7 +2705,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -2731,7 +2749,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -3177,8 +3195,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h. */
- #include <stdarg.h>
- #include <stdio.h>
--#include <sys/types.h>
--#include <sys/stat.h>
-+struct stat;
- /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
- struct buf { int x; };
- FILE * (*rcsopen) (struct buf *, struct stat *, int);
-@@ -3291,7 +3308,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -3335,7 +3352,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CXX="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -3544,7 +3561,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -3584,7 +3601,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_RANLIB="ranlib"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -3638,7 +3655,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -3682,7 +3699,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_AR="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -4464,7 +4481,7 @@ do
- for ac_prog in grep ggrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
-- { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
-+ as_fn_executable_p "$ac_path_GREP" || continue
- # Check for GNU ac_path_GREP and select it if it is found.
- # Check for GNU $ac_path_GREP
- case `"$ac_path_GREP" --version 2>&1` in
-@@ -4530,7 +4547,7 @@ do
- for ac_prog in egrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
-- { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
-+ as_fn_executable_p "$ac_path_EGREP" || continue
- # Check for GNU ac_path_EGREP and select it if it is found.
- # Check for GNU $ac_path_EGREP
- case `"$ac_path_EGREP" --version 2>&1` in
-@@ -6489,7 +6506,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_SDL_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -6535,7 +6552,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_SDL_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -6640,7 +6657,7 @@ do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
-- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_PKG_CONFIG="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
-@@ -8449,16 +8466,16 @@ if (echo >conf$$.file) 2>/dev/null; then
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
-- # In both cases, we have to default to `cp -p'.
-+ # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
-- as_ln_s='cp -p'
-+ as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
-- as_ln_s='cp -p'
-+ as_ln_s='cp -pR'
- fi
- else
-- as_ln_s='cp -p'
-+ as_ln_s='cp -pR'
- fi
- rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
- rmdir conf$$.dir 2>/dev/null
-@@ -8518,28 +8535,16 @@ else
- as_mkdir_p=false
- fi
-
--if test -x / >/dev/null 2>&1; then
-- as_test_x='test -x'
--else
-- if ls -dL / >/dev/null 2>&1; then
-- as_ls_L_option=L
-- else
-- as_ls_L_option=
-- fi
-- as_test_x='
-- eval sh -c '\''
-- if test -d "$1"; then
-- test -d "$1/.";
-- else
-- case $1 in #(
-- -*)set "./$1";;
-- esac;
-- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
-- ???[sx]*):;;*)false;;esac;fi
-- '\'' sh
-- '
--fi
--as_executable_p=$as_test_x
-+
-+# as_fn_executable_p FILE
-+# -----------------------
-+# Test if FILE is an executable regular file.
-+as_fn_executable_p ()
-+{
-+ test -f "$1" && test -x "$1"
-+} # as_fn_executable_p
-+as_test_x='test -x'
-+as_executable_p=as_fn_executable_p
-
- # Sed expression to map a string onto a valid CPP name.
- as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-@@ -8561,7 +8566,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
- # values after options handling.
- ac_log="
- This file was extended by pjproject $as_me 2.x, which was
--generated by GNU Autoconf 2.68. Invocation command line was
-+generated by GNU Autoconf 2.69. Invocation command line was
-
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
-@@ -8623,10 +8628,10 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
- ac_cs_version="\\
- pjproject config.status 2.x
--configured by $0, generated by GNU Autoconf 2.68,
-+configured by $0, generated by GNU Autoconf 2.69,
- with options \\"\$ac_cs_config\\"
-
--Copyright (C) 2010 Free Software Foundation, Inc.
-+Copyright (C) 2012 Free Software Foundation, Inc.
- This config.status script is free software; the Free Software Foundation
- gives unlimited permission to copy, distribute and modify it."
-
-@@ -8714,7 +8719,7 @@ fi
- _ACEOF
- cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- if \$ac_cs_recheck; then
-- set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
-+ set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
- shift
- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
- CONFIG_SHELL='$SHELL'
---
-1.8.3.2
-
diff --git a/contrib/src/pjproject/gnutls.patch b/contrib/src/pjproject/gnutls.patch
index 6330d077c9a8df73585d766dfbd7669adec48ecd..98a01a8bdfc3e440088d9e05631578dcdfde027a 100644
--- a/contrib/src/pjproject/gnutls.patch
+++ b/contrib/src/pjproject/gnutls.patch
@@ -11,26 +11,25 @@ The configure script is updated to select either OpenSSL or GnuTLS
with --enable-ssl[='...'] and a new symbol (PJ_HAS_TLS_SOCK) is introduced
to identify which backend is in use.
-Written by Vittorio Giovara <vittorio.giovara@savoirfairelinux.com> and
-Philippe Proulx <philippe.proulx@savoirfairelinux.com> on behalf of
-Savoir-Faire Linux.
-
-squashed the following commit:
-ssl_sock_gtls: avoid NULL dereference
+Written by
+Vittorio Giovara <vittorio.giovara@savoirfairelinux.com>
+Philippe Proulx <philippe.proulx@savoirfairelinux.com> and
+Adrien BĂ©raud <adrien.beraud@savoirfairelinux.com>
+on behalf of Savoir-Faire Linux.
---
- aconfigure | 183 ++-
- aconfigure.ac | 100 +-
- pjlib/build/Makefile | 2 +-
- pjlib/include/pj/compat/os_auto.h.in | 3 +
- pjlib/include/pj/config.h | 4 +-
- pjlib/src/pj/ssl_sock_common.c | 5 +
- pjlib/src/pj/ssl_sock_gtls.c | 2782 ++++++++++++++++++++++++++++++++++
- pjlib/src/pj/ssl_sock_ossl.c | 6 +-
- 8 files changed, 3023 insertions(+), 62 deletions(-)
- create mode 100644 pjlib/src/pj/ssl_sock_gtls.c
+ {a => b}/aconfigure | 194 +-
+ {a => b}/aconfigure.ac | 109 +-
+ {a => b}/pjlib/build/Makefile | 2 +-
+ {a => b}/pjlib/include/pj/compat/os_auto.h.in | 3 +
+ {a => b}/pjlib/include/pj/config.h | 4 +-
+ {a => b}/pjlib/include/pj/ssl_sock.h | 5 +
+ {a => b}/pjlib/src/pj/ssl_sock_common.c | 5 +
+ /dev/null => b/pjlib/src/pj/ssl_sock_gtls.c | 2867 +++++++++++++++++++++++++
+ {a => b}/pjlib/src/pj/ssl_sock_ossl.c | 6 +-
+ 9 files changed, 3124 insertions(+), 71 deletions(-)
diff --git a/aconfigure b/aconfigure
-index a296266..03f727f 100755
+index 084ab0a..d4f4639 100755
--- a/aconfigure
+++ b/aconfigure
@@ -637,6 +637,8 @@ ac_no_opencore_amrnb
@@ -40,9 +39,9 @@ index a296266..03f727f 100755
+libgnutls_present
+gnutls_h_present
ac_no_ssl
- ac_v4l2_ldflags
- ac_v4l2_cflags
-@@ -1457,8 +1459,8 @@ Optional Features:
+ ac_libyuv_ldflags
+ ac_libyuv_cflags
+@@ -1469,8 +1471,8 @@ Optional Features:
package and samples location using IPPROOT and
IPPSAMPLES env var or with --with-ipp and
--with-ipp-samples options
@@ -53,7 +52,7 @@ index a296266..03f727f 100755
--disable-opencore-amr Exclude OpenCORE AMR support from the build
(default: autodetect)
-@@ -7380,33 +7382,159 @@ fi
+@@ -7644,33 +7646,160 @@ fi
# Check whether --enable-ssl was given.
if test "${enable_ssl+set}" = set; then :
@@ -65,6 +64,7 @@ index a296266..03f727f 100755
+ ssl_backend="gnutls"
+ else
+ ssl_backend="openssl"
++
+ fi
+
+fi
@@ -83,7 +83,7 @@ index a296266..03f727f 100755
+$as_echo "Using SSL prefix... $with_ssl" >&6; }
+ fi
+ if test "x$ssl_backend" = "xgnutls"; then
-+ for ac_prog in ${host}-pkg-config pkg-config "python pkgconfig.py"
++ for ac_prog in $host-pkg-config pkg-config "python pkgconfig.py"
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
@@ -227,8 +227,8 @@ index a296266..03f727f 100755
$as_echo_n "checking for ERR_load_BIO_strings in -lcrypto... " >&6; }
if ${ac_cv_lib_crypto_ERR_load_BIO_strings+:} false; then :
$as_echo_n "(cached) " >&6
-@@ -7446,7 +7574,7 @@ if test "x$ac_cv_lib_crypto_ERR_load_BIO_strings" = xyes; then :
- libcrypto_present=1 && LIBS="$LIBS -lcrypto"
+@@ -7710,7 +7839,7 @@ if test "x$ac_cv_lib_crypto_ERR_load_BIO_strings" = xyes; then :
+ libcrypto_present=1 && LIBS="-lcrypto -ldl -lz $LIBS"
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_library_init in -lssl" >&5
@@ -236,8 +236,8 @@ index a296266..03f727f 100755
$as_echo_n "checking for SSL_library_init in -lssl... " >&6; }
if ${ac_cv_lib_ssl_SSL_library_init+:} false; then :
$as_echo_n "(cached) " >&6
-@@ -7486,22 +7614,23 @@ if test "x$ac_cv_lib_ssl_SSL_library_init" = xyes; then :
- libssl_present=1 && LIBS="$LIBS -lssl"
+@@ -7750,14 +7879,16 @@ if test "x$ac_cv_lib_ssl_SSL_library_init" = xyes; then :
+ libssl_present=1 && LIBS="-lssl $LIBS"
fi
- if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
@@ -251,13 +251,29 @@ index a296266..03f727f 100755
+ # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
+ #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
+ $as_echo "#define PJ_HAS_SSL_SOCK 1" >>confdefs.h
++
++ $as_echo "#define PJ_HAS_TLS_SOCK 0" >>confdefs.h
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSLv2_method in -lssl" >&5
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSLv2_method in -lssl" >&5
+ $as_echo_n "checking for SSLv2_method in -lssl... " >&6; }
+ if ${ac_cv_lib_ssl_SSLv2_method+:} false; then :
+ $as_echo_n "(cached) " >&6
+@@ -7797,18 +7928,17 @@ if test "x$ac_cv_lib_ssl_SSLv2_method" = xyes; then :
+ libssl_no_ssl2=1
+ fi
+
+- if test "x$libssl_no_ssl2" != "x1"; then
+- CFLAGS="$CFLAGS -DOPENSSL_NO_SSL2=1"
+- fi
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ** OpenSSL libraries not found, disabling SSL support **" >&5
-$as_echo "** OpenSSL libraries not found, disabling SSL support **" >&6; }
- fi
-+ $as_echo "#define PJ_HAS_TLS_SOCK 0" >>confdefs.h
-
+-
++ if test "x$libssl_no_ssl2" != "x1"; then
++ CFLAGS="$CFLAGS -DOPENSSL_NO_SSL2=1"
++ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ** No OpenSSL libraries found, disabling SSL support **" >&5
+$as_echo "** No OpenSSL libraries found, disabling SSL support **" >&6; }
@@ -271,10 +287,10 @@ index a296266..03f727f 100755
if test "${with_opencore_amrnb+set}" = set; then :
withval=$with_opencore_amrnb; as_fn_error $? "This option is obsolete and replaced by --with-opencore-amr=DIR" "$LINENO" 5
diff --git a/aconfigure.ac b/aconfigure.ac
-index cd71a7a..465285e 100644
+index 67cf24f..c6cbf82 100644
--- a/aconfigure.ac
+++ b/aconfigure.ac
-@@ -1346,38 +1346,76 @@ fi
+@@ -1512,42 +1512,81 @@ fi
dnl # Include SSL support
AC_SUBST(ac_no_ssl)
@@ -301,18 +317,23 @@ index cd71a7a..465285e 100644
+ [ssl_backend="gnutls"]
+ else
+ [ssl_backend="openssl"]
++
fi
- AC_SUBST(openssl_h_present)
- AC_SUBST(libssl_present)
- AC_SUBST(libcrypto_present)
- AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
-- AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="$LIBS -lcrypto"])
-- AC_CHECK_LIB(ssl,SSL_library_init,[libssl_present=1 && LIBS="$LIBS -lssl"])
+- AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto -ldl -lz $LIBS"],,-ldl -lz)
+- AC_CHECK_LIB(ssl,SSL_library_init,[libssl_present=1 && LIBS="-lssl $LIBS"])
- if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
- AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
- # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
- #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
- AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
+- AC_CHECK_LIB(ssl,SSLv2_method,[libssl_no_ssl2=1])
+- if test "x$libssl_no_ssl2" != "x1"; then
+- CFLAGS="$CFLAGS -DOPENSSL_NO_SSL2=1"
+- fi
- else
- AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
- fi
@@ -366,14 +387,18 @@ index cd71a7a..465285e 100644
+ AC_SUBST(libssl_present)
+ AC_SUBST(libcrypto_present)
+ AC_CHECK_HEADER(openssl/ssl.h, [openssl_h_present=1])
-+ AC_CHECK_LIB(crypto,ERR_load_BIO_strings, [libcrypto_present=1 && LIBS="$LIBS -lcrypto"])
-+ AC_CHECK_LIB(ssl,SSL_library_init, [libssl_present=1 && LIBS="$LIBS -lssl"])
++ AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto -ldl -lz $LIBS"],,-ldl -lz)
++ AC_CHECK_LIB(ssl,SSL_library_init,[libssl_present=1 && LIBS="-lssl $LIBS"])
+ if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
+ AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
+ # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
+ #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
+ AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
+ AC_DEFINE(PJ_HAS_TLS_SOCK, 0)
++ AC_CHECK_LIB(ssl,SSLv2_method,[libssl_no_ssl2=1])
++ if test "x$libssl_no_ssl2" != "x1"; then
++ CFLAGS="$CFLAGS -DOPENSSL_NO_SSL2=1"
++ fi
+ else
+ AC_MSG_RESULT([** No OpenSSL libraries found, disabling SSL support **])
+ fi
@@ -383,7 +408,7 @@ index cd71a7a..465285e 100644
dnl # Obsolete option --with-opencore-amrnb
AC_ARG_WITH(opencore-amrnb,
diff --git a/pjlib/build/Makefile b/pjlib/build/Makefile
-index a75fa65..529e0ff 100644
+index 1e64950..e650a31 100644
--- a/pjlib/build/Makefile
+++ b/pjlib/build/Makefile
@@ -35,7 +35,7 @@ export PJLIB_OBJS += $(OS_OBJS) $(M_OBJS) $(CC_OBJS) $(HOST_OBJS) \
@@ -410,7 +435,7 @@ index 18df2bf..9295740 100644
#endif /* __PJ_COMPAT_OS_AUTO_H__ */
diff --git a/pjlib/include/pj/config.h b/pjlib/include/pj/config.h
-index 31020a3..90aefe2 100644
+index 08116cd..6d042fd 100644
--- a/pjlib/include/pj/config.h
+++ b/pjlib/include/pj/config.h
@@ -854,13 +854,15 @@
@@ -430,8 +455,24 @@ index 31020a3..90aefe2 100644
#endif
+diff --git a/pjlib/include/pj/ssl_sock.h b/pjlib/include/pj/ssl_sock.h
+index 161bcf3..0b8d1fc 100644
+--- a/pjlib/include/pj/ssl_sock.h
++++ b/pjlib/include/pj/ssl_sock.h
+@@ -181,6 +181,11 @@ typedef struct pj_ssl_cert_info {
+ } subj_alt_name; /**< Subject alternative
+ name extension */
+
++ struct {
++ unsigned cnt; /**< # of entry */
++ pj_str_t* cert_raw;
++ } raw_chain;
++
+ } pj_ssl_cert_info;
+
+
diff --git a/pjlib/src/pj/ssl_sock_common.c b/pjlib/src/pj/ssl_sock_common.c
-index 768a640..b116f1b 100644
+index 913efee..ac7f683 100644
--- a/pjlib/src/pj/ssl_sock_common.c
+++ b/pjlib/src/pj/ssl_sock_common.c
@@ -34,7 +34,12 @@ PJ_DEF(void) pj_ssl_sock_param_default(pj_ssl_sock_param *param)
@@ -447,15 +488,15 @@ index 768a640..b116f1b 100644
#if !defined(PJ_SYMBIAN) || PJ_SYMBIAN==0
param->read_buffer_size = 1500;
#endif
-diff --git a/pjlib/src/pj/ssl_sock_gtls.c b/pjlib/src/pj/ssl_sock_gtls.c
+diff --git b/pjlib/src/pj/ssl_sock_gtls.c b/pjlib/src/pj/ssl_sock_gtls.c
new file mode 100644
-index 0000000..7b4b941
+index 0000000..5a383d7
--- /dev/null
+++ b/pjlib/src/pj/ssl_sock_gtls.c
-@@ -0,0 +1,2782 @@
+@@ -0,0 +1,2867 @@
+/* $Id$ */
+/*
-+ * Copyright (C) 2014 Savoir-Faire Linux. (http://www.savoirfairelinux.com)
++ * Copyright (C) 2014-2015 Savoir-Faire Linux. (http://www.savoirfairelinux.com)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ -487,6 +528,9 @@ index 0000000..7b4b941
+#include <pj/timer.h>
+#include <pj/file_io.h>
+
++#if GNUTLS_VERSION_NUMBER < 0x030306
++#include <dirent.h>
++#endif
+
+/* Only build when PJ_HAS_SSL_SOCK and PJ_HAS_TLS_SOCK are enabled */
+#if defined(PJ_HAS_SSL_SOCK) && PJ_HAS_SSL_SOCK != 0 && \
@@ -640,6 +684,7 @@ index 0000000..7b4b941
+/* Certificate/credential structure definition. */
+struct pj_ssl_cert_t {
+ pj_str_t CA_file;
++ pj_str_t CA_path;
+ pj_str_t cert_file;
+ pj_str_t privkey_file;
+ pj_str_t privkey_pass;
@@ -1062,7 +1107,7 @@ index 0000000..7b4b941
+ if (circ_write(&ssock->circ_buf_output, data, len) != PJ_SUCCESS) {
+ pj_lock_release(ssock->circ_buf_output_mutex);
+
-+ errno = PJ_ENOMEM;
++ gnutls_transport_set_errno(ssock->session, ENOMEM);
+ return -1;
+ }
+
@@ -1085,7 +1130,7 @@ index 0000000..7b4b941
+ pj_lock_release(ssock->circ_buf_input_mutex);
+
+ /* Data buffers not yet filled */
-+ errno = PJ_EAGAIN;
++ gnutls_transport_set_errno(ssock->session, EAGAIN);
+ return -1;
+ }
+
@@ -1119,44 +1164,36 @@ index 0000000..7b4b941
+static pj_status_t tls_priorities_set(pj_ssl_sock_t *ssock)
+{
+ char buf[1024];
++ char priority_buf[256];
+ pj_str_t cipher_list;
+ pj_str_t compression = pj_str("COMP-NULL");
+ pj_str_t server = pj_str(":%SERVER_PRECEDENCE");
+ int i, j, ret;
-+ const char *priority;
++ pj_str_t priority;
+ const char *err;
+
+ pj_strset(&cipher_list, buf, 0);
++ pj_strset(&priority, priority_buf, 0);
+
+ /* For each level, enable only the requested protocol */
-+ switch (ssock->param.proto) {
-+ case PJ_SSL_SOCK_PROTO_DEFAULT:
-+ case PJ_SSL_SOCK_PROTO_TLS1:
-+ // set lowest compatibility mode, ask for TLS client hello
-+ if (ssock->param.ciphers_num == 0)
-+ priority = "NORMAL:-VERS-SSL3.0:%LATEST_RECORD_VERSION";
-+ else
-+ priority = "NONE:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:%LATEST_RECORD_VERSION";
-+ break;
-+ case PJ_SSL_SOCK_PROTO_SSL3:
-+ if (ssock->param.ciphers_num == 0)
-+ priority = "NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2";
-+ else
-+ priority = "NONE:+VERS-SSL3.0";
-+ break;
-+ case PJ_SSL_SOCK_PROTO_SSL23:
-+ /* GnuTLS does not support any SSLv2 suite, let's just enable SSLv3
-+ * with maximum compatibility */
-+ if (ssock->param.ciphers_num == 0)
-+ priority = "NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2:%COMPAT";
-+ else
-+ priority = "NONE:+VERS-SSL3.0:%COMPAT";
-+ break;
-+ default:
-+ return PJ_ENOTSUP;
++ pj_strcat2(&priority, "NORMAL:");
++ if (ssock->param.proto & PJ_SSL_SOCK_PROTO_TLS1_2) {
++ pj_strcat2(&priority, "+VERS-TLS1.2:");
+ }
++ if (ssock->param.proto & PJ_SSL_SOCK_PROTO_TLS1_1) {
++ pj_strcat2(&priority, "+VERS-TLS1.1:");
++ }
++ if (ssock->param.proto & PJ_SSL_SOCK_PROTO_TLS1) {
++ pj_strcat2(&priority, "+VERS-TLS1.0:");
++ }
++ if (ssock->param.proto & PJ_SSL_SOCK_PROTO_SSL3) {
++ pj_strcat2(&priority, "+VERS-SSL3.0:");
++ } else {
++ pj_strcat2(&priority, "-VERS-SSL3.0:");
++ }
++ pj_strcat2(&priority, "%LATEST_RECORD_VERSION");
+
-+ pj_strcat2(&cipher_list, priority);
++ pj_strcat(&cipher_list, &priority);
+ for (i = 0; i < ssock->param.ciphers_num; i++) {
+ for (j = 0; ; j++) {
+ pj_ssl_cipher c;
@@ -1269,6 +1306,56 @@ index 0000000..7b4b941
+ return PJ_EINVAL;
+}
+
++#if GNUTLS_VERSION_NUMBER < 0x030306
++
++#ifdef _POSIX_PATH_MAX
++# define GNUTLS_PATH_MAX _POSIX_PATH_MAX
++#else
++# define GNUTLS_PATH_MAX 256
++#endif
++
++static
++int gnutls_certificate_set_x509_trust_dir(gnutls_certificate_credentials_t cred, const char *dirname, unsigned type)
++{
++ DIR *dirp;
++ struct dirent *d;
++ int ret;
++ int r = 0;
++ char path[GNUTLS_PATH_MAX];
++#ifndef _WIN32
++ struct dirent e;
++#endif
++
++ dirp = opendir(dirname);
++ if (dirp != NULL) {
++ do {
++#ifdef _WIN32
++ d = readdir(dirp);
++ if (d != NULL) {
++#else
++ ret = readdir_r(dirp, &e, &d);
++ if (ret == 0 && d != NULL
++#ifdef _DIRENT_HAVE_D_TYPE
++ && (d->d_type == DT_REG || d->d_type == DT_LNK || d->d_type == DT_UNKNOWN)
++#endif
++ ) {
++#endif
++ snprintf(path, sizeof(path), "%s/%s",
++ dirname, d->d_name);
++
++ ret = gnutls_certificate_set_x509_trust_file(cred, path, type);
++ if (ret >= 0)
++ r += ret;
++ }
++ }
++ while (d != NULL);
++ closedir(dirp);
++ }
++
++ return r;
++}
++
++#endif
+
+/* Create and initialize new GnuTLS context and instance */
+static pj_status_t tls_open(pj_ssl_sock_t *ssock)
@@ -1349,6 +1436,17 @@ index 0000000..7b4b941
+ if (ret < 0)
+ goto out;
+ }
++ if (cert->CA_path.slen) {
++ ret = gnutls_certificate_set_x509_trust_dir(ssock->xcred,
++ cert->CA_path.ptr,
++ GNUTLS_X509_FMT_PEM);
++ if (ret < 0)
++ ret = gnutls_certificate_set_x509_trust_dir(ssock->xcred,
++ cert->CA_path.ptr,
++ GNUTLS_X509_FMT_DER);
++ if (ret < 0)
++ goto out;
++ }
+
+ /* Load certificate, key and pass if one is specified */
+ if (cert->cert_file.slen && cert->privkey_file.slen) {
@@ -1461,8 +1559,7 @@ index 0000000..7b4b941
+/* Get certificate info; in case the certificate info is already populated,
+ * this function will check if the contents need updating by inspecting the
+ * issuer and the serial number. */
-+static void tls_cert_get_info(pj_pool_t *pool, pj_ssl_cert_info *ci,
-+ gnutls_x509_crt_t cert)
++static void tls_cert_get_info(pj_pool_t *pool, pj_ssl_cert_info *ci, gnutls_x509_crt_t cert)
+{
+ pj_bool_t update_needed;
+ char buf[512] = { 0 };
@@ -1566,6 +1663,16 @@ index 0000000..7b4b941
+ }
+}
+
++static void tls_cert_get_chain_raw(pj_pool_t *pool, pj_ssl_cert_info *ci, const gnutls_datum_t *certs, size_t certs_num)
++{
++ size_t i=0;
++ ci->raw_chain.cert_raw = pj_pool_calloc(pool, certs_num, sizeof(*ci->raw_chain.cert_raw));
++ ci->raw_chain.cnt = certs_num;
++ for (i=0; i < certs_num; ++i) {
++ const pj_str_t crt_raw = {(const char*)certs[i].data, (pj_ssize_t)certs[i].size};
++ pj_strdup(pool, ci->raw_chain.cert_raw+i, &crt_raw);
++ }
++}
+
+/* Update local & remote certificates info. This function should be
+ * called after handshake or renegotiation successfully completed. */
@@ -1594,8 +1701,7 @@ index 0000000..7b4b941
+ goto us_out;
+
+ tls_cert_get_info(ssock->pool, &ssock->local_cert_info, cert);
-+ const pj_str_t local_crt_raw = {(char*)us->data, (pj_ssize_t)us->size};
-+ pj_strdup(ssock->pool, &ssock->local_cert_info.cert_raw, &local_crt_raw);
++ tls_cert_get_chain_raw(ssock->pool, &ssock->local_cert_info, us, 1);
+
+us_out:
+ tls_last_error = ret;
@@ -1622,8 +1728,7 @@ index 0000000..7b4b941
+ goto peer_out;
+
+ tls_cert_get_info(ssock->pool, &ssock->remote_cert_info, cert);
-+ const pj_str_t remote_crt_raw = {(char*)certs->data, (pj_ssize_t)certs->size};
-+ pj_strdup(ssock->pool, &ssock->remote_cert_info.cert_raw, &remote_crt_raw);
++ tls_cert_get_chain_raw(ssock->pool, &ssock->remote_cert_info, certs, certslen);
+
+peer_out:
+ tls_last_error = ret;
@@ -2424,12 +2529,33 @@ index 0000000..7b4b941
+ const pj_str_t *privkey_pass,
+ pj_ssl_cert_t **p_cert)
+{
++ return pj_ssl_cert_load_from_files2(pool, CA_file, NULL, cert_file,
++ privkey_file, privkey_pass, p_cert);
++}
++
++/* Load credentials from files. */
++PJ_DECL(pj_status_t) pj_ssl_cert_load_from_files2(
++ pj_pool_t *pool,
++ const pj_str_t *CA_file,
++ const pj_str_t *CA_path,
++ const pj_str_t *cert_file,
++ const pj_str_t *privkey_file,
++ const pj_str_t *privkey_pass,
++ pj_ssl_cert_t **p_cert)
++{
+ pj_ssl_cert_t *cert;
+
-+ PJ_ASSERT_RETURN(pool && CA_file && cert_file && privkey_file, PJ_EINVAL);
++ PJ_ASSERT_RETURN(pool && (CA_file || CA_path) && cert_file &&
++ privkey_file,
++ PJ_EINVAL);
+
+ cert = PJ_POOL_ZALLOC_T(pool, pj_ssl_cert_t);
-+ pj_strdup_with_null(pool, &cert->CA_file, CA_file);
++ if (CA_file) {
++ pj_strdup_with_null(pool, &cert->CA_file, CA_file);
++ }
++ if (CA_path) {
++ pj_strdup_with_null(pool, &cert->CA_path, CA_path);
++ }
+ pj_strdup_with_null(pool, &cert->cert_file, cert_file);
+ pj_strdup_with_null(pool, &cert->privkey_file, privkey_file);
+ pj_strdup_with_null(pool, &cert->privkey_pass, privkey_pass);
@@ -2439,7 +2565,6 @@ index 0000000..7b4b941
+ return PJ_SUCCESS;
+}
+
-+
+/* Store credentials. */
+PJ_DECL(pj_status_t) pj_ssl_sock_set_certificate(pj_ssl_sock_t *ssock,
+ pj_pool_t *pool,
@@ -2452,6 +2577,7 @@ index 0000000..7b4b941
+ cert_ = PJ_POOL_ZALLOC_T(pool, pj_ssl_cert_t);
+ pj_memcpy(cert_, cert, sizeof(cert));
+ pj_strdup_with_null(pool, &cert_->CA_file, &cert->CA_file);
++ pj_strdup_with_null(pool, &cert_->CA_path, &cert->CA_path);
+ pj_strdup_with_null(pool, &cert_->cert_file, &cert->cert_file);
+ pj_strdup_with_null(pool, &cert_->privkey_file, &cert->privkey_file);
+ pj_strdup_with_null(pool, &cert_->privkey_pass, &cert->privkey_pass);
@@ -3236,7 +3362,7 @@ index 0000000..7b4b941
+
+#endif /* PJ_HAS_SSL_SOCK */
diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
-index ba4ae0b..98bbfee 100644
+index 513d754..d1db3f0 100644
--- a/pjlib/src/pj/ssl_sock_ossl.c
+++ b/pjlib/src/pj/ssl_sock_ossl.c
@@ -31,8 +31,10 @@
@@ -3252,6 +3378,3 @@ index ba4ae0b..98bbfee 100644
#define THIS_FILE "ssl_sock_ossl.c"
---
-1.9.3
-
diff --git a/contrib/src/pjproject/rules.mak b/contrib/src/pjproject/rules.mak
index a401cee89835ddd9aae46df767e49c72db25f43e..698f92b6df43328d08207e658579322fc94d451e 100644
--- a/contrib/src/pjproject/rules.mak
+++ b/contrib/src/pjproject/rules.mak
@@ -1,5 +1,5 @@
# PJPROJECT
-PJPROJECT_VERSION := 2.2.1
+PJPROJECT_VERSION := 2.4
PJPROJECT_URL := http://www.pjsip.org/release/$(PJPROJECT_VERSION)/pjproject-$(PJPROJECT_VERSION).tar.bz2
PJPROJECT_OPTIONS := --disable-oss \
@@ -54,10 +54,7 @@ ifdef HAVE_WIN32
$(APPLY) $(SRC)/pjproject/pj_win.patch
endif
$(APPLY) $(SRC)/pjproject/errno.patch
- $(APPLY) $(SRC)/pjproject/aconfigureupdate.patch
$(APPLY) $(SRC)/pjproject/endianness.patch
- $(APPLY) $(SRC)/pjproject/unknowncipher.patch
- $(APPLY) $(SRC)/pjproject/tls_cert.patch
$(APPLY) $(SRC)/pjproject/gnutls.patch
$(APPLY) $(SRC)/pjproject/notestsapps.patch
$(APPLY) $(SRC)/pjproject/ipv6.patch
diff --git a/contrib/src/pjproject/tls_cert.patch b/contrib/src/pjproject/tls_cert.patch
deleted file mode 100644
index f030b42319038dedb636db7a608f30c5595d3dbd..0000000000000000000000000000000000000000
--- a/contrib/src/pjproject/tls_cert.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- a/pjlib/include/pj/ssl_sock.h
-+++ b/pjlib/include/pj/ssl_sock.h
-@@ -181,6 +181,8 @@ typedef struct pj_ssl_cert_info {
- } subj_alt_name; /**< Subject alternative
- name extension */
-
-+ pj_str_t cert_raw;
-+
- } pj_ssl_cert_info;
-
diff --git a/contrib/src/pjproject/unknowncipher.patch b/contrib/src/pjproject/unknowncipher.patch
deleted file mode 100644
index b9e86ec753dabf0b6ce51adc59b6fc4bc40038a2..0000000000000000000000000000000000000000
--- a/contrib/src/pjproject/unknowncipher.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/pjlib/include/pj/ssl_sock.h 2013-04-26 02:01:43.000000000 -0400
-+++ b/pjlib/include/pj/ssl_sock.h 2014-06-16 18:31:58.464991714 -0400
-@@ -243,6 +243,9 @@
- */
- typedef enum pj_ssl_cipher {
-
-+ /* Unsupported cipher */
-+ PJ_TLS_UNKNOWN_CIPHER = -1,
-+
- /* NULL */
- PJ_TLS_NULL_WITH_NULL_NULL = 0x00000000,
-
diff --git a/src/ringdht/sips_transport_ice.cpp b/src/ringdht/sips_transport_ice.cpp
index cbbf482071daaa15f5c852590228c3c5a4567744..0f8e546a3c4ec9c17b0b9586450981b3ccfe8eed 100644
--- a/src/ringdht/sips_transport_ice.cpp
+++ b/src/ringdht/sips_transport_ice.cpp
@@ -372,7 +372,7 @@ SipsIceTransport::certGetCn(const pj_str_t* gen_name, pj_str_t* cn)
* issuer and the serial number. */
void
SipsIceTransport::certGetInfo(pj_pool_t* pool, pj_ssl_cert_info* ci,
- const gnutls_datum_t& crt_raw)
+ const gnutls_datum_t* crt_raw, size_t crt_raw_num)
{
char buf[512] = { 0 };
size_t bufsize = sizeof(buf);
@@ -382,9 +382,9 @@ SipsIceTransport::certGetInfo(pj_pool_t* pool, pj_ssl_cert_info* ci,
int i, ret, seq = 0;
pj_ssl_cert_name_type type;
- pj_assert(pool && ci && crt_raw.data);
+ pj_assert(pool && ci && crt_raw);
- dht::crypto::Certificate crt(Blob(crt_raw.data, crt_raw.data + crt_raw.size));
+ dht::crypto::Certificate crt(Blob(crt_raw[0].data, crt_raw[0].data + crt_raw[0].size));
/* Get issuer */
gnutls_x509_crt_get_issuer_dn(crt.cert, buf, &bufsize);
@@ -401,8 +401,12 @@ SipsIceTransport::certGetInfo(pj_pool_t* pool, pj_ssl_cert_info* ci,
std::memset(ci, 0, sizeof(pj_ssl_cert_info));
/* Full raw certificate */
- const pj_str_t raw_crt_pjstr {(char*)crt_raw.data, (long int) crt_raw.size};
- pj_strdup(pool, &ci->cert_raw, &raw_crt_pjstr);
+ ci->raw_chain.cert_raw = (pj_str_t*)pj_pool_calloc(pool, crt_raw_num, sizeof(*ci->raw_chain.cert_raw));
+ ci->raw_chain.cnt = crt_raw_num;
+ for (size_t i=0; i < crt_raw_num; ++i) {
+ const pj_str_t cert = {(char*)crt_raw[i].data, (pj_ssize_t)crt_raw[i].size};
+ pj_strdup(pool, ci->raw_chain.cert_raw+i, &cert);
+ }
/* Version */
ci->version = gnutls_x509_crt_get_version(crt.cert);
@@ -485,13 +489,13 @@ SipsIceTransport::certUpdate()
{
/* Get active local certificate */
if(const auto local_raw = gnutls_certificate_get_ours(session_))
- certGetInfo(pool_.get(), &localCertInfo_, *local_raw);
+ certGetInfo(pool_.get(), &localCertInfo_, local_raw, 1);
else
std::memset(&localCertInfo_, 0, sizeof(pj_ssl_cert_info));
unsigned int certslen = 0;
if (const auto remote_raw = gnutls_certificate_get_peers(session_, &certslen))
- certGetInfo(pool_.get(), &remoteCertInfo_, *remote_raw);
+ certGetInfo(pool_.get(), &remoteCertInfo_, remote_raw, certslen);
else
std::memset(&remoteCertInfo_, 0, sizeof(pj_ssl_cert_info));
}
diff --git a/src/ringdht/sips_transport_ice.h b/src/ringdht/sips_transport_ice.h
index f6d5af410d26e2e9ac301526631fac11266bddf7..b161944bd01a1bf6663134a0af4504089a3e4f51 100644
--- a/src/ringdht/sips_transport_ice.h
+++ b/src/ringdht/sips_transport_ice.h
@@ -188,7 +188,7 @@ private:
pj_status_t tryHandshake();
void certGetCn(const pj_str_t* gen_name, pj_str_t* cn);
- void certGetInfo(pj_pool_t* pool, pj_ssl_cert_info* ci, const gnutls_datum_t& cert);
+ void certGetInfo(pj_pool_t* pool, pj_ssl_cert_info* ci, const gnutls_datum_t* cert, size_t crt_raw_num);
void certUpdate();
bool onHandshakeComplete(pj_status_t status);
int verifyCertificate();
diff --git a/src/sip/siptransport.cpp b/src/sip/siptransport.cpp
index 7b0fe75a702e1cced639bf843859bbe263c5ae6f..82c61e47687e7ec2d08e900516d8e24c8586861a 100644
--- a/src/sip/siptransport.cpp
+++ b/src/sip/siptransport.cpp
@@ -136,10 +136,11 @@ SipTransport::stateCallback(pjsip_transport_state state,
auto extInfo = static_cast<const pjsip_tls_state_info*>(info->ext_info);
if (isSecure() && extInfo && extInfo->ssl_sock_info && extInfo->ssl_sock_info->established) {
auto tlsInfo = extInfo->ssl_sock_info;
- tlsInfos_.proto = tlsInfo->proto;
+ tlsInfos_.proto = (pj_ssl_sock_proto)tlsInfo->proto;
tlsInfos_.cipher = tlsInfo->cipher;
tlsInfos_.verifyStatus = (pj_ssl_cert_verify_flag_t)tlsInfo->verify_status;
- const auto& peer_crt = tlsInfo->remote_cert_info->cert_raw;
+ const auto& peers = tlsInfo->remote_cert_info->raw_chain;
+ const auto& peer_crt = peers.cert_raw[0];
if (peer_crt.ptr && peer_crt.slen)
tlsInfos_.peerCert = {std::vector<uint8_t>(peer_crt.ptr, peer_crt.ptr + peer_crt.slen)};
else