Revert of Removing #defines previously used for building without BoringSSL/OpenSSL. (patchset #2 id:20001 of https://codereview.webrtc.org/2640513002/ )

Reason for revert:
Broke chromium build, due to a config being removed. Will add it back and remove the dependency in a chromium CL.

Original issue's description:
> Removing #defines previously used for building without BoringSSL/OpenSSL.
>
> These defines don't work any more, so they only cause confusion:
>
> FEATURE_ENABLE_SSL
> HAVE_OPENSSL_SSL_H
> SSL_USE_OPENSSL
>
> BUG=webrtc:7025
>
> Review-Url: https://codereview.webrtc.org/2640513002
> Cr-Commit-Position: refs/heads/master@{#16196}
> Committed: eaa826c2ee

TBR=kjellander@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:7025

Review-Url: https://codereview.webrtc.org/2648003003
Cr-Commit-Position: refs/heads/master@{#16197}

webrtc/BUILD.gn

@@ -30,6 +30,7 @@ config("common_inherited_config") {
     defines = [
       # TODO(kjellander): Cleanup unused ones and move defines closer to
       # the source when webrtc:4256 is completed.
+      "FEATURE_ENABLE_SSL",
       "FEATURE_ENABLE_VOICEMAIL",
       "EXPAT_RELATIVE_PATH",
       "GTEST_RELATIVE_PATH",
@@ -131,10 +132,12 @@ config("common_config") {
       # targets, there's no point including the defines in that config here.
       # TODO(kjellander): Cleanup unused ones and move defines closer to the
       # source when webrtc:4256 is completed.
+      "HAVE_OPENSSL_SSL_H",
       "HAVE_SRTP",
       "HAVE_WEBRTC_VIDEO",
       "HAVE_WEBRTC_VOICE",
       "LOGGING_INSIDE_WEBRTC",
+      "SSL_USE_OPENSSL",
       "USE_WEBRTC_DEV_BRANCH",
     ]
   } else {

webrtc/api/peerconnection_unittest.cc

@@ -46,6 +46,12 @@
 #include "webrtc/p2p/client/basicportallocator.h"
 #include "webrtc/pc/mediasession.h"
 
+#define MAYBE_SKIP_TEST(feature)                    \
+  if (!(feature())) {                               \
+    LOG(LS_INFO) << "Feature disabled... skipping"; \
+    return;                                         \
+  }
+
 using cricket::ContentInfo;
 using cricket::FakeWebRtcVideoDecoder;
 using cricket::FakeWebRtcVideoDecoderFactory;
@@ -217,7 +223,8 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
       rtc::Thread* network_thread,
       rtc::Thread* worker_thread) {
     std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
-        new FakeRTCCertificateGenerator());
+        rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+            new FakeRTCCertificateGenerator() : nullptr);
 
     return CreateClientWithDtlsIdentityStore(id, constraints, options, config,
                                              std::move(cert_generator), true,
@@ -230,7 +237,8 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
       rtc::Thread* network_thread,
       rtc::Thread* worker_thread) {
     std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
-        new FakeRTCCertificateGenerator());
+        rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+            new FakeRTCCertificateGenerator() : nullptr);
 
     return CreateClientWithDtlsIdentityStore(id, nullptr, options, nullptr,
                                              std::move(cert_generator), false,
@@ -1464,6 +1472,7 @@ class P2PTestConductor : public testing::Test {
   }
 
   void SetupAndVerifyDtlsCall() {
+    MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
     FakeConstraints setup_constraints;
     setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
                                    true);
@@ -1488,7 +1497,8 @@ class P2PTestConductor : public testing::Test {
     rtc_config.set_cpu_adaptation(false);
 
     std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
-        new FakeRTCCertificateGenerator());
+        rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+            new FakeRTCCertificateGenerator() : nullptr);
     cert_generator->use_alternate_key();
 
     // Make sure the new client is using a different certificate.
@@ -1684,6 +1694,7 @@ TEST_F(P2PTestConductor, OneWayMediaCallWithoutConstraints) {
 // This test sets up a audio call initially and then upgrades to audio/video,
 // using DTLS.
 TEST_F(P2PTestConductor, LocalP2PTestDtlsRenegotiate) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   FakeConstraints setup_constraints;
   setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
                                  true);
@@ -1697,6 +1708,7 @@ TEST_F(P2PTestConductor, LocalP2PTestDtlsRenegotiate) {
 // This test sets up a call transfer to a new caller with a different DTLS
 // fingerprint.
 TEST_F(P2PTestConductor, LocalP2PTestDtlsTransferCallee) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   SetupAndVerifyDtlsCall();
 
   // Keeping the original peer around which will still send packets to the
@@ -1715,6 +1727,7 @@ TEST_F(P2PTestConductor, LocalP2PTestDtlsTransferCallee) {
 // bundle is in effect in the restart, the channel can successfully reset its
 // DTLS-SRTP context.
 TEST_F(P2PTestConductor, LocalP2PTestDtlsBundleInIceRestart) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   FakeConstraints setup_constraints;
   setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
                                  true);
@@ -1733,6 +1746,7 @@ TEST_F(P2PTestConductor, LocalP2PTestDtlsBundleInIceRestart) {
 // This test sets up a call transfer to a new callee with a different DTLS
 // fingerprint.
 TEST_F(P2PTestConductor, LocalP2PTestDtlsTransferCaller) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   SetupAndVerifyDtlsCall();
 
   // Keeping the original peer around which will still send packets to the
@@ -1766,6 +1780,7 @@ TEST_F(P2PTestConductor, LocalP2PTestReceiverDoesntSupportCVO) {
 // DTLS key agreement. The offerer don't support SDES. As a result, DTLS is
 // negotiated and used for transport.
 TEST_F(P2PTestConductor, LocalP2PTestOfferDtlsButNotSdes) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   FakeConstraints setup_constraints;
   setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
                                  true);
@@ -2242,6 +2257,7 @@ TEST_F(P2PTestConductor, AddDataChannelAfterRenegotiation) {
 // negotiation is completed without error.
 #ifdef HAVE_SCTP
 TEST_F(P2PTestConductor, CreateOfferWithSctpDataChannel) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   FakeConstraints constraints;
   constraints.SetMandatory(
       MediaConstraintsInterface::kEnableDtlsSrtp, true);

webrtc/api/peerconnectionendtoend_unittest.cc

@@ -24,6 +24,12 @@
 #include "webrtc/base/stringencode.h"
 #include "webrtc/base/stringutils.h"
 
+#define MAYBE_SKIP_TEST(feature)                    \
+  if (!(feature())) {                               \
+    LOG(LS_INFO) << "Feature disabled... skipping"; \
+    return;                                         \
+  }
+
 using webrtc::DataChannelInterface;
 using webrtc::FakeConstraints;
 using webrtc::MediaConstraintsInterface;
@@ -192,6 +198,8 @@ TEST_F(PeerConnectionEndToEndTest, CallWithLegacySdp) {
 // Verifies that a DataChannel created before the negotiation can transition to
 // "OPEN" and transfer data.
 TEST_F(PeerConnectionEndToEndTest, CreateDataChannelBeforeNegotiate) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
   CreatePcs();
 
   webrtc::DataChannelInit init;
@@ -216,6 +224,8 @@ TEST_F(PeerConnectionEndToEndTest, CreateDataChannelBeforeNegotiate) {
 // Verifies that a DataChannel created after the negotiation can transition to
 // "OPEN" and transfer data.
 TEST_F(PeerConnectionEndToEndTest, CreateDataChannelAfterNegotiate) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
   CreatePcs();
 
   webrtc::DataChannelInit init;
@@ -247,6 +257,8 @@ TEST_F(PeerConnectionEndToEndTest, CreateDataChannelAfterNegotiate) {
 
 // Verifies that DataChannel IDs are even/odd based on the DTLS roles.
 TEST_F(PeerConnectionEndToEndTest, DataChannelIdAssignment) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
   CreatePcs();
 
   webrtc::DataChannelInit init;
@@ -274,6 +286,8 @@ TEST_F(PeerConnectionEndToEndTest, DataChannelIdAssignment) {
 // there are multiple DataChannels.
 TEST_F(PeerConnectionEndToEndTest,
        MessageTransferBetweenTwoPairsOfDataChannels) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
   CreatePcs();
 
   webrtc::DataChannelInit init;
@@ -395,6 +409,8 @@ TEST_F(PeerConnectionEndToEndTest, MessageTransferBetweenQuicDataChannels) {
 // See: https://bugs.chromium.org/p/webrtc/issues/detail?id=4453
 TEST_F(PeerConnectionEndToEndTest,
        DISABLED_DataChannelFromOpenWorksAfterClose) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
   CreatePcs();
 
   webrtc::DataChannelInit init;
@@ -421,6 +437,8 @@ TEST_F(PeerConnectionEndToEndTest,
 // reference count), no memory access violation will occur.
 // See: https://code.google.com/p/chromium/issues/detail?id=565048
 TEST_F(PeerConnectionEndToEndTest, CloseDataChannelRemotelyWhileNotReferenced) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
   CreatePcs();
 
   webrtc::DataChannelInit init;

webrtc/api/peerconnectioninterface_unittest.cc

@@ -293,6 +293,12 @@ static const char kSdpStringMs1Video1[] =
     "a=ssrc:4 cname:stream1\r\n"
     "a=ssrc:4 msid:stream1 videotrack1\r\n";
 
+#define MAYBE_SKIP_TEST(feature)                    \
+  if (!(feature())) {                               \
+    LOG(LS_INFO) << "Feature disabled... skipping"; \
+    return;                                         \
+  }
+
 using ::testing::Exactly;
 using cricket::StreamParams;
 using webrtc::AudioSourceInterface;
@@ -2036,6 +2042,7 @@ TEST_F(PeerConnectionInterfaceTest, TestRejectDataChannelInAnswer) {
 // FireFox, use it as a remote session description, generate an answer and use
 // the answer as a local description.
 TEST_F(PeerConnectionInterfaceTest, ReceiveFireFoxOffer) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   FakeConstraints constraints;
   constraints.AddMandatory(webrtc::MediaConstraintsInterface::kEnableDtlsSrtp,
                            true);

webrtc/api/test/peerconnectiontestwrapper.cc

@@ -76,7 +76,8 @@ bool PeerConnectionTestWrapper::CreatePc(
   }
 
   std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator(
-      new FakeRTCCertificateGenerator());
+      rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeRTCCertificateGenerator()
+                                            : nullptr);
   peer_connection_ = peer_connection_factory_->CreatePeerConnection(
       config, constraints, std::move(port_allocator), std::move(cert_generator),
       this);

webrtc/api/webrtcsession_unittest.cc

@@ -50,6 +50,12 @@
 #include "webrtc/pc/channelmanager.h"
 #include "webrtc/pc/mediasession.h"
 
+#define MAYBE_SKIP_TEST(feature)                    \
+  if (!(feature())) {                               \
+    LOG(LS_INFO) << "Feature disabled... skipping"; \
+    return;                                         \
+  }
+
 using cricket::FakeVoiceMediaChannel;
 using cricket::TransportInfo;
 using rtc::SocketAddress;
@@ -1844,6 +1850,7 @@ TEST_F(WebRtcSessionTest, TestSetRemoteNonSdesAnswerWhenSdesOn) {
 // Test that we accept an offer with a DTLS fingerprint when DTLS is on
 // and that we return an answer with a DTLS fingerprint.
 TEST_P(WebRtcSessionTest, TestReceiveDtlsOfferCreateDtlsAnswer) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   SendAudioVideoStream1();
   InitWithDtls(GetParam());
   SetFactoryDtlsSrtp();
@@ -1872,6 +1879,7 @@ TEST_P(WebRtcSessionTest, TestReceiveDtlsOfferCreateDtlsAnswer) {
 // Test that we set a local offer with a DTLS fingerprint when DTLS is on
 // and then we accept a remote answer with a DTLS fingerprint successfully.
 TEST_P(WebRtcSessionTest, TestCreateDtlsOfferReceiveDtlsAnswer) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   SendAudioVideoStream1();
   InitWithDtls(GetParam());
   SetFactoryDtlsSrtp();
@@ -1901,6 +1909,7 @@ TEST_P(WebRtcSessionTest, TestCreateDtlsOfferReceiveDtlsAnswer) {
 // Test that if we support DTLS and the other side didn't offer a fingerprint,
 // we will fail to set the remote description.
 TEST_P(WebRtcSessionTest, TestReceiveNonDtlsOfferWhenDtlsOn) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtls(GetParam());
   cricket::MediaSessionOptions options;
   options.recv_video = true;
@@ -1924,6 +1933,7 @@ TEST_P(WebRtcSessionTest, TestReceiveNonDtlsOfferWhenDtlsOn) {
 // Test that we return a failure when applying a local answer that doesn't have
 // a DTLS fingerprint when DTLS is required.
 TEST_P(WebRtcSessionTest, TestSetLocalNonDtlsAnswerWhenDtlsOn) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtls(GetParam());
   SessionDescriptionInterface* offer = NULL;
   SessionDescriptionInterface* answer = NULL;
@@ -1939,6 +1949,7 @@ TEST_P(WebRtcSessionTest, TestSetLocalNonDtlsAnswerWhenDtlsOn) {
 // Test that we return a failure when applying a remote answer that doesn't have
 // a DTLS fingerprint when DTLS is required.
 TEST_P(WebRtcSessionTest, TestSetRemoteNonDtlsAnswerWhenDtlsOn) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtls(GetParam());
   SessionDescriptionInterface* offer = CreateOffer();
   cricket::MediaSessionOptions options;
@@ -3915,6 +3926,8 @@ TEST_F(WebRtcSessionTest, TestRtpDataChannel) {
 }
 
 TEST_P(WebRtcSessionTest, TestRtpDataChannelConstraintTakesPrecedence) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
   configuration_.enable_rtp_data_channel = true;
   options_.disable_sctp_data_channels = false;
 
@@ -3927,6 +3940,7 @@ TEST_P(WebRtcSessionTest, TestRtpDataChannelConstraintTakesPrecedence) {
 // Test that sctp_content_name/sctp_transport_name (used for stats) are correct
 // before and after BUNDLE is negotiated.
 TEST_P(WebRtcSessionTest, SctpContentAndTransportName) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   SetFactoryDtlsSrtp();
   InitWithDtls(GetParam());
 
@@ -3960,6 +3974,8 @@ TEST_P(WebRtcSessionTest, SctpContentAndTransportName) {
 }
 
 TEST_P(WebRtcSessionTest, TestCreateOfferWithSctpEnabledWithoutStreams) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
   InitWithDtls(GetParam());
 
   std::unique_ptr<SessionDescriptionInterface> offer(CreateOffer());
@@ -3968,6 +3984,7 @@ TEST_P(WebRtcSessionTest, TestCreateOfferWithSctpEnabledWithoutStreams) {
 }
 
 TEST_P(WebRtcSessionTest, TestCreateAnswerWithSctpInOfferAndNoStreams) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   SetFactoryDtlsSrtp();
   InitWithDtls(GetParam());
 
@@ -3999,6 +4016,8 @@ TEST_P(WebRtcSessionTest, TestSctpDataChannelWithoutDtls) {
 // Test that if DTLS is enabled, we end up with an SctpTransport created
 // (and not an RtpDataChannel).
 TEST_P(WebRtcSessionTest, TestSctpDataChannelWithDtls) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
   InitWithDtls(GetParam());
 
   SetLocalDescriptionWithDataChannel();
@@ -4009,6 +4028,7 @@ TEST_P(WebRtcSessionTest, TestSctpDataChannelWithDtls) {
 // Test that if SCTP is disabled, we don't end up with an SctpTransport
 // created (or an RtpDataChannel).
 TEST_P(WebRtcSessionTest, TestDisableSctpDataChannels) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   options_.disable_sctp_data_channels = true;
   InitWithDtls(GetParam());
 
@@ -4018,6 +4038,7 @@ TEST_P(WebRtcSessionTest, TestDisableSctpDataChannels) {
 }
 
 TEST_P(WebRtcSessionTest, TestSctpDataChannelSendPortParsing) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   const int new_send_port = 9998;
   const int new_recv_port = 7775;
 
@@ -4059,6 +4080,8 @@ TEST_P(WebRtcSessionTest, TestSctpDataChannelSendPortParsing) {
 // WebRtcSession signals the SctpTransport creation request with the expected
 // config.
 TEST_P(WebRtcSessionTest, TestSctpDataChannelOpenMessage) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
   InitWithDtls(GetParam());
 
   SetLocalDescriptionWithDataChannel();
@@ -4098,6 +4121,7 @@ TEST_P(WebRtcSessionTest, TestUsesProvidedCertificate) {
 // identity generation is finished (even if a certificate is provided this is
 // an async op).
 TEST_P(WebRtcSessionTest, TestCreateOfferBeforeIdentityRequestReturnSuccess) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtls(GetParam());
 
   EXPECT_TRUE(session_->waiting_for_certificate_for_testing());
@@ -4113,6 +4137,7 @@ TEST_P(WebRtcSessionTest, TestCreateOfferBeforeIdentityRequestReturnSuccess) {
 // identity generation is finished (even if a certificate is provided this is
 // an async op).
 TEST_P(WebRtcSessionTest, TestCreateAnswerBeforeIdentityRequestReturnSuccess) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtls(GetParam());
   SetFactoryDtlsSrtp();
 
@@ -4133,6 +4158,7 @@ TEST_P(WebRtcSessionTest, TestCreateAnswerBeforeIdentityRequestReturnSuccess) {
 // identity generation is finished (even if a certificate is provided this is
 // an async op).
 TEST_P(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnSuccess) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtls(GetParam());
 
   EXPECT_TRUE_WAIT(!session_->waiting_for_certificate_for_testing(), 1000);
@@ -4144,6 +4170,7 @@ TEST_P(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnSuccess) {
 // Verifies that CreateOffer fails when CreateOffer is called after async
 // identity generation fails.
 TEST_F(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnFailure) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtlsIdentityGenFail();
 
   EXPECT_TRUE_WAIT(!session_->waiting_for_certificate_for_testing(), 1000);
@@ -4156,6 +4183,7 @@ TEST_F(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnFailure) {
 // before async identity generation is finished.
 TEST_P(WebRtcSessionTest,
        TestMultipleCreateOfferBeforeIdentityRequestReturnSuccess) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   VerifyMultipleAsyncCreateDescription(GetParam(),
                                        CreateSessionDescriptionRequest::kOffer);
 }
@@ -4164,6 +4192,7 @@ TEST_P(WebRtcSessionTest,
 // before async identity generation fails.
 TEST_F(WebRtcSessionTest,
        TestMultipleCreateOfferBeforeIdentityRequestReturnFailure) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   VerifyMultipleAsyncCreateDescriptionIdentityGenFailure(
       CreateSessionDescriptionRequest::kOffer);
 }
@@ -4172,6 +4201,7 @@ TEST_F(WebRtcSessionTest,
 // before async identity generation is finished.
 TEST_P(WebRtcSessionTest,
        TestMultipleCreateAnswerBeforeIdentityRequestReturnSuccess) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   VerifyMultipleAsyncCreateDescription(
       GetParam(), CreateSessionDescriptionRequest::kAnswer);
 }
@@ -4180,6 +4210,7 @@ TEST_P(WebRtcSessionTest,
 // before async identity generation fails.
 TEST_F(WebRtcSessionTest,
        TestMultipleCreateAnswerBeforeIdentityRequestReturnFailure) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   VerifyMultipleAsyncCreateDescriptionIdentityGenFailure(
       CreateSessionDescriptionRequest::kAnswer);
 }
@@ -4223,6 +4254,7 @@ TEST_F(WebRtcSessionTest, TestCombinedAudioVideoBweConstraint) {
 // Tests that we can renegotiate new media content with ICE candidates in the
 // new remote SDP.
 TEST_P(WebRtcSessionTest, TestRenegotiateNewMediaWithCandidatesInSdp) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtls(GetParam());
   SetFactoryDtlsSrtp();
 
@@ -4252,6 +4284,7 @@ TEST_P(WebRtcSessionTest, TestRenegotiateNewMediaWithCandidatesInSdp) {
 // Tests that we can renegotiate new media content with ICE candidates separated
 // from the remote SDP.
 TEST_P(WebRtcSessionTest, TestRenegotiateNewMediaWithCandidatesSeparated) {
+  MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtls(GetParam());
   SetFactoryDtlsSrtp();
 

webrtc/base/BUILD.gn

@@ -35,10 +35,21 @@ config("rtc_base_approved_all_dependent_config") {
   }
 }
 
+config("rtc_base_config") {
+  defines = [ "FEATURE_ENABLE_SSL" ]
+}
+
 config("rtc_base_chromium_config") {
   defines = [ "NO_MAIN_THREAD_WRAPPING" ]
 }
 
+config("openssl_config") {
+  defines = [
+    "SSL_USE_OPENSSL",
+    "HAVE_OPENSSL_SSL_H",
+  ]
+}
+
 config("rtc_base_all_dependent_config") {
   if (is_ios) {
     libs = [
@@ -360,6 +371,16 @@ rtc_static_library("rtc_base") {
     ":rtc_base_approved",
   ]
 
+  configs += [
+    ":openssl_config",
+    ":rtc_base_config",
+  ]
+
+  public_configs = [
+    ":openssl_config",
+    ":rtc_base_config",
+  ]
+
   all_dependent_configs = [ ":rtc_base_all_dependent_config" ]
 
   sources = [
@@ -516,6 +537,7 @@ rtc_static_library("rtc_base") {
       "proxyserver.h",
       "rollingaccumulator.h",
       "scopedptrcollection.h",
+      "sslconfig.h",
       "sslroots.h",
       "testbase64.h",
       "testclient.cc",

webrtc/base/helpers.cc

@@ -13,7 +13,18 @@
 #include <limits>
 #include <memory>
 
+#if defined(FEATURE_ENABLE_SSL)
+#include "webrtc/base/sslconfig.h"
+#if defined(SSL_USE_OPENSSL)
 #include <openssl/rand.h>
+#else
+#if defined(WEBRTC_WIN)
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#include <ntsecapi.h>
+#endif  // WEBRTC_WIN
+#endif  // else
+#endif  // FEATURE_ENABLED_SSL
 
 #include "webrtc/base/base64.h"
 #include "webrtc/base/basictypes.h"
@@ -34,6 +45,7 @@ class RandomGenerator {
   virtual bool Generate(void* buf, size_t len) = 0;
 };
 
+#if defined(SSL_USE_OPENSSL)
 // The OpenSSL RNG.
 class SecureRandomGenerator : public RandomGenerator {
  public:
@@ -45,6 +57,79 @@ class SecureRandomGenerator : public RandomGenerator {
   }
 };
 
+#else
+#if defined(WEBRTC_WIN)
+class SecureRandomGenerator : public RandomGenerator {
+ public:
+  SecureRandomGenerator() : advapi32_(NULL), rtl_gen_random_(NULL) {}
+  ~SecureRandomGenerator() {
+    FreeLibrary(advapi32_);
+  }
+
+  virtual bool Init(const void* seed, size_t seed_len) {
+    // We don't do any additional seeding on Win32, we just use the CryptoAPI
+    // RNG (which is exposed as a hidden function off of ADVAPI32 so that we
+    // don't need to drag in all of CryptoAPI)
+    if (rtl_gen_random_) {
+      return true;
+    }
+
+    advapi32_ = LoadLibrary(L"advapi32.dll");
+    if (!advapi32_) {
+      return false;
+    }
+
+    rtl_gen_random_ = reinterpret_cast<RtlGenRandomProc>(
+        GetProcAddress(advapi32_, "SystemFunction036"));
+    if (!rtl_gen_random_) {
+      FreeLibrary(advapi32_);
+      return false;
+    }
+
+    return true;
+  }
+  virtual bool Generate(void* buf, size_t len) {
+    if (!rtl_gen_random_ && !Init(NULL, 0)) {
+      return false;
+    }
+    return (rtl_gen_random_(buf, static_cast<int>(len)) != FALSE);
+  }
+
+ private:
+  typedef BOOL (WINAPI *RtlGenRandomProc)(PVOID, ULONG);
+  HINSTANCE advapi32_;
+  RtlGenRandomProc rtl_gen_random_;
+};
+
+#elif !defined(FEATURE_ENABLE_SSL)
+
+// No SSL implementation -- use rand()
+class SecureRandomGenerator : public RandomGenerator {
+ public:
+  virtual bool Init(const void* seed, size_t len) {
+    if (len >= 4) {
+      srand(*reinterpret_cast<const int*>(seed));
+    } else {
+      srand(*reinterpret_cast<const char*>(seed));
+    }
+    return true;
+  }
+  virtual bool Generate(void* buf, size_t len) {
+    char* bytes = reinterpret_cast<char*>(buf);
+    for (size_t i = 0; i < len; ++i) {
+      bytes[i] = static_cast<char>(rand());
+    }
+    return true;
+  }
+};
+
+#else
+
+#error No SSL implementation has been selected!
+
+#endif  // WEBRTC_WIN
+#endif
+
 // A test random generator, for predictable output.
 class TestRandomGenerator : public RandomGenerator {
  public:

webrtc/base/messagedigest.cc

@@ -15,7 +15,13 @@
 #include <string.h>
 
 #include "webrtc/base/basictypes.h"
+#include "webrtc/base/sslconfig.h"
+#if SSL_USE_OPENSSL
 #include "webrtc/base/openssldigest.h"
+#else
+#include "webrtc/base/md5digest.h"
+#include "webrtc/base/sha1digest.h"
+#endif
 #include "webrtc/base/stringencode.h"
 
 namespace rtc {
@@ -31,12 +37,22 @@ const char DIGEST_SHA_512[] = "sha-512";
 static const size_t kBlockSize = 64;  // valid for SHA-256 and down
 
 MessageDigest* MessageDigestFactory::Create(const std::string& alg) {
+#if SSL_USE_OPENSSL
   MessageDigest* digest = new OpenSSLDigest(alg);
   if (digest->Size() == 0) {  // invalid algorithm
     delete digest;
     digest = NULL;
   }
   return digest;
+#else
+  MessageDigest* digest = NULL;
+  if (alg == DIGEST_MD5) {
+    digest = new Md5Digest();
+  } else if (alg == DIGEST_SHA_1) {
+    digest = new Sha1Digest();
+  }
+  return digest;
+#endif
 }
 
 bool IsFips180DigestAlgorithm(const std::string& alg) {

webrtc/base/openssladapter.cc

@@ -8,6 +8,8 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
+#if HAVE_OPENSSL_SSL_H
+
 #include "webrtc/base/openssladapter.h"
 
 #if defined(WEBRTC_POSIX)
@@ -963,3 +965,5 @@ OpenSSLAdapter::SetupSSLContext() {
 }
 
 } // namespace rtc
+
+#endif  // HAVE_OPENSSL_SSL_H

webrtc/base/openssldigest.cc

@@ -8,6 +8,8 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
+#if HAVE_OPENSSL_SSL_H
+
 #include "webrtc/base/openssldigest.h"
 
 #include "webrtc/base/checks.h"
@@ -116,3 +118,5 @@ bool OpenSSLDigest::GetDigestSize(const std::string& algorithm,
 }
 
 }  // namespace rtc
+
+#endif  // HAVE_OPENSSL_SSL_H

webrtc/base/opensslidentity.cc

@@ -8,6 +8,8 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
+#if HAVE_OPENSSL_SSL_H
+
 #include "webrtc/base/opensslidentity.h"
 
 #include <memory>
@@ -574,3 +576,5 @@ bool OpenSSLIdentity::operator!=(const OpenSSLIdentity& other) const {
 }
 
 }  // namespace rtc
+
+#endif  // HAVE_OPENSSL_SSL_H

webrtc/base/opensslstreamadapter.cc

@@ -8,6 +8,8 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
+#if HAVE_OPENSSL_SSL_H
+
 #include "webrtc/base/opensslstreamadapter.h"
 
 #include <openssl/bio.h>
@@ -43,10 +45,11 @@ namespace {
 
 namespace rtc {
 
-#if (OPENSSL_VERSION_NUMBER < 0x10001000L)
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
-#error "webrtc requires at least OpenSSL version 1.0.1, to support DTLS-SRTP"
+#define HAVE_DTLS_SRTP
 #endif
 
+#ifdef HAVE_DTLS_SRTP
 // SRTP cipher suite table. |internal_name| is used to construct a
 // colon-separated profile strings which is needed by
 // SSL_CTX_set_tlsext_use_srtp().
@@ -62,6 +65,7 @@ static SrtpCipherMapEntry SrtpCipherMap[] = {
     {"SRTP_AEAD_AES_128_GCM", SRTP_AEAD_AES_128_GCM},
     {"SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM},
     {nullptr, 0}};
+#endif
 
 #ifdef OPENSSL_IS_BORINGSSL
 // Not used in production code. Actual time should be relative to Jan 1, 1970.
@@ -428,6 +432,7 @@ bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
                                                 bool use_context,
                                                 uint8_t* result,
                                                 size_t result_len) {
+#ifdef HAVE_DTLS_SRTP
   int i;
 
   i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(),
@@ -438,10 +443,14 @@ bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
     return false;
 
   return true;
+#else
+  return false;
+#endif
 }
 
 bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
     const std::vector<int>& ciphers) {
+#ifdef HAVE_DTLS_SRTP
   std::string internal_ciphers;
 
   if (state_ != SSL_NONE)
@@ -472,9 +481,13 @@ bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
 
   srtp_ciphers_ = internal_ciphers;
   return true;
+#else
+  return false;
+#endif
 }
 
 bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
+#ifdef HAVE_DTLS_SRTP
   RTC_DCHECK(state_ == SSL_CONNECTED);
   if (state_ != SSL_CONNECTED)
     return false;
@@ -488,6 +501,9 @@ bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
   *crypto_suite = srtp_profile->id;
   RTC_DCHECK(!SrtpCryptoSuiteToName(*crypto_suite).empty());
   return true;
+#else
+  return false;
+#endif
 }
 
 bool OpenSSLStreamAdapter::IsTlsConnected() {
@@ -1080,12 +1096,14 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
   SSL_CTX_set_cipher_list(ctx,
       "DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK");
 
+#ifdef HAVE_DTLS_SRTP
   if (!srtp_ciphers_.empty()) {
     if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {
       SSL_CTX_free(ctx);
       return NULL;
     }
   }
+#endif
 
   return ctx;
 }
@@ -1151,6 +1169,26 @@ int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
   return stream->VerifyPeerCertificate();
 }
 
+bool OpenSSLStreamAdapter::HaveDtls() {
+  return true;
+}
+
+bool OpenSSLStreamAdapter::HaveDtlsSrtp() {
+#ifdef HAVE_DTLS_SRTP
+  return true;
+#else
+  return false;
+#endif
+}
+
+bool OpenSSLStreamAdapter::HaveExporter() {
+#ifdef HAVE_DTLS_SRTP
+  return true;
+#else
+  return false;
+#endif
+}
+
 bool OpenSSLStreamAdapter::IsBoringSsl() {
 #ifdef OPENSSL_IS_BORINGSSL
   return true;
@@ -1235,3 +1273,5 @@ void OpenSSLStreamAdapter::enable_time_callback_for_testing() {
 }
 
 }  // namespace rtc
+
+#endif  // HAVE_OPENSSL_SSL_H

webrtc/base/opensslstreamadapter.h

@@ -109,7 +109,10 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter {
 
   bool IsTlsConnected() override;
 
-  // Capabilities interfaces.
+  // Capabilities interfaces
+  static bool HaveDtls();
+  static bool HaveDtlsSrtp();
+  static bool HaveExporter();
   static bool IsBoringSsl();
 
   static bool IsAcceptableCipher(int cipher, KeyType key_type);

webrtc/base/ssladapter.cc

@@ -10,7 +10,13 @@
 
 #include "webrtc/base/ssladapter.h"
 
-#include "webrtc/base/openssladapter.h"
+#include "webrtc/base/sslconfig.h"
+
+#if SSL_USE_OPENSSL
+
+#include "openssladapter.h"
+
+#endif
 
 ///////////////////////////////////////////////////////////////////////////////
 
@@ -18,11 +24,18 @@ namespace rtc {
 
 SSLAdapter*
 SSLAdapter::Create(AsyncSocket* socket) {
+#if SSL_USE_OPENSSL
   return new OpenSSLAdapter(socket);
+#else  // !SSL_USE_OPENSSL
+  delete socket;
+  return NULL;
+#endif  // SSL_USE_OPENSSL
 }
 
 ///////////////////////////////////////////////////////////////////////////////
 
+#if SSL_USE_OPENSSL
+
 bool InitializeSSL(VerificationCallback callback) {
   return OpenSSLAdapter::InitializeSSL(callback);
 }
@@ -35,6 +48,22 @@ bool CleanupSSL() {
   return OpenSSLAdapter::CleanupSSL();
 }
 
+#else  // !SSL_USE_OPENSSL
+
+bool InitializeSSL(VerificationCallback callback) {
+  return true;
+}
+
+bool InitializeSSLThread() {
+  return true;
+}
+
+bool CleanupSSL() {
+  return true;
+}
+
+#endif  // SSL_USE_OPENSSL
+
 ///////////////////////////////////////////////////////////////////////////////
 
 }  // namespace rtc

webrtc/base/ssladapter_unittest.cc

@@ -370,6 +370,8 @@ class SSLAdapterTestDTLS_ECDSA : public SSLAdapterTestBase {
       : SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {}
 };
 
+#if SSL_USE_OPENSSL
+
 // Basic tests: TLS
 
 // Test that handshake works, using RSA
@@ -417,3 +419,5 @@ TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransfer) {
   TestHandshake(true);
   TestTransfer("Hello, world!");
 }
+
+#endif  // SSL_USE_OPENSSL

webrtc/base/sslconfig.h

@@ -0,0 +1,30 @@
+/*
+ *  Copyright 2012 The WebRTC Project Authors. All rights reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef WEBRTC_BASE_SSLCONFIG_H_
+#define WEBRTC_BASE_SSLCONFIG_H_
+
+// If no preference has been indicated, default to SChannel on Windows and
+// OpenSSL everywhere else, if it is available.
+#if !defined(SSL_USE_SCHANNEL) && !defined(SSL_USE_OPENSSL)
+#if defined(WEBRTC_WIN)
+
+#define SSL_USE_SCHANNEL 1
+
+#else  // defined(WEBRTC_WIN)
+
+#if defined(HAVE_OPENSSL_SSL_H)
+#define SSL_USE_OPENSSL 1
+#endif
+
+#endif  // !defined(WEBRTC_WIN)
+#endif
+
+#endif  // WEBRTC_BASE_SSLCONFIG_H_

webrtc/base/sslidentity.cc

@@ -17,9 +17,15 @@
 #include "webrtc/base/base64.h"
 #include "webrtc/base/checks.h"
 #include "webrtc/base/logging.h"
-#include "webrtc/base/opensslidentity.h"
+#include "webrtc/base/sslconfig.h"
 #include "webrtc/base/sslfingerprint.h"
 
+#if SSL_USE_OPENSSL
+
+#include "webrtc/base/opensslidentity.h"
+
+#endif  // SSL_USE_OPENSSL
+
 namespace rtc {
 
 const char kPemTypeCertificate[] = "CERTIFICATE";
@@ -207,6 +213,8 @@ SSLCertChain::~SSLCertChain() {
   std::for_each(certs_.begin(), certs_.end(), DeleteCert);
 }
 
+#if SSL_USE_OPENSSL
+
 // static
 SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) {
   return OpenSSLCertificate::FromPEMString(pem_string);
@@ -252,6 +260,12 @@ bool operator!=(const SSLIdentity& a, const SSLIdentity& b) {
   return !(a == b);
 }
 
+#else  // !SSL_USE_OPENSSL
+
+#error "No SSL implementation"
+
+#endif  // SSL_USE_OPENSSL
+
 // Read |n| bytes from ASN1 number string at *|pp| and return the numeric value.
 // Update *|pp| and *|np| to reflect number of read bytes.
 static inline int ASN1ReadInt(const unsigned char** pp, size_t* np, size_t n) {

webrtc/base/sslstreamadapter.cc

@@ -9,9 +9,14 @@
  */
 
 #include "webrtc/base/sslstreamadapter.h"
+#include "webrtc/base/sslconfig.h"
+
+#if SSL_USE_OPENSSL
 
 #include "webrtc/base/opensslstreamadapter.h"
 
+#endif  // SSL_USE_OPENSSL
+
 ///////////////////////////////////////////////////////////////////////////////
 
 namespace rtc {
@@ -96,7 +101,11 @@ CryptoOptions CryptoOptions::NoGcm() {
 }
 
 SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
+#if SSL_USE_OPENSSL
   return new OpenSSLStreamAdapter(stream);
+#else  // !SSL_USE_OPENSSL
+  return NULL;
+#endif  // SSL_USE_OPENSSL
 }
 
 SSLStreamAdapter::SSLStreamAdapter(StreamInterface* stream)
@@ -128,6 +137,16 @@ bool SSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
   return false;
 }
 
+#if SSL_USE_OPENSSL
+bool SSLStreamAdapter::HaveDtls() {
+  return OpenSSLStreamAdapter::HaveDtls();
+}
+bool SSLStreamAdapter::HaveDtlsSrtp() {
+  return OpenSSLStreamAdapter::HaveDtlsSrtp();
+}
+bool SSLStreamAdapter::HaveExporter() {
+  return OpenSSLStreamAdapter::HaveExporter();
+}
 bool SSLStreamAdapter::IsBoringSsl() {
   return OpenSSLStreamAdapter::IsBoringSsl();
 }
@@ -144,6 +163,7 @@ std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
 void SSLStreamAdapter::enable_time_callback_for_testing() {
   OpenSSLStreamAdapter::enable_time_callback_for_testing();
 }
+#endif  // SSL_USE_OPENSSL
 
 ///////////////////////////////////////////////////////////////////////////////
 

webrtc/base/sslstreamadapter.h

@@ -228,9 +228,10 @@ class SSLStreamAdapter : public StreamAdapterInterface {
   // SS_OPENING but IsTlsConnected should return true.
   virtual bool IsTlsConnected() = 0;
 
-  // Capabilities testing.
+  // Capabilities testing
-  // Used to have "DTLS supported", "DTLS-SRTP supported" etc. methods, but now
+  static bool HaveDtls();
-  // that's assumed.
+  static bool HaveDtlsSrtp();
+  static bool HaveExporter();
   static bool IsBoringSsl();
 
   // Returns true iff the supplied cipher is deemed to be strong.

webrtc/base/sslstreamadapter_unittest.cc

@@ -19,6 +19,7 @@
 #include "webrtc/base/gunit.h"
 #include "webrtc/base/helpers.h"
 #include "webrtc/base/ssladapter.h"
+#include "webrtc/base/sslconfig.h"
 #include "webrtc/base/sslidentity.h"
 #include "webrtc/base/sslstreamadapter.h"
 #include "webrtc/base/stream.h"
@@ -64,6 +65,12 @@ static const char kCERT_PEM[] =
     "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
     "-----END CERTIFICATE-----\n";
 
+#define MAYBE_SKIP_TEST(feature)                    \
+  if (!(rtc::SSLStreamAdapter::feature())) {  \
+    LOG(LS_INFO) << "Feature disabled... skipping"; \
+    return;                                         \
+  }
+
 class SSLStreamAdapterTestBase;
 
 class SSLDummyStreamBase : public rtc::StreamInterface,
@@ -956,6 +963,7 @@ TEST_P(SSLStreamAdapterTestTLS, TestSetPeerCertificateDigestWithInvalidLength) {
 // Basic tests: DTLS
 // Test that we can make a handshake work
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
+  MAYBE_SKIP_TEST(HaveDtls);
   TestHandshake();
 };
 
@@ -963,12 +971,14 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
 // each direction is lost. This gives us predictable loss
 // rather than having to tune random
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetLoseFirstPacket(true);
   TestHandshake();
 };
 
 // Test a handshake with loss and delay
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetLoseFirstPacket(true);
   SetDelay(2000);
   SetHandshakeWait(20000);
@@ -978,6 +988,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
 // Test a handshake with small MTU
 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetMtu(700);
   SetHandshakeWait(20000);
   TestHandshake();
@@ -985,17 +996,20 @@ TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
 
 // Test transfer -- trivial
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
+  MAYBE_SKIP_TEST(HaveDtls);
   TestHandshake();
   TestTransfer(100);
 };
 
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
+  MAYBE_SKIP_TEST(HaveDtls);
   TestHandshake();
   SetLoss(10);
   TestTransfer(100);
 };
 
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetDamage();  // Must be called first because first packet
                 // write happens at end of handshake.
   TestHandshake();
@@ -1012,6 +1026,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) {
 
 // Test DTLS-SRTP with all high ciphers
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<int> high;
   high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
   SetDtlsSrtpCryptoSuites(high, true);
@@ -1029,6 +1044,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
 
 // Test DTLS-SRTP with all low ciphers
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<int> low;
   low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
   SetDtlsSrtpCryptoSuites(low, true);
@@ -1046,6 +1062,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
 
 // Test DTLS-SRTP with a mismatch -- should not converge
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<int> high;
   high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
   std::vector<int> low;
@@ -1062,6 +1079,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
 
 // Test DTLS-SRTP with each side being mixed -- should select high
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<int> mixed;
   mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
   mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
@@ -1080,6 +1098,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
 
 // Test DTLS-SRTP with all GCM-128 ciphers.
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<int> gcm128;
   gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
   SetDtlsSrtpCryptoSuites(gcm128, true);
@@ -1097,6 +1116,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
 
 // Test DTLS-SRTP with all GCM-256 ciphers.
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<int> gcm256;
   gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
   SetDtlsSrtpCryptoSuites(gcm256, true);
@@ -1114,6 +1134,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
 
 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<int> gcm128;
   gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
   std::vector<int> gcm256;
@@ -1130,6 +1151,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
 
 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<int> gcmBoth;
   gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM);
   gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM);
@@ -1177,6 +1199,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) {
 
 // Test an exporter
 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
+  MAYBE_SKIP_TEST(HaveExporter);
   TestHandshake();
   unsigned char client_out[20];
   unsigned char server_out[20];
@@ -1199,6 +1222,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
 
 // Test not yet valid certificates are not rejected.
 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
+  MAYBE_SKIP_TEST(HaveDtls);
   long one_day = 60 * 60 * 24;
   // Make the certificates not valid until one day later.
   ResetIdentitiesWithValidity(one_day, one_day);
@@ -1207,6 +1231,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
 
 // Test expired certificates are not rejected.
 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
+  MAYBE_SKIP_TEST(HaveDtls);
   long one_day = 60 * 60 * 24;
   // Make the certificates already expired.
   ResetIdentitiesWithValidity(-one_day, -one_day);
@@ -1215,12 +1240,15 @@ TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
 
 // Test data transfer using certs created from strings.
 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
+  MAYBE_SKIP_TEST(HaveDtls);
   TestHandshake();
   TestTransfer(100);
 }
 
 // Test getting the remote certificate.
 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
+  MAYBE_SKIP_TEST(HaveDtls);
+
   // Peer certificates haven't been received yet.
   ASSERT_FALSE(GetPeerCertificate(true));
   ASSERT_FALSE(GetPeerCertificate(false));
@@ -1254,6 +1282,7 @@ TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
 // Test getting the used DTLS ciphers.
 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
   TestHandshake();
 
@@ -1273,6 +1302,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
 // Test getting the used DTLS 1.2 ciphers.
 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
   TestHandshake();
 
@@ -1291,6 +1321,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
 
 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
   TestHandshake();
 
@@ -1309,6 +1340,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {
 
 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
   TestHandshake();
 

webrtc/p2p/BUILD.gn

@@ -79,7 +79,7 @@ rtc_static_library("rtc_p2p") {
     "client/socketmonitor.h",
   ]
 
-  defines = []
+  defines = [ "FEATURE_ENABLE_SSL" ]
 
   deps = [
     "../base:rtc_base",

webrtc/p2p/base/dtlstransportchannel_unittest.cc

@@ -693,6 +693,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferSrtpTwoChannels) {
 
 // Connect with DTLS, and transfer some data.
 TEST_F(DtlsTransportChannelTest, TestTransferDtls) {
+  MAYBE_SKIP_TEST(HaveDtls);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   ASSERT_TRUE(Connect());
   TestTransfer(0, 1000, 100, false);
@@ -700,6 +701,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtls) {
 
 // Create two channels with DTLS, and transfer some data.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsTwoChannels) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   ASSERT_TRUE(Connect());
@@ -723,6 +725,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsNotOffered) {
 
 // Create two channels with DTLS 1.0 and check ciphers.
 TEST_F(DtlsTransportChannelTest, TestDtls12None) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
@@ -731,6 +734,7 @@ TEST_F(DtlsTransportChannelTest, TestDtls12None) {
 
 // Create two channels with DTLS 1.2 and check ciphers.
 TEST_F(DtlsTransportChannelTest, TestDtls12Both) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
@@ -739,6 +743,7 @@ TEST_F(DtlsTransportChannelTest, TestDtls12Both) {
 
 // Create two channels with DTLS 1.0 / DTLS 1.2 and check ciphers.
 TEST_F(DtlsTransportChannelTest, TestDtls12Client1) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
@@ -747,6 +752,7 @@ TEST_F(DtlsTransportChannelTest, TestDtls12Client1) {
 
 // Create two channels with DTLS 1.2 / DTLS 1.0 and check ciphers.
 TEST_F(DtlsTransportChannelTest, TestDtls12Client2) {
+  MAYBE_SKIP_TEST(HaveDtls);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
@@ -755,6 +761,7 @@ TEST_F(DtlsTransportChannelTest, TestDtls12Client2) {
 
 // Connect with DTLS, negotiate DTLS-SRTP, and transfer SRTP using bypass.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtp) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, true);
   ASSERT_TRUE(Connect());
@@ -764,6 +771,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtp) {
 // Connect with DTLS-SRTP, transfer an invalid SRTP packet, and expects -1
 // returned.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsInvalidSrtpPacket) {
+  MAYBE_SKIP_TEST(HaveDtls);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, true);
   ASSERT_TRUE(Connect());
@@ -773,6 +781,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsInvalidSrtpPacket) {
 
 // Connect with DTLS. A does DTLS-SRTP but B does not.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpRejected) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, false);
   ASSERT_TRUE(Connect());
@@ -780,6 +789,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpRejected) {
 
 // Connect with DTLS. B does DTLS-SRTP but A does not.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpNotOffered) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(false, true);
   ASSERT_TRUE(Connect());
@@ -787,6 +797,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpNotOffered) {
 
 // Create two channels with DTLS, negotiate DTLS-SRTP, and transfer bypass SRTP.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpTwoChannels) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, true);
@@ -797,6 +808,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpTwoChannels) {
 
 // Create a single channel with DTLS, and send normal data and SRTP data on it.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpDemux) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, true);
   ASSERT_TRUE(Connect());
@@ -806,6 +818,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpDemux) {
 
 // Testing when the remote is passive.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsAnswererIsPassive) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, true);
@@ -818,6 +831,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsAnswererIsPassive) {
 // Testing with the legacy DTLS client which doesn't use setup attribute.
 // In this case legacy is the answerer.
 TEST_F(DtlsTransportChannelTest, TestDtlsSetupWithLegacyAsAnswerer) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   NegotiateWithLegacy();
   rtc::SSLRole channel1_role;
@@ -831,6 +845,7 @@ TEST_F(DtlsTransportChannelTest, TestDtlsSetupWithLegacyAsAnswerer) {
 // Testing re offer/answer after the session is estbalished. Roles will be
 // kept same as of the previous negotiation.
 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromOfferer) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, true);
@@ -847,6 +862,7 @@ TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromOfferer) {
 }
 
 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromAnswerer) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, true);
@@ -864,6 +880,7 @@ TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromAnswerer) {
 
 // Test that any change in role after the intial setup will result in failure.
 TEST_F(DtlsTransportChannelTest, TestDtlsRoleReversal) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, true);
@@ -879,6 +896,7 @@ TEST_F(DtlsTransportChannelTest, TestDtlsRoleReversal) {
 // Test that using different setup attributes which results in similar ssl
 // role as the initial negotiation will result in success.
 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferWithDifferentSetupAttr) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, true);
@@ -894,6 +912,7 @@ TEST_F(DtlsTransportChannelTest, TestDtlsReOfferWithDifferentSetupAttr) {
 // Test that re-negotiation can be started before the clients become connected
 // in the first negotiation.
 TEST_F(DtlsTransportChannelTest, TestRenegotiateBeforeConnect) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   PrepareDtlsSrtp(true, true);
@@ -913,6 +932,7 @@ TEST_F(DtlsTransportChannelTest, TestRenegotiateBeforeConnect) {
 
 // Test Certificates state after negotiation but before connection.
 TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) {
+  MAYBE_SKIP_TEST(HaveDtls);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   Negotiate();
 
@@ -933,6 +953,7 @@ TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) {
 
 // Test Certificates state after connection.
 TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) {
+  MAYBE_SKIP_TEST(HaveDtls);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   ASSERT_TRUE(Connect());
 
@@ -963,6 +984,7 @@ TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) {
 // 60 seconds. The timer defaults to 1 second, but for WebRTC we should be
 // initializing it to 50ms.
 TEST_F(DtlsTransportChannelTest, TestRetransmissionSchedule) {
+  MAYBE_SKIP_TEST(HaveDtls);
   // We can only change the retransmission schedule with a recently-added
   // BoringSSL API. Skip the test if not built with BoringSSL.
   MAYBE_SKIP_TEST(IsBoringSsl);
@@ -1003,6 +1025,7 @@ TEST_F(DtlsTransportChannelTest, TestRetransmissionSchedule) {
 // Test that a DTLS connection can be made even if the underlying transport
 // is connected before DTLS fingerprints/roles have been negotiated.
 TEST_F(DtlsTransportChannelTest, TestConnectBeforeNegotiate) {
+  MAYBE_SKIP_TEST(HaveDtls);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
                       cricket::CONNECTIONROLE_ACTIVE,
@@ -1135,6 +1158,7 @@ class DtlsEventOrderingTest
 };
 
 TEST_P(DtlsEventOrderingTest, TestEventOrdering) {
+  MAYBE_SKIP_TEST(HaveDtls);
   TestEventOrdering(::testing::get<0>(GetParam()),
                     ::testing::get<1>(GetParam()));
 }

webrtc/pc/channel_unittest.cc

@@ -25,6 +25,12 @@
 #include "webrtc/p2p/base/faketransportcontroller.h"
 #include "webrtc/pc/channel.h"
 
+#define MAYBE_SKIP_TEST(feature)                    \
+  if (!(rtc::SSLStreamAdapter::feature())) {  \
+    LOG(LS_INFO) << "Feature disabled... skipping"; \
+    return;                                         \
+  }
+
 using cricket::CA_OFFER;
 using cricket::CA_PRANSWER;
 using cricket::CA_ANSWER;
@@ -2237,26 +2243,32 @@ TEST_F(VoiceChannelSingleThreadTest, SendSrtcpMux) {
 }
 
 TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToSrtp) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS, 0);
 }
 
 TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtp) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS, DTLS);
 }
 
 TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpGcmBoth) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS | GCM_CIPHER);
 }
 
 TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpGcmOne) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS);
 }
 
 TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpGcmTwo) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS, DTLS | GCM_CIPHER);
 }
 
 TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
 }
 
@@ -2564,26 +2576,32 @@ TEST_F(VoiceChannelDoubleThreadTest, SendSrtcpMux) {
 }
 
 TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToSrtp) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS, 0);
 }
 
 TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtp) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS, DTLS);
 }
 
 TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpGcmBoth) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS | GCM_CIPHER);
 }
 
 TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpGcmOne) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS);
 }
 
 TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpGcmTwo) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS, DTLS | GCM_CIPHER);
 }
 
 TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
 }
 
@@ -2883,14 +2901,17 @@ TEST_F(VideoChannelSingleThreadTest, SendSrtpToRtp) {
 }
 
 TEST_F(VideoChannelSingleThreadTest, SendDtlsSrtpToSrtp) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS, 0);
 }
 
 TEST_F(VideoChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtp) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS, DTLS);
 }
 
 TEST_F(VideoChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
 }
 
@@ -3112,14 +3133,17 @@ TEST_F(VideoChannelDoubleThreadTest, SendSrtpToRtp) {
 }
 
 TEST_F(VideoChannelDoubleThreadTest, SendDtlsSrtpToSrtp) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS, 0);
 }
 
 TEST_F(VideoChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtp) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS, DTLS);
 }
 
 TEST_F(VideoChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
+  MAYBE_SKIP_TEST(HaveDtlsSrtp);
   Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
 }