tcptls: Allow OpenSSL 1.1.x configured with enable-ssl3-method no-deprecated.
ASTERISK-27874 Change-Id: Ica65113511c7a1c13f7988e7d9e7d9e7f3f620dd
This commit is contained in:
parent
4ea98e49f1
commit
91616f4524
|
@ -508,19 +508,19 @@ int ast_iostream_close(struct ast_iostream *stream)
|
|||
ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res));
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||
if (!SSL_is_server(stream->ssl)) {
|
||||
#else
|
||||
if (!stream->ssl->server) {
|
||||
#endif
|
||||
/* For client threads, ensure that the error stack is cleared */
|
||||
#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
ERR_remove_thread_state(NULL);
|
||||
#else
|
||||
ERR_remove_state(0);
|
||||
#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */
|
||||
#endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
}
|
||||
|
||||
SSL_free(stream->ssl);
|
||||
|
|
|
@ -343,13 +343,13 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
|
|||
cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());
|
||||
} else
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||
#if !defined(OPENSSL_NO_SSL3_METHOD) && !(defined(OPENSSL_API_COMPAT) && (OPENSSL_API_COMPAT >= 0x10100000L))
|
||||
if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
|
||||
ast_log(LOG_WARNING, "Usage of SSLv3 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n");
|
||||
cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
|
||||
} else
|
||||
#endif
|
||||
#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
cfg->ssl_ctx = SSL_CTX_new(TLS_client_method());
|
||||
#else
|
||||
if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
|
||||
|
|
Loading…
Reference in New Issue