Merge "OpenSSL 1.1.0 support" into 14

main/libasteriskssl.c

@@ -67,13 +67,14 @@ static void ssl_lock(int mode, int n, const char *file, int line)
 		return;
 	}
 
-	if (mode & CRYPTO_LOCK) {
+	if (mode & 0x1) {
 		ast_mutex_lock(&ssl_locks[n]);
 	} else {
 		ast_mutex_unlock(&ssl_locks[n]);
 	}
 }
 
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L
 int SSL_library_init(void)
 {
 #if defined(AST_DEVMODE)
@@ -115,6 +116,7 @@ void ERR_free_strings(void)
 {
 	/* we can't allow this to be called, ever */
 }
+#endif /* !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L */
 
 #endif /* HAVE_OPENSSL */
 

main/tcptls.c

@@ -397,13 +397,19 @@ static int tcptls_stream_close(void *cookie)
 					SSL_get_error(stream->ssl, res));
 			}
 
+#if defined(OPENSSL_API_COMPAT) && OPENSSL_API_COMPAT >= 0x10100000L
+			if (!SSL_is_server(stream->ssl)) {
+#else
 			if (!stream->ssl->server) {
+#endif
 				/* For client threads, ensure that the error stack is cleared */
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
 				ERR_remove_thread_state(NULL);
 #else
 				ERR_remove_state(0);
 #endif	/* OPENSSL_VERSION_NUMBER >= 0x10000000L */
+#endif  /* !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L */
 			}
 
 			SSL_free(stream->ssl);
@@ -830,7 +836,7 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 	}
 
 	if (client) {
-#ifndef OPENSSL_NO_SSL2
+#if !defined(OPENSSL_NO_SSL2) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
 		if (ast_test_flag(&cfg->flags, AST_SSL_SSLV2_CLIENT)) {
 			ast_log(LOG_WARNING, "Usage of SSLv2 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n");
 			cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());