Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

OpenSSL 1.1.0 support

Browse Source 
OpenSSL 1.1.0 includes some major changes in the interface. See
https://wiki.openssl.org/index.php/1.1_API_Changes .

Status: Right now there are still a few deprecation notes with OpenSSL
1.1.0. But it's a start.

Changes:
* CRYPTO_LOCK is no longer available. Replace it with its value for now.
  I don't completely understand what it is used for there.
* Remove several functions from libasteriskssl that seem to no longer be
  needed.
* Structures have become opaque and are accesses with accessors.
* ERR_remove_thread_state() no longer needed.
* SSLv2 code now could no longer be used in 1.1.

ASTERISK-26109 #close

Change-Id: I5e29d477d486ca29b6aae0dc2f5dff960c1cb82b
changes/02/3102/7
Tzafrir Cohen 9 years ago committed by Joshua Colp
parent fdf4355bd0
commit 26c8552fff
3 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File

10
main/iostream.c
Unescape View File

@ -462,9 +462,19 @@ int ast_iostream_close(struct ast_iostream *stream)
SSL_get_error(stream->ssl, res));
}
#if defined(OPENSSL_API_COMPAT) && OPENSSL_API_COMPAT >= 0x10100000L
if (!SSL_is_server(stream->ssl)) {
#else
if (!stream->ssl->server) {
#endif
/* For client threads, ensure that the error stack is cleared */
#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
ERR_remove_thread_state(NULL);
#else
ERR_remove_state(0);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */
#endif /* !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L */
}
SSL_free(stream->ssl);

4
main/libasteriskssl.c
Unescape View File

@ -65,13 +65,14 @@ static void ssl_lock(int mode, int n, const char *file, int line)
return;
}
if (mode & CRYPTO_LOCK) {
if (mode & 0x1) {
ast_mutex_lock(&ssl_locks[n]);
} else {
ast_mutex_unlock(&ssl_locks[n]);
}
}
#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L
int SSL_library_init(void)
{
#if defined(AST_DEVMODE)
@ -113,6 +114,7 @@ void ERR_free_strings(void)
{
/* we can't allow this to be called, ever */
}
#endif /* !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L */
#endif /* HAVE_OPENSSL */

2
main/tcptls.c
Unescape View File

@ -310,7 +310,7 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
}
if (client) {
#ifndef OPENSSL_NO_SSL2
#if !defined(OPENSSL_NO_SSL2) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
if (ast_test_flag(&cfg->flags, AST_SSL_SSLV2_CLIENT)) {
ast_log(LOG_WARNING, "Usage of SSLv2 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n");
cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());

Write Preview
Loading…
Cancel
Save