From 204cc25a27fc495ad43e5639f91d4cddabd464a7 Mon Sep 17 00:00:00 2001 From: Alexander Traud Date: Fri, 25 May 2018 14:24:51 +0200 Subject: [PATCH] tcptls: Allow OpenSSL 1.1.x configured with enable-ssl3-method no-deprecated. ASTERISK-27874 Change-Id: Ica65113511c7a1c13f7988e7d9e7d9e7f3f620dd --- main/tcptls.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/main/tcptls.c b/main/tcptls.c index 23a6a2e5c0..bd89bddab6 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -448,14 +448,14 @@ static int tcptls_stream_close(void *cookie) ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res)); } -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) if (!SSL_is_server(stream->ssl)) { #else if (!stream->ssl->server) { #endif /* For client threads, ensure that the error stack is cleared */ -#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10000000L +#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L) +#if OPENSSL_VERSION_NUMBER >= 0x10000000L ERR_remove_thread_state(NULL); #else ERR_remove_state(0); @@ -901,13 +901,13 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method()); } else #endif -#ifndef OPENSSL_NO_SSL3_METHOD +#if !defined(OPENSSL_NO_SSL3_METHOD) && !(defined(OPENSSL_API_COMPAT) && (OPENSSL_API_COMPAT >= 0x10100000L)) if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) { ast_log(LOG_WARNING, "Usage of SSLv3 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n"); cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method()); } else #endif -#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) +#if OPENSSL_VERSION_NUMBER >= 0x10100000L cfg->ssl_ctx = SSL_CTX_new(TLS_client_method()); #else if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {