tcptls: Avoiding ERR_remove_state in OpenSSL.

ERR_remove_state was deprecated with OpenSSL 1.0.0 and was replaced by
ERR_remove_thread_state. ERR_load_SSL_strings and ERR_load_BIO_strings were
called by SSL_load_error_strings already and got removed. These changes allow
OpenSSL forks like BoringSSL to be used with Asterisk.

ASTERISK-25043 #close
Reported by: Alexander Traud
patches:
  asterisk_with_BoringSSL.patch uploaded by Alexander Traud (License 6520)

Change-Id: If1c0871ece21a7e0763fafbd2fa023ae49d4d629
(cherry picked from commit 247fef66537b59649e7571d64e2c574a106dbd65)

diff --git a/main/libasteriskssl.c b/main/libasteriskssl.c
index ca3fb569c38a9eb4991ee49507d7c4d17b6acb22..b3267014b8a13c037d9ae0b8e108ea5b6c3ff2f8 100644 (file)
--- a/main/libasteriskssl.c
+++ b/main/libasteriskssl.c
@@ -93,33 +93,6 @@ void SSL_load_error_strings(void)
 #endif
 }
 
-void ERR_load_SSL_strings(void)
-{
-#if defined(AST_DEVMODE)
-       if (startup_complete) {
-               ast_debug(1, "Called after startup... ignoring!\n");
-       }
-#endif
-}
-
-void ERR_load_crypto_strings(void)
-{
-#if defined(AST_DEVMODE)
-       if (startup_complete) {
-               ast_debug(1, "Called after startup... ignoring!\n");
-       }
-#endif
-}
-
-void ERR_load_BIO_strings(void)
-{
-#if defined(AST_DEVMODE)
-       if (startup_complete) {
-               ast_debug(1, "Called after startup... ignoring!\n");
-       }
-#endif
-}
-
 void CRYPTO_set_id_callback(unsigned long (*func)(void))
 {
 #if defined(AST_DEVMODE)
@@ -157,8 +130,6 @@ int ast_ssl_init(void)
        void (*real_CRYPTO_set_id_callback)(unsigned long (*)(void));
        void (*real_CRYPTO_set_locking_callback)(void (*)(int, int, const char *, int));
        void (*real_SSL_load_error_strings)(void);
-       void (*real_ERR_load_SSL_strings)(void);
-       void (*real_ERR_load_BIO_strings)(void);
        const char *errstr;
 
        /* clear any previous dynamic linker errors */
@@ -216,12 +187,6 @@ int ast_ssl_init(void)
        get_OpenSSL_function(SSL_load_error_strings);
        real_SSL_load_error_strings();
 
-       get_OpenSSL_function(ERR_load_SSL_strings);
-       real_ERR_load_SSL_strings();
-
-       get_OpenSSL_function(ERR_load_BIO_strings);
-       real_ERR_load_BIO_strings();
-
        startup_complete = 1;
 
 #endif /* HAVE_OPENSSL */

diff --git a/main/tcptls.c b/main/tcptls.c
index 9d9aefc0ba02c0fab06a9f3a3c899cd0a01c03a8..14e4fcd2de49beef961a3185cf09742ff2b6fc74 100644 (file)
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -400,7 +400,11 @@ static int tcptls_stream_close(void *cookie)
 
                        if (!stream->ssl->server) {
                                /* For client threads, ensure that the error stack is cleared */
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+                               ERR_remove_thread_state(NULL);
+#else
                                ERR_remove_state(0);
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */
                        }
 
                        SSL_free(stream->ssl);