tcptls: Allow OpenSSL 1.1.x configured with enable-ssl3-method no-deprecated.

author Alexander Traud <pabstraud@compuserve.com>

Fri, 25 May 2018 12:22:14 +0000 (14:22 +0200)

committer Alexander Traud <pabstraud@compuserve.com>

Fri, 25 May 2018 12:24:58 +0000 (06:24 -0600)
author Alexander Traud <pabstraud@compuserve.com>
Fri, 25 May 2018 12:22:14 +0000 (14:22 +0200)
committer Alexander Traud <pabstraud@compuserve.com>
Fri, 25 May 2018 12:24:58 +0000 (06:24 -0600)
diff --git a/main/iostream.c b/main/iostream.c

index 4cddd43b6b7cfd95190f65ad531f717a9bf430c4..057ae240e50905a066b38e9c995100411b091e37 100644 (file)
--- a/main/iostream.c
+++ b/main/iostream.c
@@ -508,19 +508,19 @@ int ast_iostream_close(struct ast_iostream *stream)
                                         ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res));
                         }
  
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
                         if (!SSL_is_server(stream->ssl)) {
  #else
                         if (!stream->ssl->server) {
  #endif
                                 /* For client threads, ensure that the error stack is cleared */
-#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
  #if OPENSSL_VERSION_NUMBER >= 0x10000000L
                                 ERR_remove_thread_state(NULL);
  #else
                                 ERR_remove_state(0);
  #endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */
-#endif  /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L */
+#endif  /* OPENSSL_VERSION_NUMBER  < 0x10100000L */
                         }
  
                         SSL_free(stream->ssl);
diff --git a/main/tcptls.c b/main/tcptls.c

index 8ffeabb69b599639dce0dcf91c125d60b0454fad..69b40a6e56ed6a917e8a7ef92687987e4bd8c415 100644 (file)
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -343,13 +343,13 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
                         cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());
                 } else
  #endif
-#ifndef OPENSSL_NO_SSL3_METHOD
+#if !defined(OPENSSL_NO_SSL3_METHOD) && !(defined(OPENSSL_API_COMPAT) && (OPENSSL_API_COMPAT >= 0x10100000L))
                 if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
                         ast_log(LOG_WARNING, "Usage of SSLv3 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n");
                         cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
                 } else
  #endif
-#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER  >= 0x10100000L)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
                 cfg->ssl_ctx = SSL_CTX_new(TLS_client_method());
  #else
                 if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
author	Alexander Traud <pabstraud@compuserve.com>
	Fri, 25 May 2018 12:22:14 +0000 (14:22 +0200)
committer	Alexander Traud <pabstraud@compuserve.com>
	Fri, 25 May 2018 12:24:58 +0000 (06:24 -0600)
main/iostream.c		patch \| blob \| blame \| history
main/tcptls.c		patch \| blob \| blame \| history