Use SSLv23_client_method instead of old SSLv2 only.

(closes issue #19095)
(closes issue #19138)
Reported by: tzafrir
Patches:
      no_ssl2.diff uploaded by tzafrir (license 46)
Tested by: russell, chazzam

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@314251 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/main/tcptls.c b/main/tcptls.c
index 4f0f08a96a772d00101483086b3f962b8148a1c8..135f638f53da3aae7e57843c55a6e0ee4e8a73ac 100644 (file)
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -297,9 +297,12 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
        SSLeay_add_ssl_algorithms();
 
        if (client) {
+#ifndef OPENSSL_NO_SSL2
                if (ast_test_flag(&cfg->flags, AST_SSL_SSLV2_CLIENT)) {
                        cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());
-               } else if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
+               } else
+#endif
+               if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
                        cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
                } else if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
                        cfg->ssl_ctx = SSL_CTX_new(TLSv1_client_method());