From: Matthew Jordan <mjordan@digium.com>
Date: Thu, 19 Feb 2015 15:28:10 +0000 (+0000)
Subject: tcptls: Handle new OpenSSL compile time option to disable SSLv3
X-Git-Tag: 13.3.0-rc1~72
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=374013d8177687229e59584b48506c0f83ff02aa;p=thirdparty%2Fasterisk.git

tcptls: Handle new OpenSSL compile time option to disable SSLv3

Some distributions are going to disable SSLv3 at compile time. This option can
be checked using the directive OPENSSL_NO_SSL3_METHOD. This patch updates the
TCP/TLS handling in Asterisk to look for that directive before attempting to
use the SSLv3 specific methods.

ASTERISK-24799 #close
Reported by: Alexander Traud
patches:
  no-ssl3-method.patch uploaded by Alexander Traud (License 6520)
........

Merged revisions 431936 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@431937 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/main/tcptls.c b/main/tcptls.c
index dd2f5ea671..22fb1447e2 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -769,10 +769,13 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 			cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());
 		} else
 #endif
+#ifndef OPENSSL_NO_SSL3_METHOD
 		if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
 			ast_log(LOG_WARNING, "Usage of SSLv3 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n");
 			cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
-		} else if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
+		} else
+#endif
+		if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
 			cfg->ssl_ctx = SSL_CTX_new(TLSv1_client_method());
 		} else {
 			disable_ssl = 1;