From: Alexander Traud <pabstraud@compuserve.com>
Date: Tue, 21 Jun 2016 12:05:30 +0000 (+0200)
Subject: res_rtp_asterisk: Use latest DTLS version available by underlying platform.
X-Git-Tag: 14.0.0-beta1~89^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6eb0354f2d0a7845ee3f302a54a84c39f10be620;p=thirdparty%2Fasterisk.git

res_rtp_asterisk: Use latest DTLS version available by underlying platform.

Do not use DTLSv1_method() but DTLS_method() when available in OpenSSL of the
underlying platform. This change enables DTLS 1.2 since OpenSSL 1.0.2, for
WebRTC (DTLS-SRTP via SIP-over-WebSockets). This change enables AEAD-based
cipher-suites.

ASTERISK-26130 #close

Change-Id: I41f24448d6d2953e8bdb97c9f4a6bc8a8f055fd0
---

diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c
index 9e3ff757c5..1bf16941dc 100644
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -1357,7 +1357,12 @@ static int ast_rtp_dtls_set_configuration(struct ast_rtp_instance *instance, con
 		return 0;
 	}
 
-	if (!(rtp->ssl_ctx = SSL_CTX_new(DTLSv1_method()))) {
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+	rtp->ssl_ctx = SSL_CTX_new(DTLSv1_method());
+#else
+	rtp->ssl_ctx = SSL_CTX_new(DTLS_method());
+#endif
+	if (!rtp->ssl_ctx) {
 		return -1;
 	}