From: Leif Madsen <leif@leifmadsen.com>
Date: Tue, 19 Apr 2011 15:42:10 +0000 (+0000)
Subject: Use SSLv23_client_method instead of old SSLv2 only.
X-Git-Tag: 1.8.5-rc1~11^2~213
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9f315ce94655ac0bfbee392b0fcbc22de0f848c6;p=thirdparty%2Fasterisk.git

Use SSLv23_client_method instead of old SSLv2 only.

(closes issue #19095)
(closes issue #19138)
Reported by: tzafrir
Patches:
      no_ssl2.diff uploaded by tzafrir (license 46)
Tested by: russell, chazzam

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@314251 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/main/tcptls.c b/main/tcptls.c
index 4f0f08a96a..135f638f53 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -297,9 +297,12 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 	SSLeay_add_ssl_algorithms();
 
 	if (client) {
+#ifndef OPENSSL_NO_SSL2
 		if (ast_test_flag(&cfg->flags, AST_SSL_SSLV2_CLIENT)) {
 			cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());
-		} else if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
+		} else
+#endif
+		if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
 			cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
 		} else if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
 			cfg->ssl_ctx = SSL_CTX_new(TLSv1_client_method());