[Asterisk-code-review] tcptls: Allow OpenSSL 1.1.x configured with enable-ssl3-meth... (asterisk[master])

George Joseph asteriskteam at digium.com
Tue Jun 5 13:01:32 CDT 2018 

George Joseph has submitted this change and it was merged. ( https://gerrit.asterisk.org/9051 )

Change subject: tcptls: Allow OpenSSL 1.1.x configured with enable-ssl3-method no-deprecated.
......................................................................

tcptls: Allow OpenSSL 1.1.x configured with enable-ssl3-method no-deprecated.

ASTERISK-27874

Change-Id: Ica65113511c7a1c13f7988e7d9e7d9e7f3f620dd
---
M main/iostream.c
M main/tcptls.c
2 files changed, 5 insertions(+), 5 deletions(-)

Approvals:
  Joshua Colp: Looks good to me, but someone else must approve
  George Joseph: Looks good to me, approved; Approved for Submit



diff --git a/main/iostream.c b/main/iostream.c
index 4cddd43..057ae24 100644
--- a/main/iostream.c
+++ b/main/iostream.c
@@ -508,19 +508,19 @@
 					ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res));
 			}
 
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
 			if (!SSL_is_server(stream->ssl)) {
 #else
 			if (!stream->ssl->server) {
 #endif
 				/* For client threads, ensure that the error stack is cleared */
-#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
 				ERR_remove_thread_state(NULL);
 #else
 				ERR_remove_state(0);
 #endif	/* OPENSSL_VERSION_NUMBER >= 0x10000000L */
-#endif  /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L */
+#endif  /* OPENSSL_VERSION_NUMBER  < 0x10100000L */
 			}
 
 			SSL_free(stream->ssl);
diff --git a/main/tcptls.c b/main/tcptls.c
index 8ffeabb..69b40a6 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -343,13 +343,13 @@
 			cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());
 		} else
 #endif
-#ifndef OPENSSL_NO_SSL3_METHOD
+#if !defined(OPENSSL_NO_SSL3_METHOD) && !(defined(OPENSSL_API_COMPAT) && (OPENSSL_API_COMPAT >= 0x10100000L))
 		if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
 			ast_log(LOG_WARNING, "Usage of SSLv3 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n");
 			cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
 		} else
 #endif
-#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER  >= 0x10100000L)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 		cfg->ssl_ctx = SSL_CTX_new(TLS_client_method());
 #else
 		if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {

-- 
To view, visit https://gerrit.asterisk.org/9051
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Ica65113511c7a1c13f7988e7d9e7d9e7f3f620dd
Gerrit-Change-Number: 9051
Gerrit-PatchSet: 1
Gerrit-Owner: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180605/fde62f67/attachment.html>

More information about the asterisk-code-review mailing list