[Asterisk-code-review] OpenSSL 1.1.0 support (asterisk[master])

Corey Farrell asteriskteam at digium.com
Thu Nov 3 11:34:45 CDT 2016


Corey Farrell has posted comments on this change. ( https://gerrit.asterisk.org/3102 )

Change subject: OpenSSL 1.1.0 support
......................................................................


Patch Set 3: Code-Review-1

(2 comments)

Can we have a JIRA ticket for this?  If for no other reason this change should be listed under the correct category in the release summary.

https://gerrit.asterisk.org/#/c/3102/3//COMMIT_MSG
Commit Message:

Line 18: * Remove several functions from libasteriskssl that seem to no longer be
OpenSSL can only be initialized and destroyed per process.  The empty functions intercept any calls to cleanup functions made by 3rd party libraries.  I think the specific concern is that unloading res_curl could cause libcurl to shutdown openssl.


Line 22: * SSLv2 code now could no longer be used. Do we need it?
My feeling is that SSLv2 is vulnerable and it's use in Asterisk should be blocked regardless of openssl version being used, but that probably can't be done with 13 or 14.

Maybe a follow-up commit for master only to purge SSLv2 from Asterisk would be best?


-- 
To view, visit https://gerrit.asterisk.org/3102
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I5e29d477d486ca29b6aae0dc2f5dff960c1cb82b
Gerrit-PatchSet: 3
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Tzafrir Cohen <tzafrir.cohen at xorcom.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Corey Farrell <git at cfware.com>
Gerrit-Reviewer: Matt Jordan <mjordan at digium.com>
Gerrit-Reviewer: Matthew Fredrickson <creslin at digium.com>
Gerrit-Reviewer: Scott Griepentrog <sgriepentrog at digium.com>
Gerrit-HasComments: Yes



More information about the asterisk-code-review mailing list