diff options
author | Alexander Traud <pabstraud@compuserve.com> | 2015-05-05 18:35:16 +0200 |
---|---|---|
committer | Alexander Traud <pabstraud@compuserve.com> | 2015-05-08 08:34:22 -0500 |
commit | 2115f11b5402fdea68f42220eb71dca316b19b74 (patch) | |
tree | c3a2a6a96d9d70598ec58a8dbd39b5bbcebc6e73 | |
parent | 1e44d1bef990a93f0495f73f6a619e38b9b6fce5 (diff) |
tcptls: Avoiding ERR_remove_state in OpenSSL.
ERR_remove_state was deprecated with OpenSSL 1.0.0 and was replaced by
ERR_remove_thread_state. ERR_load_SSL_strings and ERR_load_BIO_strings were
called by SSL_load_error_strings already and got removed. These changes allow
OpenSSL forks like BoringSSL to be used with Asterisk.
ASTERISK-25043 #close
Reported by: Alexander Traud
patches:
asterisk_with_BoringSSL.patch uploaded by Alexander Traud (License 6520)
Change-Id: If1c0871ece21a7e0763fafbd2fa023ae49d4d629
(cherry picked from commit 247fef66537b59649e7571d64e2c574a106dbd65)
-rw-r--r-- | main/libasteriskssl.c | 35 | ||||
-rw-r--r-- | main/tcptls.c | 4 |
2 files changed, 4 insertions, 35 deletions
diff --git a/main/libasteriskssl.c b/main/libasteriskssl.c index ca3fb569c..b3267014b 100644 --- a/main/libasteriskssl.c +++ b/main/libasteriskssl.c @@ -93,33 +93,6 @@ void SSL_load_error_strings(void) #endif } -void ERR_load_SSL_strings(void) -{ -#if defined(AST_DEVMODE) - if (startup_complete) { - ast_debug(1, "Called after startup... ignoring!\n"); - } -#endif -} - -void ERR_load_crypto_strings(void) -{ -#if defined(AST_DEVMODE) - if (startup_complete) { - ast_debug(1, "Called after startup... ignoring!\n"); - } -#endif -} - -void ERR_load_BIO_strings(void) -{ -#if defined(AST_DEVMODE) - if (startup_complete) { - ast_debug(1, "Called after startup... ignoring!\n"); - } -#endif -} - void CRYPTO_set_id_callback(unsigned long (*func)(void)) { #if defined(AST_DEVMODE) @@ -157,8 +130,6 @@ int ast_ssl_init(void) void (*real_CRYPTO_set_id_callback)(unsigned long (*)(void)); void (*real_CRYPTO_set_locking_callback)(void (*)(int, int, const char *, int)); void (*real_SSL_load_error_strings)(void); - void (*real_ERR_load_SSL_strings)(void); - void (*real_ERR_load_BIO_strings)(void); const char *errstr; /* clear any previous dynamic linker errors */ @@ -216,12 +187,6 @@ int ast_ssl_init(void) get_OpenSSL_function(SSL_load_error_strings); real_SSL_load_error_strings(); - get_OpenSSL_function(ERR_load_SSL_strings); - real_ERR_load_SSL_strings(); - - get_OpenSSL_function(ERR_load_BIO_strings); - real_ERR_load_BIO_strings(); - startup_complete = 1; #endif /* HAVE_OPENSSL */ diff --git a/main/tcptls.c b/main/tcptls.c index 92fee604d..1b0c26ad2 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -400,7 +400,11 @@ static int tcptls_stream_close(void *cookie) if (!stream->ssl->server) { /* For client threads, ensure that the error stack is cleared */ +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + ERR_remove_thread_state(NULL); +#else ERR_remove_state(0); +#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */ } SSL_free(stream->ssl); |