diff options
author | Matthew Jordan <mjordan@digium.com> | 2015-02-19 15:28:56 +0000 |
---|---|---|
committer | Matthew Jordan <mjordan@digium.com> | 2015-02-19 15:28:56 +0000 |
commit | e3fd826cdbff6bfb63d809831d0d826103c74949 (patch) | |
tree | 5d44da6cc941eced2fa63981dfa2536690cddca4 /main/tcptls.c | |
parent | a4774ceaa5cc28d6b885270ffa5fa6400e12b474 (diff) |
tcptls: Handle new OpenSSL compile time option to disable SSLv3
Some distributions are going to disable SSLv3 at compile time. This option can
be checked using the directive OPENSSL_NO_SSL3_METHOD. This patch updates the
TCP/TLS handling in Asterisk to look for that directive before attempting to
use the SSLv3 specific methods.
ASTERISK-24799 #close
Reported by: Alexander Traud
patches:
no-ssl3-method.patch uploaded by Alexander Traud (License 6520)
........
Merged revisions 431936 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 431937 from http://svn.asterisk.org/svn/asterisk/branches/13
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431938 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main/tcptls.c')
-rw-r--r-- | main/tcptls.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/main/tcptls.c b/main/tcptls.c index dd2f5ea67..22fb1447e 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -769,10 +769,13 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method()); } else #endif +#ifndef OPENSSL_NO_SSL3_METHOD if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) { ast_log(LOG_WARNING, "Usage of SSLv3 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n"); cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method()); - } else if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) { + } else +#endif + if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) { cfg->ssl_ctx = SSL_CTX_new(TLSv1_client_method()); } else { disable_ssl = 1; |