diff options
author | Tzafrir Cohen <tzafrir.cohen@xorcom.com> | 2016-06-28 23:26:59 +0200 |
---|---|---|
committer | Joshua Colp <jcolp@digium.com> | 2016-12-01 01:22:45 +0000 |
commit | 26c8552fff499419bdf12b663e76ecfc408b3085 (patch) | |
tree | 69353feb47b0a11a4d8b3673b8beca40c9b07622 /main | |
parent | fdf4355bd054ce3a264f3d7a83725259b8acb32f (diff) |
OpenSSL 1.1.0 support
OpenSSL 1.1.0 includes some major changes in the interface. See
https://wiki.openssl.org/index.php/1.1_API_Changes .
Status: Right now there are still a few deprecation notes with OpenSSL
1.1.0. But it's a start.
Changes:
* CRYPTO_LOCK is no longer available. Replace it with its value for now.
I don't completely understand what it is used for there.
* Remove several functions from libasteriskssl that seem to no longer be
needed.
* Structures have become opaque and are accesses with accessors.
* ERR_remove_thread_state() no longer needed.
* SSLv2 code now could no longer be used in 1.1.
ASTERISK-26109 #close
Change-Id: I5e29d477d486ca29b6aae0dc2f5dff960c1cb82b
Diffstat (limited to 'main')
-rw-r--r-- | main/iostream.c | 10 | ||||
-rw-r--r-- | main/libasteriskssl.c | 4 | ||||
-rw-r--r-- | main/tcptls.c | 2 |
3 files changed, 14 insertions, 2 deletions
diff --git a/main/iostream.c b/main/iostream.c index 008888142..a20a04896 100644 --- a/main/iostream.c +++ b/main/iostream.c @@ -462,9 +462,19 @@ int ast_iostream_close(struct ast_iostream *stream) SSL_get_error(stream->ssl, res)); } +#if defined(OPENSSL_API_COMPAT) && OPENSSL_API_COMPAT >= 0x10100000L + if (!SSL_is_server(stream->ssl)) { +#else if (!stream->ssl->server) { +#endif /* For client threads, ensure that the error stack is cleared */ +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + ERR_remove_thread_state(NULL); +#else ERR_remove_state(0); +#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */ +#endif /* !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L */ } SSL_free(stream->ssl); diff --git a/main/libasteriskssl.c b/main/libasteriskssl.c index 16a1aa739..9905b150c 100644 --- a/main/libasteriskssl.c +++ b/main/libasteriskssl.c @@ -65,13 +65,14 @@ static void ssl_lock(int mode, int n, const char *file, int line) return; } - if (mode & CRYPTO_LOCK) { + if (mode & 0x1) { ast_mutex_lock(&ssl_locks[n]); } else { ast_mutex_unlock(&ssl_locks[n]); } } +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L int SSL_library_init(void) { #if defined(AST_DEVMODE) @@ -113,6 +114,7 @@ void ERR_free_strings(void) { /* we can't allow this to be called, ever */ } +#endif /* !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L */ #endif /* HAVE_OPENSSL */ diff --git a/main/tcptls.c b/main/tcptls.c index c8ebab434..6b040ae3e 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -310,7 +310,7 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) } if (client) { -#ifndef OPENSSL_NO_SSL2 +#if !defined(OPENSSL_NO_SSL2) && (OPENSSL_VERSION_NUMBER < 0x10100000L) if (ast_test_flag(&cfg->flags, AST_SSL_SSLV2_CLIENT)) { ast_log(LOG_WARNING, "Usage of SSLv2 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n"); cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method()); |