diff options
| author | Joshua Colp <jcolp@digium.com> | 2016-12-01 05:08:52 -0600 |
|---|---|---|
| committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2016-12-01 05:08:52 -0600 |
| commit | 662a4741e2e2497dcb7d5a6098435f04967796c5 (patch) | |
| tree | 2842596aac964164fa7646f59a0dba01baf88b9c /main | |
| parent | eec82c6221935ebcc88da8c606481258d3322ad5 (diff) | |
| parent | b0c9f07f040dfa1713899f6b5ad1e3321bd56481 (diff) | |
Merge "OpenSSL 1.1.0 support" into 13
Diffstat (limited to 'main')
| -rw-r--r-- | main/libasteriskssl.c | 4 | ||||
| -rw-r--r-- | main/tcptls.c | 8 |
2 files changed, 10 insertions, 2 deletions
diff --git a/main/libasteriskssl.c b/main/libasteriskssl.c index b3267014b..c4d4c56f4 100644 --- a/main/libasteriskssl.c +++ b/main/libasteriskssl.c @@ -67,13 +67,14 @@ static void ssl_lock(int mode, int n, const char *file, int line) return; } - if (mode & CRYPTO_LOCK) { + if (mode & 0x1) { ast_mutex_lock(&ssl_locks[n]); } else { ast_mutex_unlock(&ssl_locks[n]); } } +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L int SSL_library_init(void) { #if defined(AST_DEVMODE) @@ -115,6 +116,7 @@ void ERR_free_strings(void) { /* we can't allow this to be called, ever */ } +#endif /* !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L */ #endif /* HAVE_OPENSSL */ diff --git a/main/tcptls.c b/main/tcptls.c index bccb03d85..8ca89c8bd 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -398,13 +398,19 @@ static int tcptls_stream_close(void *cookie) SSL_get_error(stream->ssl, res)); } +#if defined(OPENSSL_API_COMPAT) && OPENSSL_API_COMPAT >= 0x10100000L + if (!SSL_is_server(stream->ssl)) { +#else if (!stream->ssl->server) { +#endif /* For client threads, ensure that the error stack is cleared */ +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L #if OPENSSL_VERSION_NUMBER >= 0x10000000L ERR_remove_thread_state(NULL); #else ERR_remove_state(0); #endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */ +#endif /* !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L */ } SSL_free(stream->ssl); @@ -813,7 +819,7 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) } if (client) { -#ifndef OPENSSL_NO_SSL2 +#if !defined(OPENSSL_NO_SSL2) && (OPENSSL_VERSION_NUMBER < 0x10100000L) if (ast_test_flag(&cfg->flags, AST_SSL_SSLV2_CLIENT)) { ast_log(LOG_WARNING, "Usage of SSLv2 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n"); cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method()); |