Author: mjordan
Date: Thu Feb 19 09:21:06 2015
New Revision: 431936
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=431936
Log:
tcptls: Handle new OpenSSL compile time option to disable SSLv3
Some distributions are going to disable SSLv3 at compile time. This option can
be checked using the directive OPENSSL_NO_SSL3_METHOD. This patch updates the
TCP/TLS handling in Asterisk to look for that directive before attempting to
use the SSLv3 specific methods.
ASTERISK-24799 #close
Reported by: Alexander Traud
patches:
no-ssl3-method.patch uploaded by Alexander Traud (License 6520)
Modified:
branches/11/main/tcptls.c
Modified: branches/11/main/tcptls.c
URL:
http://svnview.digium.com/svn/asterisk/branches/11/main/tcptls.c?view=diff&rev=431936&r1=431935&r2=431936
==============================================================================
--- branches/11/main/tcptls.c (original)
+++ branches/11/main/tcptls.c Thu Feb 19 09:21:06 2015
@@ -768,10 +768,13 @@
cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());
} else
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
ast_log(LOG_WARNING, "Usage of SSLv3 is discouraged due
to known vulnerabilities. Please use 'tlsv1' or leave the TLS method
unspecified!\n");
cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
- } else if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
+ } else
+#endif
+ if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
cfg->ssl_ctx = SSL_CTX_new(TLSv1_client_method());
} else {
disable_ssl = 1;
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
svn-commits mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/svn-commits
