[svn-commits] mjordan: trunk r431938 - in /trunk: ./ main/tcptls.c

Thu, 19 Feb 2015 07:29:14 -0800 

Author: mjordan
Date: Thu Feb 19 09:28:56 2015
New Revision: 431938

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=431938
Log:
tcptls: Handle new OpenSSL compile time option to disable SSLv3

Some distributions are going to disable SSLv3 at compile time. This option can
be checked using the directive OPENSSL_NO_SSL3_METHOD. This patch updates the
TCP/TLS handling in Asterisk to look for that directive before attempting to
use the SSLv3 specific methods.

ASTERISK-24799 #close
Reported by: Alexander Traud
patches:
  no-ssl3-method.patch uploaded by Alexander Traud (License 6520)
........

Merged revisions 431936 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 431937 from http://svn.asterisk.org/svn/asterisk/branches/13

Modified:
    trunk/   (props changed)
    trunk/main/tcptls.c

Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-13-merged' - no diff available.

Modified: trunk/main/tcptls.c
URL: 
http://svnview.digium.com/svn/asterisk/trunk/main/tcptls.c?view=diff&rev=431938&r1=431937&r2=431938
==============================================================================
--- trunk/main/tcptls.c (original)
+++ trunk/main/tcptls.c Thu Feb 19 09:28:56 2015
@@ -769,10 +769,13 @@
                        cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());
                } else
 #endif
+#ifndef OPENSSL_NO_SSL3_METHOD
                if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
                        ast_log(LOG_WARNING, "Usage of SSLv3 is discouraged due 
to known vulnerabilities. Please use 'tlsv1' or leave the TLS method 
unspecified!\n");
                        cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
-               } else if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
+               } else
+#endif
+               if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
                        cfg->ssl_ctx = SSL_CTX_new(TLSv1_client_method());
                } else {
                        disable_ssl = 1;


-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

svn-commits mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/svn-commits

Reply via email to