[SR-Dev] git:master: tls (common): don't use TLS servername if openssl < 1.0.0

Andrei Pelinescu-Onciul andrei at iptel.org
Thu Apr 23 13:39:57 CEST 2009 

Module: sip-router
Branch: master
Commit: 0705191bec675f931a7a906dffcac6c2b7d25c75
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0705191bec675f931a7a906dffcac6c2b7d25c75

Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei at iptel.org>
Date:   Thu Apr 23 13:35:42 2009 +0200

tls (common): don't use TLS servername if openssl < 1.0.0

- TLS extensions and more specifically server_name support have
  appeared between openssl 0.9.8l and 1.0.0.

---

 modules/tls/tls_init.c   |    5 +++++
 modules/tls/tls_init.h   |    5 +++++
 modules/tls/tls_select.c |    3 ++-
 3 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
index 4d78e66..b0f07f9 100644
--- a/modules/tls/tls_init.c
+++ b/modules/tls/tls_init.c
@@ -84,6 +84,11 @@ to compile on the  _target_ system)"
 #endif /* OPENSSL_VERSION_NUMBER */
 #endif /* TLS_KSSL_WORKARROUND */
 
+/* openssl < 1. 0 */
+#if OPENSSL_VERSION_NUMBER < 0x01000000L
+#	warning "openssl < 1.0: no TLS extensions or server name support"
+#endif /* OPENSSL_VERION < 1.0 */
+
 
 
 #ifndef OPENSSL_NO_COMP
diff --git a/modules/tls/tls_init.h b/modules/tls/tls_init.h
index 4e3f8f8..43e5f49 100644
--- a/modules/tls/tls_init.h
+++ b/modules/tls/tls_init.h
@@ -36,6 +36,11 @@
 #include "../../ip_addr.h"
 #include "tls_domain.h"
 
+/* openssl < 1. 0 */
+#if OPENSSL_VERSION_NUMBER < 0x01000000L
+/* alternative: check ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME */
+#define OPENSSL_NO_TLSEXT
+#endif /* OPENSSL_VERION < 1.0 */
 #ifndef OPENSSL_NO_KRB5
 /* enable workarround for openssl kerberos wrong malloc bug
  * (kssl code uses libc malloc/free/calloc instead of OPENSSL_malloc & 
diff --git a/modules/tls/tls_select.c b/modules/tls/tls_select.c
index d6efe93..85d4ca4 100644
--- a/modules/tls/tls_select.c
+++ b/modules/tls/tls_select.c
@@ -39,6 +39,7 @@
 #include "tls_server.h"
 #include "tls_select.h"
 #include "tls_mod.h"
+#include "tls_init.h" /* features macros */
 
 enum {
 	CERT_LOCAL = 1,   /* Select local certificate */
@@ -932,7 +933,7 @@ static int sel_cert(str* res, select_t* s, struct sip_msg* msg)
 
 
 #ifdef OPENSSL_NO_TLSEXT
-static int get_tlsext_sn(str* res, int type, sip_msg_t* msg)
+static int get_tlsext_sn(str* res, sip_msg_t* msg)
 {
 	ERR("TLS extension 'server name' is not available! "
 		"please install openssl with TLS extension support and recompile "

More information about the sr-dev mailing list