[sr-dev] git:master: tls: ifdef to use TLSv1.1 only for openssl/libssl v1.0.0+

Daniel-Constantin Mierla miconda at gmail.com
Sun Nov 3 13:26:37 CET 2013 

Module: sip-router
Branch: master
Commit: 16649609796ec336278b073d86045f72a9dd7886
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=16649609796ec336278b073d86045f72a9dd7886

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Sun Nov  3 13:23:32 2013 +0100

tls: ifdef to use TLSv1.1 only for openssl/libssl v1.0.0+

---

 modules/tls/tls_config.c |    9 ++++++++-
 modules/tls/tls_init.c   |    4 ++++
 2 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/modules/tls/tls_config.c b/modules/tls/tls_config.c
index 8742021..4a78e9e 100644
--- a/modules/tls/tls_config.c
+++ b/modules/tls/tls_config.c
@@ -460,10 +460,17 @@ int tls_parse_method(str* method)
     opt = cfg_lookup_token(methods, method);
     if (!opt) return -1;
 
+#if OPENSSL_VERSION_NUMBER < 0x01000000L
+	if(opt->val == TLS_USE_TLSv1_1) {
+		LM_ERR("tls v1.1 not supported by this libssl version: %ld\n",
+				(long)OPENSSL_VERSION_NUMBER);
+		return -1;
+	}
+#endif
 #if OPENSSL_VERSION_NUMBER < 0x1000105fL
 	if(opt->val == TLS_USE_TLSv1_2) {
 		LM_ERR("tls v1.2 not supported by this libssl version: %ld\n",
-				OPENSSL_VERSION_NUMBER);
+				(long)OPENSSL_VERSION_NUMBER);
 		return -1;
 	}
 #endif
diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
index 4b55c40..5118f15 100644
--- a/modules/tls/tls_init.c
+++ b/modules/tls/tls_init.c
@@ -341,6 +341,8 @@ int tls_h_init_si(struct socket_info *si)
  */
 static void init_ssl_methods(void)
 {
+	memset(ssl_methods, 0, sizeof(ssl_methods));
+
 #ifndef OPENSSL_NO_SSL2
 	ssl_methods[TLS_USE_SSLv2_cli - 1] = SSLv2_client_method();
 	ssl_methods[TLS_USE_SSLv2_srv - 1] = SSLv2_server_method();
@@ -359,9 +361,11 @@ static void init_ssl_methods(void)
 	ssl_methods[TLS_USE_SSLv23_srv - 1] = SSLv23_server_method();
 	ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
 
+#if OPENSSL_VERSION_NUMBER >= 0x01000000L
 	ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method();
 	ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method();
 	ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method();
+#endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x1000105fL
 	ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method();

More information about the sr-dev mailing list