[sr-dev] git:master: tls: ifdef to use TLSv1.1 only for openssl/libssl v1.0.0+
Hugh Waite
hugh.waite at crocodile-rcs.com
Fri Nov 8 21:22:10 CET 2013
Hi,
According to http://www.openssl.org/news/changelog.html, Initial TLSv1.1
support was introduced in the first release of openssl v1.0.1, Initial
v1.2 support was added at the same time.
I'm using CentOS 6.4 with openssl-devel 1.0.0-27 (which has version
0x10000003L) and the tls module does not compile (without warnings) and
fails to run due to undefined v1.1 methods.
Was there a reason for selecting the 05 release of v1.0.1 (i.e. v1.0.1e)
for TLSv1.2 support? As far as I can see the TLSv1_2_method() is
available from the first release? Maybe a required bugfix?
Hugh
On 03/11/2013 12:26, Daniel-Constantin Mierla wrote:
> Module: sip-router
> Branch: master
> Commit: 16649609796ec336278b073d86045f72a9dd7886
> URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=16649609796ec336278b073d86045f72a9dd7886
>
> Author: Daniel-Constantin Mierla <miconda at gmail.com>
> Committer: Daniel-Constantin Mierla <miconda at gmail.com>
> Date: Sun Nov 3 13:23:32 2013 +0100
>
> tls: ifdef to use TLSv1.1 only for openssl/libssl v1.0.0+
>
> ---
>
> modules/tls/tls_config.c | 9 ++++++++-
> modules/tls/tls_init.c | 4 ++++
> 2 files changed, 12 insertions(+), 1 deletions(-)
>
> diff --git a/modules/tls/tls_config.c b/modules/tls/tls_config.c
> index 8742021..4a78e9e 100644
> --- a/modules/tls/tls_config.c
> +++ b/modules/tls/tls_config.c
> @@ -460,10 +460,17 @@ int tls_parse_method(str* method)
> opt = cfg_lookup_token(methods, method);
> if (!opt) return -1;
>
> +#if OPENSSL_VERSION_NUMBER < 0x01000000L
> + if(opt->val == TLS_USE_TLSv1_1) {
> + LM_ERR("tls v1.1 not supported by this libssl version: %ld\n",
> + (long)OPENSSL_VERSION_NUMBER);
> + return -1;
> + }
> +#endif
> #if OPENSSL_VERSION_NUMBER < 0x1000105fL
> if(opt->val == TLS_USE_TLSv1_2) {
> LM_ERR("tls v1.2 not supported by this libssl version: %ld\n",
> - OPENSSL_VERSION_NUMBER);
> + (long)OPENSSL_VERSION_NUMBER);
> return -1;
> }
> #endif
> diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
> index 4b55c40..5118f15 100644
> --- a/modules/tls/tls_init.c
> +++ b/modules/tls/tls_init.c
> @@ -341,6 +341,8 @@ int tls_h_init_si(struct socket_info *si)
> */
> static void init_ssl_methods(void)
> {
> + memset(ssl_methods, 0, sizeof(ssl_methods));
> +
> #ifndef OPENSSL_NO_SSL2
> ssl_methods[TLS_USE_SSLv2_cli - 1] = SSLv2_client_method();
> ssl_methods[TLS_USE_SSLv2_srv - 1] = SSLv2_server_method();
> @@ -359,9 +361,11 @@ static void init_ssl_methods(void)
> ssl_methods[TLS_USE_SSLv23_srv - 1] = SSLv23_server_method();
> ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
>
> +#if OPENSSL_VERSION_NUMBER >= 0x01000000L
> ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method();
> ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method();
> ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method();
> +#endif
>
> #if OPENSSL_VERSION_NUMBER >= 0x1000105fL
> ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method();
>
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Hugh Waite
Principal Design Engineer
Crocodile RCS Ltd.
More information about the sr-dev
mailing list