[sr-dev] [kamailio/kamailio] [tls] Don't use OpenSSL<1.0.2 fallback on 1.1+ (#2717)
space88man
notifications at github.com
Tue Apr 27 19:05:37 CEST 2021
Address GH #2716. Also see https://bugs.python.org/issue29697.
<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x ...'
- code is contributed under BSD for core and main components (tm, sl, auth, tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list -->
- [X ] Commit message has the format required by CONTRIBUTING guide
- [X] Commits are split per component (core, individual modules, libs, utils, ...)
- [X ] Each component has a single commit (if not, squash them into one commit)
- [ ] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [X] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that apply -->
- [X] PR should be backported to stable branches
- [X ] Tested changes locally
- [ ] Related to issue #2716
#### Description
For OpenSSL 1.1.x initialization of EC SSL contexts has changed — we should be using the < 1.0.2 technique on OpenSSL 1.1+. This addresses a corner case where TLS server with P-256 cert would not handshake with a TLS client presenting a P-521 cert.
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/2717
-- Commit Summary --
* [tls] Don't use OpenSSL<1.0.2 fallback on 1.1+
-- File Changes --
M src/modules/tls/tls_domain.c (12)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/2717.patch
https://github.com/kamailio/kamailio/pull/2717.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/2717
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210427/b1c146b6/attachment.htm>
More information about the sr-dev
mailing list