From 0705191bec675f931a7a906dffcac6c2b7d25c75 Mon Sep 17 00:00:00 2001 From: Andrei Pelinescu-Onciul Date: Thu, 23 Apr 2009 13:35:42 +0200 Subject: [PATCH] tls (common): don't use TLS servername if openssl < 1.0.0 - TLS extensions and more specifically server_name support have appeared between openssl 0.9.8l and 1.0.0. --- modules/tls/tls_init.c | 5 +++++ modules/tls/tls_init.h | 5 +++++ modules/tls/tls_select.c | 3 ++- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c index 4d78e66a7..b0f07f93a 100644 --- a/modules/tls/tls_init.c +++ b/modules/tls/tls_init.c @@ -84,6 +84,11 @@ to compile on the _target_ system)" #endif /* OPENSSL_VERSION_NUMBER */ #endif /* TLS_KSSL_WORKARROUND */ +/* openssl < 1. 0 */ +#if OPENSSL_VERSION_NUMBER < 0x01000000L +# warning "openssl < 1.0: no TLS extensions or server name support" +#endif /* OPENSSL_VERION < 1.0 */ + #ifndef OPENSSL_NO_COMP diff --git a/modules/tls/tls_init.h b/modules/tls/tls_init.h index 4e3f8f8b4..43e5f49f6 100644 --- a/modules/tls/tls_init.h +++ b/modules/tls/tls_init.h @@ -36,6 +36,11 @@ #include "../../ip_addr.h" #include "tls_domain.h" +/* openssl < 1. 0 */ +#if OPENSSL_VERSION_NUMBER < 0x01000000L +/* alternative: check ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME */ +#define OPENSSL_NO_TLSEXT +#endif /* OPENSSL_VERION < 1.0 */ #ifndef OPENSSL_NO_KRB5 /* enable workarround for openssl kerberos wrong malloc bug * (kssl code uses libc malloc/free/calloc instead of OPENSSL_malloc & diff --git a/modules/tls/tls_select.c b/modules/tls/tls_select.c index d6efe935c..85d4ca49e 100644 --- a/modules/tls/tls_select.c +++ b/modules/tls/tls_select.c @@ -39,6 +39,7 @@ #include "tls_server.h" #include "tls_select.h" #include "tls_mod.h" +#include "tls_init.h" /* features macros */ enum { CERT_LOCAL = 1, /* Select local certificate */ @@ -932,7 +933,7 @@ static int sel_cert(str* res, select_t* s, struct sip_msg* msg) #ifdef OPENSSL_NO_TLSEXT -static int get_tlsext_sn(str* res, int type, sip_msg_t* msg) +static int get_tlsext_sn(str* res, sip_msg_t* msg) { ERR("TLS extension 'server name' is not available! " "please install openssl with TLS extension support and recompile "