git:master:744bc8f9: tls: update DH initialization for OpenSSL 1.1.x - sr-dev

23 Nov 2021

Module: kamailio
Branch: master
Commit: 744bc8f9e12b698cd6b8bc5ef63c84df7a3aea90
URL: https://github.com/kamailio/kamailio/commit/744bc8f9e12b698cd6b8bc5ef63c84df...
Author: SPChan shihping.chan@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2021-11-23T20:02:37+01:00
tls: update DH initialization for OpenSSL 1.1.x
For OpenSSL 3.x, this will fix a deprecation warning.
---
Modified: src/modules/tls/tls_domain.c
---
Diff:  https://github.com/kamailio/kamailio/commit/744bc8f9e12b698cd6b8bc5ef63c84df...
Patch: https://github.com/kamailio/kamailio/commit/744bc8f9e12b698cd6b8bc5ef63c84df...
---

diff --git a/src/modules/tls/tls_domain.c b/src/modules/tls/tls_domain.c
index 5f939df1d4..c6eac20738 100644
--- a/src/modules/tls/tls_domain.c
+++ b/src/modules/tls/tls_domain.c
@@ -89,6 +89,10 @@ static void setup_ecdh(SSL_CTX *ctx)
#ifndef OPENSSL_NO_DH
+/*
+ * not needed for OpenSSL 1.1.0+ and LibreSSL
+ */
+#if !defined(SSL_CTX_set_dh_auto)
 static unsigned char dh3072_p[] = {
    0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
    0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
@@ -126,9 +130,15 @@ static unsigned char dh3072_p[] = {
 };
static unsigned char dh3072_g[] = { 0x02 };
+#endif
static void setup_dh(SSL_CTX *ctx)
 {
+/*
+ * not needed for OpenSSL 1.1.0+ and LibreSSL
+ * DH_new() is deprecated in OpenSSL 3
+ */
+#if !defined(SSL_CTX_set_dh_auto)
    DH *dh;
    BIGNUM *p;
    BIGNUM *g;
@@ -146,19 +156,17 @@ static void setup_dh(SSL_CTX *ctx)
    	return;
    }
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
-	/* libssl >= v1.1.0 */
-	DH_set0_pqg(dh, p, NULL, g);
-#else
    dh->p = p;
    dh->g = g;
-#endif
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
    SSL_CTX_set_tmp_dh(ctx, dh);
DH_free(dh);
+#else
+   SSL_CTX_set_dh_auto(ctx, 1);
+#endif
 }
 #endif

    