git:master:8d84c621: cdp: Disable TLS support for openssl versions older than 1.1.0 - sr-dev

11 Oct 2023

Module: kamailio
Branch: master
Commit: 8d84c6210fa7071d3ea96f219d486cc1b41dc119
URL: https://github.com/kamailio/kamailio/commit/8d84c6210fa7071d3ea96f219d486cc1...
Author: Morten Tryfoss morten@tryfoss.no
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2023-10-11T13:19:04+02:00
cdp: Disable TLS support for openssl versions older than 1.1.0
---
Modified: src/modules/cdp/cdp_mod.c
Modified: src/modules/cdp/cdp_tls.c
Modified: src/modules/cdp/receiver.c
---
Diff:  https://github.com/kamailio/kamailio/commit/8d84c6210fa7071d3ea96f219d486cc1...
Patch: https://github.com/kamailio/kamailio/commit/8d84c6210fa7071d3ea96f219d486cc1...
---

diff --git a/src/modules/cdp/cdp_mod.c b/src/modules/cdp/cdp_mod.c
index d63e5206d90..5f776f57a1f 100644
--- a/src/modules/cdp/cdp_mod.c
+++ b/src/modules/cdp/cdp_mod.c
@@ -239,6 +239,7 @@ static int cdp_init(void)
    	return 1;
    }
+	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
    if(enable_tls) {
    	init_ssl_methods();
    	method = tls_parse_method(&tls_method);
@@ -247,6 +248,12 @@ static int cdp_init(void)
    		return -1;
    	}
    }
+	#else
+	if(enable_tls) {
+		LM_ERR("TLS requires openssl 1.1.0 or newer\n");
+		return -1;
+	}
+	#endif
register_procs(2 + config->workers + 2 * config->peers_cnt);
    cfg_register_child(2 + config->workers + 2 * config->peers_cnt);
diff --git a/src/modules/cdp/cdp_tls.c b/src/modules/cdp/cdp_tls.c
index 6c7fb9a1f45..903445b676d 100644
--- a/src/modules/cdp/cdp_tls.c
+++ b/src/modules/cdp/cdp_tls.c
@@ -1,3 +1,4 @@
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 #include "cdp_tls.h"
cfg_option_t methods[] = {{"TLSv1", .val = TLS_USE_TLSv1},
@@ -255,3 +256,4 @@ int to_ssl(SSL_CTX **tls_ctx_p, SSL **tls_conn_p, int tcp_sock, int method)
    }
    return 0;
 }
+#endif
\ No newline at end of file
diff --git a/src/modules/cdp/receiver.c b/src/modules/cdp/receiver.c
index 3c6223a758a..0a15ce3aaeb 100644
--- a/src/modules/cdp/receiver.c
+++ b/src/modules/cdp/receiver.c
@@ -813,10 +813,12 @@ int receive_loop(peer *original_peer)
    							p->R_sock = fd;
    						}
+							#if OPENSSL_VERSION_NUMBER >= 0x10100000L
    						if(enable_tls) {
    							to_ssl(&sp2->tls_ctx, &sp2->tls_conn,
    									sp->tcp_socket, method);
    						}
+							#endif
    					} else {
    						sp2 = add_serviced_peer(NULL);
    						if(!sp2) {
@@ -824,10 +826,12 @@ int receive_loop(peer *original_peer)
    							continue;
    						}
    						sp2->tcp_socket = fd;
+							#if OPENSSL_VERSION_NUMBER >= 0x10100000L
    						if(enable_tls) {
    							to_ssl(&sp2->tls_ctx, &sp2->tls_conn,
    									sp->tcp_socket, method);
    						}
+							#endif
    					}
    				}
    			}
@@ -879,7 +883,9 @@ int receive_loop(peer *original_peer)
    									sp->p ? sp->p->fqdn.s : "",
    									sp->tcp_socket, strerror(errno));
    							AAAFreeMessage(&msg);
+								#if OPENSSL_VERSION_NUMBER >= 0x10100000L
    							cleanup_ssl(sp->tls_ctx, sp->tls_conn);
+								#endif
    							close(sp->tcp_socket);
    							goto drop_peer;
    						}
@@ -892,7 +898,9 @@ int receive_loop(peer *original_peer)
    									sp->p ? sp->p->fqdn.s : "",
    									sp->tcp_socket, cnt, msg->buf.len);
    							AAAFreeMessage(&msg);
+								#if OPENSSL_VERSION_NUMBER >= 0x10100000L
    							cleanup_ssl(sp->tls_ctx, sp->tls_conn);
+								#endif
    							close(sp->tcp_socket);
    							goto drop_peer;
    						}

    