Module: kamailio Branch: master Commit: 8d84c6210fa7071d3ea96f219d486cc1b41dc119 URL: https://github.com/kamailio/kamailio/commit/8d84c6210fa7071d3ea96f219d486cc… Author: Morten Tryfoss <morten(a)tryfoss.no> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-10-11T13:19:04+02:00 cdp: Disable TLS support for openssl versions older than 1.1.0 --- Modified: src/modules/cdp/cdp_mod.c Modified: src/modules/cdp/cdp_tls.c Modified: src/modules/cdp/receiver.c --- Diff: https://github.com/kamailio/kamailio/commit/8d84c6210fa7071d3ea96f219d486cc… Patch: https://github.com/kamailio/kamailio/commit/8d84c6210fa7071d3ea96f219d486cc… --- diff --git a/src/modules/cdp/cdp_mod.c b/src/modules/cdp/cdp_mod.c index d63e5206d90..5f776f57a1f 100644 --- a/src/modules/cdp/cdp_mod.c +++ b/src/modules/cdp/cdp_mod.c @@ -239,6 +239,7 @@ static int cdp_init(void) return 1; } + #if OPENSSL_VERSION_NUMBER >= 0x10100000L if(enable_tls) { init_ssl_methods(); method = tls_parse_method(&tls_method); @@ -247,6 +248,12 @@ static int cdp_init(void) return -1; } } + #else + if(enable_tls) { + LM_ERR("TLS requires openssl 1.1.0 or newer\n"); + return -1; + } + #endif register_procs(2 + config->workers + 2 * config->peers_cnt); cfg_register_child(2 + config->workers + 2 * config->peers_cnt); diff --git a/src/modules/cdp/cdp_tls.c b/src/modules/cdp/cdp_tls.c index 6c7fb9a1f45..903445b676d 100644 --- a/src/modules/cdp/cdp_tls.c +++ b/src/modules/cdp/cdp_tls.c @@ -1,3 +1,4 @@ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L #include "cdp_tls.h" cfg_option_t methods[] = {{"TLSv1", .val = TLS_USE_TLSv1}, @@ -255,3 +256,4 @@ int to_ssl(SSL_CTX **tls_ctx_p, SSL **tls_conn_p, int tcp_sock, int method) } return 0; } +#endif \ No newline at end of file diff --git a/src/modules/cdp/receiver.c b/src/modules/cdp/receiver.c index 3c6223a758a..0a15ce3aaeb 100644 --- a/src/modules/cdp/receiver.c +++ b/src/modules/cdp/receiver.c @@ -813,10 +813,12 @@ int receive_loop(peer *original_peer) p->R_sock = fd; } + #if OPENSSL_VERSION_NUMBER >= 0x10100000L if(enable_tls) { to_ssl(&sp2->tls_ctx, &sp2->tls_conn, sp->tcp_socket, method); } + #endif } else { sp2 = add_serviced_peer(NULL); if(!sp2) { @@ -824,10 +826,12 @@ int receive_loop(peer *original_peer) continue; } sp2->tcp_socket = fd; + #if OPENSSL_VERSION_NUMBER >= 0x10100000L if(enable_tls) { to_ssl(&sp2->tls_ctx, &sp2->tls_conn, sp->tcp_socket, method); } + #endif } } } @@ -879,7 +883,9 @@ int receive_loop(peer *original_peer) sp->p ? sp->p->fqdn.s : "", sp->tcp_socket, strerror(errno)); AAAFreeMessage(&msg); + #if OPENSSL_VERSION_NUMBER >= 0x10100000L cleanup_ssl(sp->tls_ctx, sp->tls_conn); + #endif close(sp->tcp_socket); goto drop_peer; } @@ -892,7 +898,9 @@ int receive_loop(peer *original_peer) sp->p ? sp->p->fqdn.s : "", sp->tcp_socket, cnt, msg->buf.len); AAAFreeMessage(&msg); + #if OPENSSL_VERSION_NUMBER >= 0x10100000L cleanup_ssl(sp->tls_ctx, sp->tls_conn); + #endif close(sp->tcp_socket); goto drop_peer; }