For OpenSSL 3.x, this will fix a deprecation warning.
<!-- Kamailio Pull Request Template -->
<!-- IMPORTANT: - for detailed contributing guidelines, read: https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md - pull requests must be done to master branch, unless they are backports of fixes from master branch to a stable branch - backports to stable branches must be done with 'git cherry-pick -x ...' - code is contributed under BSD for core and main components (tm, sl, auth, tls) - code is contributed GPLv2 or a compatible license for the other components - GPL code is contributed with OpenSSL licensing exception -->
#### Pre-Submission Checklist <!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply --> <!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above--> <!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list --> - [X] Commit message has the format required by CONTRIBUTING guide - [X] Commits are split per component (core, individual modules, libs, utils, ...) - [X] Each component has a single commit (if not, squash them into one commit) - [X] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change - [X] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist: <!-- Go over all points below, and after creating the PR, tick the checkboxes that apply --> - [X] PR should be backported to stable branches - [X] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description Update DH initialization with appropriate API for OpenSSL >= 1.1.1. This also fixes a deprecation warning with OpenSSL 3.x. You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/2945
-- Commit Summary --
* tls: update DH initialization for OpenSSL 1.1.x
-- File Changes --
M src/modules/tls/tls_domain.c (6)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/2945.patch https://github.com/kamailio/kamailio/pull/2945.diff
Is `SSL_CTX_set_dh_auto` specified to be a macro in the API?
If not, maybe it would be better to rely on some library version check, because the ifdefs on something that can be changed to a function name without notice can have hidden impact in the future.
Is `SSL_CTX_set_dh_auto` specified to be a macro in the API?
Yes currenty it is specified as a macro: https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_dh_auto.html
Typically applications should use well know DH parameters that have built-in support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto() configure OpenSSL to use the default built-in DH parameters for the SSL_CTX and SSL objects respectively.
@space88man pushed 1 commit.
54abf1c71f39861d8a3a01e74e027e724f729f75 tls: update DH initialization for OpenSSL 1.1.x
@space88man pushed 1 commit.
cdaf51f44d41a336670657c40d636deeacd85879 tls: update DH initialization for OpenSSL 1.1.x
@miconda commented on this pull request.
@@ -146,19 +156,17 @@ static void setup_dh(SSL_CTX *ctx)
return; }
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) - /* libssl >= v1.1.0 */ - DH_set0_pqg(dh, p, NULL, g);
In the PR description you mention `OpenSSL >= 1.1.1`, now the comments mention `OpenSSL 1.1.0+`, so I am just asking for confirmation it is ok to remove the use of `DH_set0_pqg` here. If yes, then it will be merged.
@space88man commented on this pull request.
@@ -146,19 +156,17 @@ static void setup_dh(SSL_CTX *ctx)
return; }
-#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER) - /* libssl >= v1.1.0 */ - DH_set0_pqg(dh, p, NULL, g);
Yes ok to remove: OpenSSL 1.1.0 also has the macro SSL_CTX_set_dh_auto.
Merged #2945 into master.
-
Daniel-Constantin Mierla -
space88man