Browse code

tls (common): don't use TLS servername if openssl < 1.0.0

- TLS extensions and more specifically server_name support have
appeared between openssl 0.9.8l and 1.0.0.

Andrei Pelinescu-Onciul authored on 23/04/2009 11:35:42
Showing 3 changed files
... ...
@@ -84,6 +84,11 @@ to compile on the  _target_ system)"
84 84
 #endif /* OPENSSL_VERSION_NUMBER */
85 85
 #endif /* TLS_KSSL_WORKARROUND */
86 86
 
87
+/* openssl < 1. 0 */
88
+#if OPENSSL_VERSION_NUMBER < 0x01000000L
89
+#	warning "openssl < 1.0: no TLS extensions or server name support"
90
+#endif /* OPENSSL_VERION < 1.0 */
91
+
87 92
 
88 93
 
89 94
 #ifndef OPENSSL_NO_COMP
... ...
@@ -36,6 +36,11 @@
36 36
 #include "../../ip_addr.h"
37 37
 #include "tls_domain.h"
38 38
 
39
+/* openssl < 1. 0 */
40
+#if OPENSSL_VERSION_NUMBER < 0x01000000L
41
+/* alternative: check ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME */
42
+#define OPENSSL_NO_TLSEXT
43
+#endif /* OPENSSL_VERION < 1.0 */
39 44
 #ifndef OPENSSL_NO_KRB5
40 45
 /* enable workarround for openssl kerberos wrong malloc bug
41 46
  * (kssl code uses libc malloc/free/calloc instead of OPENSSL_malloc & 
... ...
@@ -39,6 +39,7 @@
39 39
 #include "tls_server.h"
40 40
 #include "tls_select.h"
41 41
 #include "tls_mod.h"
42
+#include "tls_init.h" /* features macros */
42 43
 
43 44
 enum {
44 45
 	CERT_LOCAL = 1,   /* Select local certificate */
... ...
@@ -932,7 +933,7 @@ static int sel_cert(str* res, select_t* s, struct sip_msg* msg)
932 933
 
933 934
 
934 935
 #ifdef OPENSSL_NO_TLSEXT
935
-static int get_tlsext_sn(str* res, int type, sip_msg_t* msg)
936
+static int get_tlsext_sn(str* res, sip_msg_t* msg)
936 937
 {
937 938
 	ERR("TLS extension 'server name' is not available! "
938 939
 		"please install openssl with TLS extension support and recompile "