tcptls: Allow OpenSSL 1.1.x configured with enable-ssl3-method no-deprecated.

ASTERISK-27874 Change-Id: Ica65113511c7a1c13f7988e7d9e7d9e7f3f620dd
2025-11-16 23:08:32 +00:00 · 2018-05-25 14:22:14 +02:00
parent 4ea98e49f1
commit 91616f4524
2 changed files with 5 additions and 5 deletions
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -343,13 +343,13 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 			cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());
 		} else
 #endif
-#ifndef OPENSSL_NO_SSL3_METHOD
+#if !defined(OPENSSL_NO_SSL3_METHOD) && !(defined(OPENSSL_API_COMPAT) && (OPENSSL_API_COMPAT >= 0x10100000L))
 		if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
 			ast_log(LOG_WARNING, "Usage of SSLv3 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n");
 			cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
 		} else
 #endif
-#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER  >= 0x10100000L)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 		cfg->ssl_ctx = SSL_CTX_new(TLS_client_method());
 #else
 		if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {