master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix renegotiation flag for older version of openssl (#978)

Browse Source 
`SSL_OP_NO_RENEGOTIATION` is only supported in openssl-1.1.0 and above
Older versions have `SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS `

Fixes #977 and #952

Test:
Build in a docker container running running openssl-1.0.2g (ubuntu
16.04) successfully (without the fix getting the same errors)
This commit is contained in:
Pavel Punsky 2022-09-14 03:29:26 -07:00 committed by GitHub
parent 8b66fa4ff2
commit 9af9f6306a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/apps/relay/dtls_listener.c
View File

@ -295,8 +295,17 @@ static ioa_socket_handle dtls_server_input_handler(dtls_listener_relay_server_ty
SSL_set_accept_state(connecting_ssl);
SSL_set_bio(connecting_ssl, NULL, wbio);
SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
| SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
#endif
#else
#if defined(SSL_OP_NO_RENEGOTIATION)
| SSL_OP_NO_RENEGOTIATION
#endif
#endif
);
SSL_set_max_cert_list(connecting_ssl, 655350);
ioa_socket_handle rc = dtls_accept_client_connection(server, s, connecting_ssl,
@ -581,7 +590,17 @@ static int create_new_connected_udp_socket(
SSL_set_bio(connecting_ssl, NULL, wbio);
SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
| SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
#endif
#else
#if defined(SSL_OP_NO_RENEGOTIATION)
| SSL_OP_NO_RENEGOTIATION
#endif
#endif
);
SSL_set_max_cert_list(connecting_ssl, 655350);
int rc = ssl_read(ret->fd, connecting_ssl, server->sm.m.sm.nd.nbh,

12
src/apps/relay/ns_ioalib_engine_impl.c
View File

@ -1428,7 +1428,17 @@ static void set_socket_ssl(ioa_socket_handle s, SSL *ssl)
if(ssl) {
SSL_set_app_data(ssl,s);
SSL_set_info_callback(ssl, (ssl_info_callback_t)ssl_info_callback);
SSL_set_options(ssl, SSL_OP_NO_RENEGOTIATION);
SSL_set_options(ssl,
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
#endif
#else
#if defined(SSL_OP_NO_RENEGOTIATION)
SSL_OP_NO_RENEGOTIATION
#endif
#endif
);
}
}
}