#13961: Remove ssl v2 support in pjsip

0324fbbb · Alexandre Savard · dea8b23e · 0324fbbb · 0324fbbb · 0324fbbb
Commit 0324fbbb authored Jul 30, 2012 by Alexandre Savard
--- a/daemon/libs/pjproject/pjlib/include/pj/ssl_sock.h
+++ b/daemon/libs/pjproject/pjlib/include/pj/ssl_sock.h
@@ -307,15 +307,6 @@ typedef enum pj_ssl_cipher {
    PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA	= 0x0000001D,
    PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA     	= 0x0000001E,
-    /* SSLv2 */
-    PJ_SSL_CK_RC4_128_WITH_MD5               	= 0x00010080,
-    PJ_SSL_CK_RC4_128_EXPORT40_WITH_MD5      	= 0x00020080,
-    PJ_SSL_CK_RC2_128_CBC_WITH_MD5           	= 0x00030080,
-    PJ_SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5  	= 0x00040080,
-    PJ_SSL_CK_IDEA_128_CBC_WITH_MD5          	= 0x00050080,
-    PJ_SSL_CK_DES_64_CBC_WITH_MD5            	= 0x00060040,
-    PJ_SSL_CK_DES_192_EDE3_CBC_WITH_MD5      	= 0x000700C0
 } pj_ssl_cipher;
@@ -488,9 +479,7 @@ typedef enum pj_ssl_sock_proto
    PJ_SSL_SOCK_PROTO_DEFAULT,	    /**< Default protocol of backend.	*/
    PJ_SSL_SOCK_PROTO_TLS1,	    /**< TLSv1.0 protocol.		*/
    PJ_SSL_SOCK_PROTO_SSL3,	    /**< SSLv3.0 protocol.		*/
-    PJ_SSL_SOCK_PROTO_SSL23,	    /**< SSLv3.0 but can roll back to 
+    PJ_SSL_SOCK_PROTO_SSL23,	    /**< SSLv3.0 but can roll back to   */
-					 SSLv2.0.			*/
-    PJ_SSL_SOCK_PROTO_SSL2,	    /**< SSLv2.0 protocol.		*/
    PJ_SSL_SOCK_PROTO_DTLS1	    /**< DTLSv1.0 protocol.		*/
 } pj_ssl_sock_proto;

--- a/daemon/libs/pjproject/pjlib/src/pj/ssl_sock_ossl.c
+++ b/daemon/libs/pjproject/pjlib/src/pj/ssl_sock_ossl.c
@@ -316,10 +316,6 @@ static pj_status_t init_openssl(void)
 	    meth = (SSL_METHOD*)TLSv1_server_method();
 	if (!meth)
 	    meth = (SSL_METHOD*)SSLv3_server_method();
-#ifndef OPENSSL_NO_SSL2
-	if (!meth)
-	    meth = (SSL_METHOD*)SSLv2_server_method();
-#endif
 	pj_assert(meth);
 	ctx=SSL_CTX_new(meth);
@@ -496,11 +492,6 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock)
    case PJ_SSL_SOCK_PROTO_TLS1:
 	ssl_method = (SSL_METHOD*)TLSv1_method();
 	break;
-#ifndef OPENSSL_NO_SSL2
-    case PJ_SSL_SOCK_PROTO_SSL2:
-	ssl_method = (SSL_METHOD*)SSLv2_method();
-	break;
-#endif
    case PJ_SSL_SOCK_PROTO_SSL3:
 	ssl_method = (SSL_METHOD*)SSLv3_method();
 	break;

--- a/daemon/libs/pjproject/pjsip/src/pjsip/sip_transport_tls.c
+++ b/daemon/libs/pjproject/pjsip/src/pjsip/sip_transport_tls.c
@@ -306,9 +306,6 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_start (pjsip_endpoint *endpt,
    case PJSIP_TLSV1_METHOD:
 	ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
 	break;
-    case PJSIP_SSLV2_METHOD:
-	ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2;
-	break;
    case PJSIP_SSLV3_METHOD:
 	ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3;
 	break;
@@ -884,9 +881,6 @@ static pj_status_t lis_create_transport(pjsip_tpfactory *factory,
    case PJSIP_TLSV1_METHOD:
 	ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
 	break;
-    case PJSIP_SSLV2_METHOD:
-	ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2;
-	break;
    case PJSIP_SSLV3_METHOD:
 	ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3;
 	break;