Commit 6cbc4109 authored by Rafaël Carré's avatar Rafaël Carré
Browse files

Disable SSLv2 support from pjsip and sflphone

SSLv2 support has been removed from OpenSSL in Ubuntu Oneiric
parent 4cfad87c
...@@ -307,15 +307,6 @@ typedef enum pj_ssl_cipher { ...@@ -307,15 +307,6 @@ typedef enum pj_ssl_cipher {
PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x0000001D, PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x0000001D,
PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x0000001E, PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x0000001E,
/* SSLv2 */
PJ_SSL_CK_RC4_128_WITH_MD5 = 0x00010080,
PJ_SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x00020080,
PJ_SSL_CK_RC2_128_CBC_WITH_MD5 = 0x00030080,
PJ_SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x00040080,
PJ_SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x00050080,
PJ_SSL_CK_DES_64_CBC_WITH_MD5 = 0x00060040,
PJ_SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x000700C0
} pj_ssl_cipher; } pj_ssl_cipher;
...@@ -466,9 +457,7 @@ typedef enum pj_ssl_sock_proto ...@@ -466,9 +457,7 @@ typedef enum pj_ssl_sock_proto
PJ_SSL_SOCK_PROTO_DEFAULT, /**< Default protocol of backend. */ PJ_SSL_SOCK_PROTO_DEFAULT, /**< Default protocol of backend. */
PJ_SSL_SOCK_PROTO_TLS1, /**< TLSv1.0 protocol. */ PJ_SSL_SOCK_PROTO_TLS1, /**< TLSv1.0 protocol. */
PJ_SSL_SOCK_PROTO_SSL3, /**< SSLv3.0 protocol. */ PJ_SSL_SOCK_PROTO_SSL3, /**< SSLv3.0 protocol. */
PJ_SSL_SOCK_PROTO_SSL23, /**< SSLv3.0 but can roll back to PJ_SSL_SOCK_PROTO_SSL23, /**< SSLv3.0 but can roll back to SSLv2.0. */
SSLv2.0. */
PJ_SSL_SOCK_PROTO_SSL2, /**< SSLv2.0 protocol. */
PJ_SSL_SOCK_PROTO_DTLS1 /**< DTLSv1.0 protocol. */ PJ_SSL_SOCK_PROTO_DTLS1 /**< DTLSv1.0 protocol. */
} pj_ssl_sock_proto; } pj_ssl_sock_proto;
......
...@@ -310,8 +310,6 @@ static pj_status_t init_openssl(void) ...@@ -310,8 +310,6 @@ static pj_status_t init_openssl(void)
meth = (SSL_METHOD*)TLSv1_server_method(); meth = (SSL_METHOD*)TLSv1_server_method();
if (!meth) if (!meth)
meth = (SSL_METHOD*)SSLv3_server_method(); meth = (SSL_METHOD*)SSLv3_server_method();
if (!meth)
meth = (SSL_METHOD*)SSLv2_server_method();
pj_assert(meth); pj_assert(meth);
ctx=SSL_CTX_new(meth); ctx=SSL_CTX_new(meth);
...@@ -488,9 +486,6 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock) ...@@ -488,9 +486,6 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock)
case PJ_SSL_SOCK_PROTO_TLS1: case PJ_SSL_SOCK_PROTO_TLS1:
ssl_method = (SSL_METHOD*)TLSv1_method(); ssl_method = (SSL_METHOD*)TLSv1_method();
break; break;
case PJ_SSL_SOCK_PROTO_SSL2:
ssl_method = (SSL_METHOD*)SSLv2_method();
break;
case PJ_SSL_SOCK_PROTO_SSL3: case PJ_SSL_SOCK_PROTO_SSL3:
ssl_method = (SSL_METHOD*)SSLv3_method(); ssl_method = (SSL_METHOD*)SSLv3_method();
break; break;
......
...@@ -304,9 +304,6 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_start (pjsip_endpoint *endpt, ...@@ -304,9 +304,6 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_start (pjsip_endpoint *endpt,
case PJSIP_TLSV1_METHOD: case PJSIP_TLSV1_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1; ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
break; break;
case PJSIP_SSLV2_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2;
break;
case PJSIP_SSLV3_METHOD: case PJSIP_SSLV3_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3; ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3;
break; break;
...@@ -881,9 +878,6 @@ static pj_status_t lis_create_transport(pjsip_tpfactory *factory, ...@@ -881,9 +878,6 @@ static pj_status_t lis_create_transport(pjsip_tpfactory *factory,
case PJSIP_TLSV1_METHOD: case PJSIP_TLSV1_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1; ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
break; break;
case PJSIP_SSLV2_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2;
break;
case PJSIP_SSLV3_METHOD: case PJSIP_SSLV3_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3; ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3;
break; break;
......
...@@ -351,9 +351,6 @@ static pj_status_t create_ctx( struct tls_listener *lis, SSL_CTX **p_ctx) ...@@ -351,9 +351,6 @@ static pj_status_t create_ctx( struct tls_listener *lis, SSL_CTX **p_ctx)
case PJSIP_TLSV1_METHOD: case PJSIP_TLSV1_METHOD:
ssl_method = TLSv1_method(); ssl_method = TLSv1_method();
break; break;
case PJSIP_SSLV2_METHOD:
ssl_method = SSLv2_method();
break;
case PJSIP_SSLV3_METHOD: case PJSIP_SSLV3_METHOD:
ssl_method = SSLv3_method(); ssl_method = SSLv3_method();
break; break;
......
...@@ -175,7 +175,6 @@ std::vector<std::string> ConfigurationManager::getSupportedTlsMethod (void) ...@@ -175,7 +175,6 @@ std::vector<std::string> ConfigurationManager::getSupportedTlsMethod (void)
std::vector<std::string> method; std::vector<std::string> method;
method.push_back ("Default"); method.push_back ("Default");
method.push_back ("TLSv1"); method.push_back ("TLSv1");
method.push_back ("SSLv2");
method.push_back ("SSLv3"); method.push_back ("SSLv3");
method.push_back ("SSLv23"); method.push_back ("SSLv23");
return method; return method;
......
...@@ -576,9 +576,6 @@ pjsip_ssl_method SIPAccount::sslMethodStringToPjEnum (const std::string& method) ...@@ -576,9 +576,6 @@ pjsip_ssl_method SIPAccount::sslMethodStringToPjEnum (const std::string& method)
if (method == "TLSv1") if (method == "TLSv1")
return PJSIP_TLSV1_METHOD; return PJSIP_TLSV1_METHOD;
if (method == "SSLv2")
return PJSIP_SSLV2_METHOD;
if (method == "SSLv3") if (method == "SSLv3")
return PJSIP_SSLV3_METHOD; return PJSIP_SSLV3_METHOD;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment