12 years ago · ea32bf9d3c
--- a/modules/tls/tls_config.c
+++ b/modules/tls/tls_config.c
@@ -119,10 +119,12 @@ static int parse_ipv4(struct ip_addr* ip, cfg_token_t* token,
 
				 
			
 
				 
			
 
				 static cfg_option_t methods[] = { 
			
 
				-	{"SSLv2",  .val = TLS_USE_SSLv2},
			
 
				-	{"SSLv3",  .val = TLS_USE_SSLv3},
			
 
				-	{"SSLv23", .val = TLS_USE_SSLv23},
			
 
				-	{"TLSv1",  .val = TLS_USE_TLSv1},
			
 
				+	{"SSLv2",   .val = TLS_USE_SSLv2},
			
 
				+	{"SSLv3",   .val = TLS_USE_SSLv3},
			
 
				+	{"SSLv23",  .val = TLS_USE_SSLv23},
			
 
				+	{"TLSv1",   .val = TLS_USE_TLSv1},
			
 
				+	{"TLSv1.1", .val = TLS_USE_TLSv1_1},
			
 
				+	{"TLSv1.2", .val = TLS_USE_TLSv1_2},
			
 
				 	{0}
			
 
				 };
			
 
				 
			
@@ -458,5 +460,13 @@ int tls_parse_method(str* method)
 
				     opt = cfg_lookup_token(methods, method);
			
 
				     if (!opt) return -1;
			
 
				 
			
 
				+#if OPENSSL_VERSION_NUMBER < 0x1000105fL
			
 
				+	if(opt->val == TLS_USE_TLSv1_2) {
			
 
				+		LM_ERR("tls v1.2 not supported by this libssl version: %ld\n",
			
 
				+				OPENSSL_VERSION_NUMBER);
			
 
				+		return -1;
			
 
				+	}
			
 
				+#endif
			
 
				+
			
 
				     return opt->val;
			
 
				 }
			
--- a/modules/tls/tls_domain.h
+++ b/modules/tls/tls_domain.h
@@ -48,6 +48,12 @@ enum tls_method {
 
				 	TLS_USE_SSLv23_cli,
			
 
				 	TLS_USE_SSLv23_srv,
			
 
				 	TLS_USE_SSLv23,
			
 
				+	TLS_USE_TLSv1_1_cli,
			
 
				+	TLS_USE_TLSv1_1_srv,
			
 
				+	TLS_USE_TLSv1_1,
			
 
				+	TLS_USE_TLSv1_2_cli,
			
 
				+	TLS_USE_TLSv1_2_srv,
			
 
				+	TLS_USE_TLSv1_2,
			
 
				 	TLS_METHOD_MAX
			
 
				 };
			
 
				 
			
--- a/modules/tls/tls_init.c
+++ b/modules/tls/tls_init.c
@@ -132,7 +132,7 @@ to compile on the  _target_ system)"
 
				 int openssl_kssl_malloc_bug=0; /* is openssl bug #1467 present ? */
			
 
				 #endif
			
 
				 
			
 
				-const SSL_METHOD* ssl_methods[TLS_USE_SSLv23 + 1];
			
 
				+const SSL_METHOD* ssl_methods[TLS_METHOD_MAX];
			
 
				 
			
 
				 #ifdef NO_TLS_MALLOC_DBG
			
 
				 #undef TLS_MALLOC_DBG /* extra malloc debug info from openssl */
			
@@ -350,14 +350,24 @@ static void init_ssl_methods(void)
 
				 	ssl_methods[TLS_USE_SSLv3_cli - 1] = SSLv3_client_method();
			
 
				 	ssl_methods[TLS_USE_SSLv3_srv - 1] = SSLv3_server_method();
			
 
				 	ssl_methods[TLS_USE_SSLv3 - 1] = SSLv3_method();
			
 
				-	
			
 
				+
			
 
				 	ssl_methods[TLS_USE_TLSv1_cli - 1] = TLSv1_client_method();
			
 
				 	ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method();
			
 
				 	ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method();
			
 
				-	
			
 
				+
			
 
				 	ssl_methods[TLS_USE_SSLv23_cli - 1] = SSLv23_client_method();
			
 
				 	ssl_methods[TLS_USE_SSLv23_srv - 1] = SSLv23_server_method();
			
 
				 	ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
			
 
				+
			
 
				+	ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method();
			
 
				+	ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method();
			
 
				+	ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method();
			
 
				+
			
 
				+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
			
 
				+	ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method();
			
 
				+	ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method();
			
 
				+	ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method();
			
 
				+#endif
			
 
				 }