diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update
index 951671267f..5b7da58dcf 100644
--- a/libs/sofia-sip/.update
+++ b/libs/sofia-sip/.update
@@ -1 +1 @@
-Wed Jun 21 08:51:26 CDT 2017
+Mon Jun 26 14:53:11 CDT 2017
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
index c872336b0b..958d2e76b7 100644
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
@@ -505,7 +505,7 @@ tls_t *tls_init_master(tls_issues_t *ti)
return NULL;
}
- RAND_pseudo_bytes(sessionId, sizeof(sessionId));
+ RAND_bytes(sessionId, sizeof(sessionId));
if (!SSL_CTX_set_session_id_context(tls->ctx,
(void*) sessionId,
@@ -516,7 +516,11 @@ tls_t *tls_init_master(tls_issues_t *ti)
if (ti->CAfile != NULL) {
SSL_CTX_set_client_CA_list(tls->ctx,
SSL_load_client_CA_file(ti->CAfile));
- if (tls->ctx->client_CA == NULL)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ if (SSL_CTX_get_client_CA_list(tls->ctx) == NULL)
+#else
+ if (tls->ctx->client_CA == NULL)
+#endif
tls_log_errors(3, "tls_init_master", 0);
}
diff --git a/src/mod/endpoints/mod_rtmp/handshake.h b/src/mod/endpoints/mod_rtmp/handshake.h
index f33ad9fd08..19c77810b0 100644
--- a/src/mod/endpoints/mod_rtmp/handshake.h
+++ b/src/mod/endpoints/mod_rtmp/handshake.h
@@ -42,9 +42,15 @@
#if OPENSSL_VERSION_NUMBER < 0x0090800 || !defined(SHA256_DIGEST_LENGTH)
#error Your OpenSSL is too old, need 0.9.8 or newer with SHA256
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define HMAC_setup(ctx, key, len) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, EVP_sha256(), 0)
#define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, buf, len)
#define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx)
+#else
+#define HMAC_setup(ctx, key, len)ctx=HMAC_CTX_new(); HMAC_Init_ex(ctx, key, len, EVP_sha256(), 0)
+#define HMAC_crunch(ctx, buf, len)HMAC_Update(ctx, buf, len)
+#define HMAC_finish(ctx, dig, dlen) HMAC_Final(ctx, dig, &dlen); HMAC_CTX_free(ctx)
+#endif
#define FP10
#define RTMP_SIG_SIZE 1536
@@ -152,8 +158,12 @@ static getoff *digoff[] = {GetDigestOffset1, GetDigestOffset2};
static void HMACsha256(const uint8_t *message, size_t messageLen, const uint8_t *key, size_t keylen, uint8_t *digest)
{
unsigned int digestLen;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX ctx;
-
+#else
+ HMAC_CTX *ctx;
+#endif
+
HMAC_setup(ctx, key, (int)keylen);
HMAC_crunch(ctx, message, messageLen);
HMAC_finish(ctx, digest, digestLen);
diff --git a/src/switch_core_cert.c b/src/switch_core_cert.c
index cf259dd2b8..1083a70332 100644
--- a/src/switch_core_cert.c
+++ b/src/switch_core_cert.c
@@ -359,7 +359,22 @@ static int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days
x = *x509p;
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ rsa = RSA_new();
+ {
+ static const BN_ULONG ULONG_RSA_F4 = RSA_F4;
+ BIGNUM* BN_value_RSA_F4 = BN_new();
+ if (!BN_value_RSA_F4) {
+ abort();
+ goto err;
+ }
+ BN_set_word(BN_value_RSA_F4,ULONG_RSA_F4);
+ RSA_generate_key_ex(rsa, bits, BN_value_RSA_F4, NULL);
+ BN_free(BN_value_RSA_F4);
+ }
+#else
rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
+#endif
if (!EVP_PKEY_assign_RSA(pk, rsa)) {
abort();
diff --git a/src/switch_rtp.c b/src/switch_rtp.c
index 760b9122e6..0586ca2ab3 100644
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -3284,10 +3284,18 @@ static int cb_verify_peer(int preverify_ok, X509_STORE_CTX *ctx)
////////////
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
static BIO_METHOD dtls_bio_filter_methods;
+#else
+static BIO_METHOD *dtls_bio_filter_methods;
+#endif
BIO_METHOD *BIO_dtls_filter(void) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
return(&dtls_bio_filter_methods);
+#else
+ return(dtls_bio_filter_methods);
+#endif
}
typedef struct packet_list_s {
@@ -3320,10 +3328,16 @@ static int dtls_bio_filter_new(BIO *bio) {
switch_mutex_init(&filter->mutex, SWITCH_MUTEX_NESTED, filter->pool);
/* Set the BIO as initialized */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
bio->init = 1;
bio->ptr = filter;
bio->flags = 0;
-
+#else
+ BIO_set_init(bio, 1);
+ BIO_set_data(bio, filter);
+ BIO_clear_flags(bio, ~0);
+#endif
+
return 1;
}
@@ -3335,7 +3349,11 @@ static int dtls_bio_filter_free(BIO *bio) {
}
/* Get rid of the filter state */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
filter = (dtls_bio_filter *)bio->ptr;
+#else
+ filter = (dtls_bio_filter *)BIO_get_data(bio);
+#endif
if (filter != NULL) {
switch_memory_pool_t *pool = filter->pool;
@@ -3344,9 +3362,15 @@ static int dtls_bio_filter_free(BIO *bio) {
filter = NULL;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
bio->ptr = NULL;
bio->init = 0;
bio->flags = 0;
+#else
+ BIO_set_init(bio, 0);
+ BIO_set_data(bio, NULL);
+ BIO_clear_flags(bio, ~0);
+#endif
return 1;
}
@@ -3356,11 +3380,20 @@ static int dtls_bio_filter_write(BIO *bio, const char *in, int inl) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, "dtls_bio_filter_write: %p, %d\n", (void *)in, inl);
/* Forward data to the write BIO */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ret = BIO_write(bio->next_bio, in, inl);
+#else
+ ret = BIO_write(BIO_next(bio), in, inl);
+#endif
+
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG1, " -- %ld\n", ret);
/* Keep track of the packet, as we'll advertize them one by one after a pending check */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
filter = (dtls_bio_filter *)bio->ptr;
+#else
+ filter = (dtls_bio_filter *)BIO_get_data(bio);
+#endif
if (filter != NULL) {
packet_list_t *node;
@@ -3391,7 +3424,11 @@ static int dtls_bio_filter_write(BIO *bio, const char *in, int inl) {
}
static long dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
dtls_bio_filter *filter = (dtls_bio_filter *)bio->ptr;
+#else
+ dtls_bio_filter *filter = (dtls_bio_filter *)BIO_get_data(bio);
+#endif
switch(cmd) {
case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
@@ -3438,6 +3475,7 @@ static long dtls_bio_filter_ctrl(BIO *bio, int cmd, long num, void *ptr) {
return 0;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
static BIO_METHOD dtls_bio_filter_methods = {
BIO_TYPE_FILTER,
"DTLS filter",
@@ -3450,7 +3488,9 @@ static BIO_METHOD dtls_bio_filter_methods = {
dtls_bio_filter_free,
NULL
};
-
+#else
+static BIO_METHOD *dtls_bio_filter_methods = NULL;
+#endif
///////////
@@ -3598,7 +3638,11 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
dtls->ca = switch_core_sprintf(rtp_session->pool, "%s%sca-bundle.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ dtls->ssl_ctx = SSL_CTX_new((type & DTLS_TYPE_SERVER) ? DTLS_server_method() : DTLS_client_method());
+#else
dtls->ssl_ctx = SSL_CTX_new((type & DTLS_TYPE_SERVER) ? DTLSv1_server_method() : DTLSv1_client_method());
+#endif
switch_assert(dtls->ssl_ctx);
bio = BIO_new_file(dtls->pem, "r");
@@ -3659,7 +3703,17 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_add_dtls(switch_rtp_t *rtp_session, d
dtls->ssl = SSL_new(dtls->ssl_ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
dtls->filter_bio = BIO_new(BIO_dtls_filter());
+#else
+ dtls_bio_filter_methods = BIO_meth_new(BIO_TYPE_FILTER | BIO_get_new_index(), "DTLS filter");
+ BIO_meth_set_write(dtls_bio_filter_methods, dtls_bio_filter_write);
+ BIO_meth_set_ctrl(dtls_bio_filter_methods, dtls_bio_filter_ctrl);
+ BIO_meth_set_create(dtls_bio_filter_methods, dtls_bio_filter_new);
+ BIO_meth_set_destroy(dtls_bio_filter_methods, dtls_bio_filter_free);
+ dtls->filter_bio = BIO_new(dtls_bio_filter_methods);
+#endif
+
switch_assert(dtls->filter_bio);
BIO_push(dtls->filter_bio, dtls->write_bio);