Pavel Punsky
Pavel Punsky
Code wrapped with `SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS` can be removed now that renegotiation is completely disabled in #942
openssl-3.0 deprecated some APIs and introduced new APIs instead: `SSL_get_peer_certificate ` -> `SSL_get1_peer_certificate ` `FIPS_mode()`->`EVP_default_properties_is_fips_enabled()` `EVP_MD_CTX_set_flags()`->`EVP_default_properties_enable_fips()` specifically for enabling FIPS mode This change should workaround that by ifdef-ing old/new versions...
All versions of TLS can be supported using a single SSL_CTX - setting minimal/maximal supported version should be done using, for example, `SSL_CTX_set_options(&turn_params.tls_ctx, SSL_OP_NO_TLSv1);` (or using `SSL_CTX_set_max_proto_version` for openssl-1.1.0 and...
`TURN_NO_HIREDIS` is defined when hiredis library is not present and any redis functionality must be disabled While all above is correct, it does not require ifdef-ing out all related code....
`TURN_NO_PROMETHEUS` is defined when prometheus libraries are not present and any prometheus functionality must be disabled While all above is correct, it does not require ifdef-ing out all related code....
Rewriting openssl initialization code (threading support to make it cleaner - Regroup functions so that there is one ifdef (for old code and new code) - Modern openssl (>1.0.2) does...
The code used `get_system_number_of_cpus()` instead of `get_system_active_number_of_cpus()` to configure number of relay servers. That caused incorrect number to be used on virtualized systems. See #1468
It looks like there is a duplication here Also, turn_random_number seems to have better implementation relying on openssl `RAND_bytes`