gjasny/gist:04463e481d9b14e81c08d0fa3b9071af

## gistfile1.txt
diff --git a/reflow/dtls_wrapper/bf_dwrap.c b/reflow/dtls_wrapper/bf_dwrap.c
index 7bcad1ff2..d79c19137 100644
--- a/reflow/dtls_wrapper/bf_dwrap.c
+++ b/reflow/dtls_wrapper/bf_dwrap.c
@@ -7,9 +7,38 @@
 #include <stdio.h>
 #include <errno.h>
 #include <openssl/bio.h>
+#include <openssl/opensslv.h>
 #include "rutil/ResipAssert.h"
 #include <memory.h>

+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+static inline BIO_METHOD *BIO_meth_new(int type, const char *name)
+{
+  BIO_METHOD *biom = calloc(1, sizeof(BIO_METHOD));
+
+  if (biom != NULL) {
+    biom->type = type;
+    biom->name = name;
+  }
+  return biom;
+}
+
+#define BIO_meth_set_write(b, f) (b)->bwrite = (f)
+#define BIO_meth_set_read(b, f) (b)->bread = (f)
+#define BIO_meth_set_puts(b, f) (b)->bputs = (f)
+#define BIO_meth_set_gets(b, f) (b)->bgets = (f)
+#define BIO_meth_set_ctrl(b, f) (b)->ctrl = (f)
+#define BIO_meth_set_create(b, f) (b)->create = (f)
+#define BIO_meth_set_destroy(b, f) (b)->destroy = (f)
+#define BIO_meth_set_callback_ctrl(b, f) (b)->callback_ctrl = (f)
+
+#define BIO_set_init(b, val) (b)->init = (val)
+#define BIO_set_data(b, val) (b)->ptr = (val)
+#define BIO_get_data(b) (b)->ptr
+
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
 #define BIO_TYPE_DWRAP       (50 | 0x0400 | 0x0200)

 static int dwrap_new(BIO *bio);
diff --git a/resip/stack/ssl/DtlsTransport.cxx b/resip/stack/ssl/DtlsTransport.cxx
index 8e1a4e75b..8c5e825d3 100644
--- a/resip/stack/ssl/DtlsTransport.cxx
+++ b/resip/stack/ssl/DtlsTransport.cxx
@@ -58,6 +58,7 @@
 #include <openssl/pkcs7.h>
 #include <openssl/x509v3.h>
 #include <openssl/ssl.h>
+#include <openssl/opensslv.h>

 #ifdef USE_SIGCOMP
 #include <osc/Stack.h>
@@ -67,6 +68,21 @@

 #define RESIPROCATE_SUBSYSTEM Subsystem::TRANSPORT

+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+static void SSL_set0_rbio(SSL *s, BIO *rbio)
+{
+    BIO_free_all(s->rbio);
+    s->rbio = rbio;
+}
+
+static void BIO_up_ref(BIO *a)
+{
+    CRYPTO_add(&a->references, 1, CRYPTO_LOCK_BIO);
+}
+
+#endif
+
 using namespace std;
 using namespace resip;

diff --git a/resip/stack/ssl/Security.cxx b/resip/stack/ssl/Security.cxx
index 23ca59dc7..4c6a8293d 100644
--- a/resip/stack/ssl/Security.cxx
+++ b/resip/stack/ssl/Security.cxx
@@ -1820,11 +1820,12 @@ BaseSecurity::computeIdentity( const Data& signerDomain, const Data& in ) const

    if ( !rsa )
    {
-      ErrLog( << "Private key for "
+      ErrLog( << "Private key (type=" << EVP_PKEY_id(pKey) <<"for "
               << signerDomain << " is not of type RSA" );
       throw Exception("No RSA private key when computing identity",__FILE__,__LINE__);
    }

+   resip_assert( rsa );

    unsigned char result[4096];
    int resultSize = sizeof(result);
@@ -2962,7 +2963,7 @@ BaseSecurity::matchHostNameWithWildcards(const Data& certificateName, const Data
 }

 bool
-BaseSecurity::isSelfSigned(const X509 *cert)
+BaseSecurity::isSelfSigned(X509 *cert)
 {
    int iRet = X509_NAME_cmp(X509_get_issuer_name(cert), X509_get_subject_name(cert));
    return (iRet == 0);
diff --git a/resip/stack/ssl/Security.hxx b/resip/stack/ssl/Security.hxx
index 6cba20153..8790f86cd 100644
--- a/resip/stack/ssl/Security.hxx
+++ b/resip/stack/ssl/Security.hxx
@@ -181,7 +181,7 @@ class BaseSecurity
       // retrieves a list of all certificate names (subjectAltNAme's and CommonName)
       static void getCertNames(X509 *cert, std::list<PeerName> &peerNames, bool useEmailAsSIP = false);

-      static bool isSelfSigned(const X509* cert);
+      static bool isSelfSigned(X509* cert);

       static int matchHostName(const Data& certificateName, const Data& domainName);

diff --git a/resip/stack/test/testSecurity.cxx b/resip/stack/test/testSecurity.cxx
index 161d66168..8f5311cb5 100644
--- a/resip/stack/test/testSecurity.cxx
+++ b/resip/stack/test/testSecurity.cxx
@@ -13,6 +13,7 @@

 #ifdef USE_SSL
 #include <openssl/evp.h>
+#include <openssl/opensslv.h>
 #endif

 using namespace std;
@@ -20,6 +21,30 @@ using namespace resip;

 #define RESIPROCATE_SUBSYSTEM Subsystem::TEST

+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+static void *OPENSSL_zalloc(size_t num)
+{
+    void *ret = OPENSSL_malloc(num);
+
+    if (ret != NULL)
+        memset(ret, 0, num);
+    return ret;
+}
+
+static EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+    return (EVP_MD_CTX*)OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+    EVP_MD_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+
+#endif
+
 // the destructor in BaseSecurity started crashing on the Mac and Windows
 // at Revision 5785. The crash can be reproduced by creating 2 security
 // objects, one after another.
@@ -69,11 +94,13 @@ class HashThread : public ThreadIf
          if( 0 == pDigest)
             return;

-         EVP_MD_CTX *cCtx = EVP_MD_CTX_new();
-         EVP_DigestInit(cCtx, pDigest);
-         EVP_DigestUpdate(cCtx, pBuf, strlen(pBuf));
-         EVP_DigestFinal(cCtx, MD5_digest, &iDigest);
-         EVP_MD_CTX_free(cCtx);
+         EVP_MD_CTX* pCtx = EVP_MD_CTX_new();
+         if(!pCtx)
+            return;
+         EVP_DigestInit(pCtx, pDigest);
+         EVP_DigestUpdate(pCtx, pBuf, strlen(pBuf));
+         EVP_DigestFinal(pCtx, MD5_digest, &iDigest);
+         EVP_MD_CTX_free(pCtx);

 //         cout << "Your digest is: " << MD5_digest << endl;
 #else
diff --git a/rutil/ssl/OpenSSLInit.cxx b/rutil/ssl/OpenSSLInit.cxx
index 310666b32..eb35b36f0 100644
--- a/rutil/ssl/OpenSSLInit.cxx
+++ b/rutil/ssl/OpenSSLInit.cxx
@@ -18,6 +18,7 @@

 #define OPENSSL_THREAD_DEFINES
 #include <openssl/opensslconf.h>
+#include <openssl/opensslv.h>

 #if  defined(WIN32) && defined(_MSC_VER) && (_MSC_VER >= 1900)
 // OpenSSL builds use an older version of visual studio that require the following definition
@@ -66,7 +67,13 @@ OpenSSLInit::OpenSSLInit()
 	CRYPTO_set_dynlock_lock_callback(::resip_OpenSSLInit_dynLockFunction);
 #endif

+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	CRYPTO_malloc_debug_init();
+	CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+#else
 	CRYPTO_set_mem_debug(1);
+#endif
+
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

 	SSL_library_init();
	diff --git a/reflow/dtls_wrapper/bf_dwrap.c b/reflow/dtls_wrapper/bf_dwrap.c
	index 7bcad1ff2..d79c19137 100644
	--- a/reflow/dtls_wrapper/bf_dwrap.c
	+++ b/reflow/dtls_wrapper/bf_dwrap.c
	@@ -7,9 +7,38 @@
	#include <stdio.h>
	#include <errno.h>
	#include <openssl/bio.h>
	+#include <openssl/opensslv.h>
	#include "rutil/ResipAssert.h"
	#include <memory.h>

	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
	+
	+static inline BIO_METHOD BIO_meth_new(int type, const char name)
	+{
	+ BIO_METHOD *biom = calloc(1, sizeof(BIO_METHOD));
	+
	+ if (biom != NULL) {
	+ biom->type = type;
	+ biom->name = name;
	+ }
	+ return biom;
	+}
	+
	+#define BIO_meth_set_write(b, f) (b)->bwrite = (f)
	+#define BIO_meth_set_read(b, f) (b)->bread = (f)
	+#define BIO_meth_set_puts(b, f) (b)->bputs = (f)
	+#define BIO_meth_set_gets(b, f) (b)->bgets = (f)
	+#define BIO_meth_set_ctrl(b, f) (b)->ctrl = (f)
	+#define BIO_meth_set_create(b, f) (b)->create = (f)
	+#define BIO_meth_set_destroy(b, f) (b)->destroy = (f)
	+#define BIO_meth_set_callback_ctrl(b, f) (b)->callback_ctrl = (f)
	+
	+#define BIO_set_init(b, val) (b)->init = (val)
	+#define BIO_set_data(b, val) (b)->ptr = (val)
	+#define BIO_get_data(b) (b)->ptr
	+
	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
	+
	#define BIO_TYPE_DWRAP (50 \| 0x0400 \| 0x0200)

	static int dwrap_new(BIO *bio);
	diff --git a/resip/stack/ssl/DtlsTransport.cxx b/resip/stack/ssl/DtlsTransport.cxx
	index 8e1a4e75b..8c5e825d3 100644
	--- a/resip/stack/ssl/DtlsTransport.cxx
	+++ b/resip/stack/ssl/DtlsTransport.cxx
	@@ -58,6 +58,7 @@
	#include <openssl/pkcs7.h>
	#include <openssl/x509v3.h>
	#include <openssl/ssl.h>
	+#include <openssl/opensslv.h>

	#ifdef USE_SIGCOMP
	#include <osc/Stack.h>
	@@ -67,6 +68,21 @@

	#define RESIPROCATE_SUBSYSTEM Subsystem::TRANSPORT

	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
	+
	+static void SSL_set0_rbio(SSL s, BIO rbio)
	+{
	+ BIO_free_all(s->rbio);
	+ s->rbio = rbio;
	+}
	+
	+static void BIO_up_ref(BIO *a)
	+{
	+ CRYPTO_add(&a->references, 1, CRYPTO_LOCK_BIO);
	+}
	+
	+#endif
	+
	using namespace std;
	using namespace resip;

	diff --git a/resip/stack/ssl/Security.cxx b/resip/stack/ssl/Security.cxx
	index 23ca59dc7..4c6a8293d 100644
	--- a/resip/stack/ssl/Security.cxx
	+++ b/resip/stack/ssl/Security.cxx
	@@ -1820,11 +1820,12 @@ BaseSecurity::computeIdentity( const Data& signerDomain, const Data& in ) const

	if ( !rsa )
	{
	- ErrLog( << "Private key for "
	+ ErrLog( << "Private key (type=" << EVP_PKEY_id(pKey) <<"for "
	<< signerDomain << " is not of type RSA" );
	throw Exception("No RSA private key when computing identity",__FILE__,__LINE__);
	}

	+ resip_assert( rsa );

	unsigned char result[4096];
	int resultSize = sizeof(result);
	@@ -2962,7 +2963,7 @@ BaseSecurity::matchHostNameWithWildcards(const Data& certificateName, const Data
	}

	bool
	-BaseSecurity::isSelfSigned(const X509 *cert)
	+BaseSecurity::isSelfSigned(X509 *cert)
	{
	int iRet = X509_NAME_cmp(X509_get_issuer_name(cert), X509_get_subject_name(cert));
	return (iRet == 0);
	diff --git a/resip/stack/ssl/Security.hxx b/resip/stack/ssl/Security.hxx
	index 6cba20153..8790f86cd 100644
	--- a/resip/stack/ssl/Security.hxx
	+++ b/resip/stack/ssl/Security.hxx
	@@ -181,7 +181,7 @@ class BaseSecurity
	// retrieves a list of all certificate names (subjectAltNAme's and CommonName)
	static void getCertNames(X509 *cert, std::list<PeerName> &peerNames, bool useEmailAsSIP = false);

	- static bool isSelfSigned(const X509* cert);
	+ static bool isSelfSigned(X509* cert);

	static int matchHostName(const Data& certificateName, const Data& domainName);

	diff --git a/resip/stack/test/testSecurity.cxx b/resip/stack/test/testSecurity.cxx
	index 161d66168..8f5311cb5 100644
	--- a/resip/stack/test/testSecurity.cxx
	+++ b/resip/stack/test/testSecurity.cxx
	@@ -13,6 +13,7 @@

	#ifdef USE_SSL
	#include <openssl/evp.h>
	+#include <openssl/opensslv.h>
	#endif

	using namespace std;
	@@ -20,6 +21,30 @@ using namespace resip;

	#define RESIPROCATE_SUBSYSTEM Subsystem::TEST

	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
	+
	+static void *OPENSSL_zalloc(size_t num)
	+{
	+ void *ret = OPENSSL_malloc(num);
	+
	+ if (ret != NULL)
	+ memset(ret, 0, num);
	+ return ret;
	+}
	+
	+static EVP_MD_CTX *EVP_MD_CTX_new(void)
	+{
	+ return (EVP_MD_CTX*)OPENSSL_zalloc(sizeof(EVP_MD_CTX));
	+}
	+
	+static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
	+{
	+ EVP_MD_CTX_cleanup(ctx);
	+ OPENSSL_free(ctx);
	+}
	+
	+#endif
	+
	// the destructor in BaseSecurity started crashing on the Mac and Windows
	// at Revision 5785. The crash can be reproduced by creating 2 security
	// objects, one after another.
	@@ -69,11 +94,13 @@ class HashThread : public ThreadIf
	if( 0 == pDigest)
	return;

	- EVP_MD_CTX *cCtx = EVP_MD_CTX_new();
	- EVP_DigestInit(cCtx, pDigest);
	- EVP_DigestUpdate(cCtx, pBuf, strlen(pBuf));
	- EVP_DigestFinal(cCtx, MD5_digest, &iDigest);
	- EVP_MD_CTX_free(cCtx);
	+ EVP_MD_CTX* pCtx = EVP_MD_CTX_new();
	+ if(!pCtx)
	+ return;
	+ EVP_DigestInit(pCtx, pDigest);
	+ EVP_DigestUpdate(pCtx, pBuf, strlen(pBuf));
	+ EVP_DigestFinal(pCtx, MD5_digest, &iDigest);
	+ EVP_MD_CTX_free(pCtx);

	// cout << "Your digest is: " << MD5_digest << endl;
	#else
	diff --git a/rutil/ssl/OpenSSLInit.cxx b/rutil/ssl/OpenSSLInit.cxx
	index 310666b32..eb35b36f0 100644
	--- a/rutil/ssl/OpenSSLInit.cxx
	+++ b/rutil/ssl/OpenSSLInit.cxx
	@@ -18,6 +18,7 @@

	#define OPENSSL_THREAD_DEFINES
	#include <openssl/opensslconf.h>
	+#include <openssl/opensslv.h>

	#if defined(WIN32) && defined(_MSC_VER) && (_MSC_VER >= 1900)
	// OpenSSL builds use an older version of visual studio that require the following definition
	@@ -66,7 +67,13 @@ OpenSSLInit::OpenSSLInit()
	CRYPTO_set_dynlock_lock_callback(::resip_OpenSSLInit_dynLockFunction);
	#endif

	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
	+ CRYPTO_malloc_debug_init();
	+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
	+#else
	CRYPTO_set_mem_debug(1);
	+#endif
	+
	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

	SSL_library_init();