From a9c94d5b12357c06f4cbf406e1bcb87b965218bc Mon Sep 17 00:00:00 2001
From: Jiawei Ou <ouj@fb.com>
Date: Tue, 30 Jan 2018 23:05:07 -0800
Subject: [PATCH] Be explicit about OpenSSL version requriement.

https://chromium-review.googlesource.com/c/external/webrtc/+/575910 pretty much made it a mandate to have OpenSSL 1.1.0 to compile webrtc.

So, let's be explicit about it and cleanup old code for older version support.

Also, generate a compiler error for older OpenSSL versions.

Bug: webrtc:8817
Change-Id: I28590348137b6a04503eabdcc6328297ecf5213e
Reviewed-on: https://webrtc-review.googlesource.com/46502
Reviewed-by: Justin Uberti <juberti@webrtc.org>
Commit-Queue: Jiawei Ou <ouj@fb.com>
Cr-Commit-Position: refs/heads/master@{#21861}
---
 rtc_base/openssl.h               |  4 ++--
 rtc_base/opensslstreamadapter.cc | 22 ++--------------------
 2 files changed, 4 insertions(+), 22 deletions(-)

diff --git a/rtc_base/openssl.h b/rtc_base/openssl.h
index a0325c972c..dbbae05319 100644
--- a/rtc_base/openssl.h
+++ b/rtc_base/openssl.h
@@ -13,8 +13,8 @@
 
 #include <openssl/ssl.h>
 
-#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
-#error OpenSSL is older than 1.0.0, which is the minimum supported version.
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#error OpenSSL is older than 1.1.0, which is the minimum supported version.
 #endif
 
 #endif  // RTC_BASE_OPENSSL_H_
diff --git a/rtc_base/opensslstreamadapter.cc b/rtc_base/opensslstreamadapter.cc
index ae7eef1776..a126c4b08c 100644
--- a/rtc_base/opensslstreamadapter.cc
+++ b/rtc_base/opensslstreamadapter.cc
@@ -42,8 +42,8 @@ namespace {
 
 namespace rtc {
 
-#if (OPENSSL_VERSION_NUMBER < 0x10001000L)
-#error "webrtc requires at least OpenSSL version 1.0.1, to support DTLS-SRTP"
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#error "webrtc requires at least OpenSSL version 1.1.0, to support DTLS-SRTP"
 #endif
 
 // SRTP cipher suite table. |internal_name| is used to construct a
@@ -969,35 +969,17 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
     case SSL_PROTOCOL_TLS_12:
     default:
       if (ssl_mode_ == SSL_MODE_DTLS) {
-#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
-        // DTLS 1.2 only available starting from OpenSSL 1.0.2
         if (role_ == SSL_CLIENT) {
           method = DTLS_client_method();
         } else {
           method = DTLS_server_method();
         }
-#else
-        if (role_ == SSL_CLIENT) {
-          method = DTLSv1_client_method();
-        } else {
-          method = DTLSv1_server_method();
-        }
-#endif
       } else {
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-        // New API only available starting from OpenSSL 1.1.0
         if (role_ == SSL_CLIENT) {
           method = TLS_client_method();
         } else {
           method = TLS_server_method();
         }
-#else
-        if (role_ == SSL_CLIENT) {
-          method = SSLv23_client_method();
-        } else {
-          method = SSLv23_server_method();
-        }
-#endif
       }
       break;
   }