Stop implying that we support openssl 1.0.0; we don't.

Closes ticket 20303.

The LIBRESSL_VERSION_NUMBER check is needed because if our openssl
is really libressl, it will have an openssl version number we can't
really believe.
This commit is contained in:
Nick Mathewson 2016-10-06 12:58:49 -04:00
parent 80e2896d52
commit 850ec1e282
3 changed files with 9 additions and 4 deletions

4
changes/no_openssl_100 Normal file
View File

@ -0,0 +1,4 @@
o Required libraries:
- When building with OpenSSL, Tor now requires version 1.0.1 or later.
OpenSSL 1.0.0 and earlier are no longer supported by the openssl team,
and should not be used. Closes ticket 20303.

View File

@ -614,12 +614,12 @@ CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
AC_TRY_COMPILE([
#include <openssl/opensslv.h>
#if OPENSSL_VERSION_NUMBER < 0x1000000fL
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
#error "too old"
#endif
], [],
[ : ],
[ AC_ERROR([OpenSSL is too old. We require 1.0.0 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
[ AC_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
AC_TRY_COMPILE([
#include <openssl/opensslv.h>

View File

@ -15,8 +15,9 @@
* \brief compatability definitions for working with different openssl forks
**/
#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
#error "We require OpenSSL >= 1.0.0"
#if !defined(LIBRESSL_VERSION_NUMBER) && \
OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
#error "We require OpenSSL >= 1.0.1"
#endif
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \