mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
Merge commit 'origin/maint-0.2.1'
This commit is contained in:
commit
c38fa93ad1
5
changes/use_ssl_option_everywhere
Normal file
5
changes/use_ssl_option_everywhere
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
o Major bugfixes:
|
||||||
|
- Fix SSL renegotiation behavior on OpenSSL versions that claim to
|
||||||
|
be earlier than 0.9.8m, but which have in reality backported huge
|
||||||
|
swaths of 0.9.8m or 0.9.8n renegotiation behavior. Possibly fix
|
||||||
|
for some cases of bug 1346.
|
@ -368,8 +368,8 @@ tor_tls_init(void)
|
|||||||
* OpenSSL 0.9.8l.
|
* OpenSSL 0.9.8l.
|
||||||
*
|
*
|
||||||
* No, we can't just set flag 0x0010 everywhere. It breaks Tor with
|
* No, we can't just set flag 0x0010 everywhere. It breaks Tor with
|
||||||
* OpenSSL 1.0.0beta3 and later. No, we can't just set option
|
* OpenSSL 1.0.0beta3 and later. On the other hand, we might be able to
|
||||||
* 0x00040000L everywhere: before 0.9.8m, it meant something else.
|
* set option 0x00040000L everywhere.
|
||||||
*
|
*
|
||||||
* No, we can't simply detect whether the flag or the option is present
|
* No, we can't simply detect whether the flag or the option is present
|
||||||
* in the headers at build-time: some vendors (notably Apple) like to
|
* in the headers at build-time: some vendors (notably Apple) like to
|
||||||
@ -393,10 +393,12 @@ tor_tls_init(void)
|
|||||||
} else if (version < 0x009080c0L) {
|
} else if (version < 0x009080c0L) {
|
||||||
log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
|
log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
|
||||||
"0.9.8l, but some vendors have backported 0.9.8l's "
|
"0.9.8l, but some vendors have backported 0.9.8l's "
|
||||||
"renegotiation code to earlier versions. I'll set "
|
"renegotiation code to earlier versions, and some have "
|
||||||
"SSL3_FLAGS just to be safe.",
|
"backported the code from 0.9.8m or 0.9.8n. I'll set both "
|
||||||
|
"SSL3_FLAGS and SSL_OP just to be safe.",
|
||||||
SSLeay_version(SSLEAY_VERSION), version);
|
SSLeay_version(SSLEAY_VERSION), version);
|
||||||
use_unsafe_renegotiation_flag = 1;
|
use_unsafe_renegotiation_flag = 1;
|
||||||
|
use_unsafe_renegotiation_op = 1;
|
||||||
} else {
|
} else {
|
||||||
log_info(LD_GENERAL, "OpenSSL %s has version %lx",
|
log_info(LD_GENERAL, "OpenSSL %s has version %lx",
|
||||||
SSLeay_version(SSLEAY_VERSION), version);
|
SSLeay_version(SSLEAY_VERSION), version);
|
||||||
|
Loading…
Reference in New Issue
Block a user