Merge branch 'maint-0.3.5' into maint-0.4.5

  o Minor bugfixes (compilation):

    - Fix our configuration logic to detect whether we had OpenSSL 3:

      previously, our logic was reversed. This has no other effect than to

      change whether we suppress deprecated API warnings. Fixes

      bug 40429; bugfix on 0.3.5.13.

  o Minor features (compilation):

    - Give an error message if trying to build with a version of LibreSSL

      known not to work with Tor.  (There's an incompatibility with

      LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their

      incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.)

      Closes ticket 40511.

AC_MSG_CHECKING([for OpenSSL >= 3.0.0])

AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[

#include <openssl/opensslv.h>

#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L

#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L

#error "you_have_version_3"

#endif

   ]], [[]])],

   [ AC_MSG_RESULT([no]) ],

   [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])

AC_MSG_CHECKING([whether LibreSSL TLS 1.3 APIs are busted])

AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[

#include <openssl/opensslv.h>

#if defined(LIBRESSL_VERSION_NUMBER) && \

     LIBRESSL_VERSION_NUMBER >= 0x3020100fL && \

     LIBRESSL_VERSION_NUMBER < 0x3040100fL

#error "oh no"

#endif

   ]], [[]])],

   [ AC_MSG_RESULT([no]) ],

   [ AC_MSG_ERROR([This version of LibreSSL won't work with Tor. Please upgrade to LibreSSL 3.4.1 or later. (Or downgrade to 3.2.0 if you really must.)]) ])

AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[

#include <openssl/opensslv.h>

#include <openssl/evp.h>