Commit 8024f6a7 authored by Yawning Angel's avatar Yawning Angel Committed by Nick Mathewson
Browse files

A few more minor OpenSSL 1.1 fixes.

 * Use `TLS_method()` instead of the deprecated `SSLv23_method()`
 * Fix one missed conversion to `SSL_CIPHER_get_id()`
parent ff835e23
......@@ -640,6 +640,7 @@ AC_CHECK_FUNCS([ \
SSL_get_client_ciphers \
SSL_get_client_random \
SSL_CIPHER_find \
TLS_method
])
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
......
......@@ -1252,8 +1252,13 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
#endif
/* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */
#ifdef HAVE_TLS_METHOD
if (!(result->ctx = SSL_CTX_new(TLS_method())))
goto error;
#else
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
goto error;
#endif
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
......@@ -1497,7 +1502,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
* cipher with the appropriate 3 bytes. */
c = SSL_CIPHER_find((SSL*)ssl, cipherid);
if (c)
tor_assert((c->id & 0xffff) == cipher);
tor_assert((SSL_CIPHER_get_id(c) & 0xffff) == cipher);
return c != NULL;
}
#elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR)
......@@ -1540,7 +1545,11 @@ static void
prune_v2_cipher_list(const SSL *ssl)
{
uint16_t *inp, *outp;
#ifdef HAVE_TLS_METHOD
const SSL_METHOD *m = TLS_method();
#else
const SSL_METHOD *m = SSLv23_method();
#endif
inp = outp = v2_cipher_list;
while (*inp) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment