Commit 95375963 authored by Nick Mathewson's avatar Nick Mathewson 👁
Browse files

Stop looking at session->ciphers when possible

If the OpenSSL team accepts my patch to add an
SSL_get_client_ciphers function, this patch will make Tor use it
when available, thereby working better with openssl 1.1.
parent 80082b71
......@@ -623,10 +623,27 @@ else
fi
AC_SUBST(TOR_OPENSSL_LIBS)
dnl Now check for particular openssl functions.
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
LIBS="$TOR_OPENSSL_LIBS $LIBS"
LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
[#include <openssl/ssl.h>
])
AC_CHECK_FUNCS([ \
SSL_SESSION_get_master_key \
SSL_get_server_random \
SSL_get_client_ciphers \
SSL_get_client_random \
])
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"
dnl ------------------------------------------------------
dnl Where do you live, zlib? And how do we call you?
......
......@@ -1644,13 +1644,19 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
static int
tor_tls_client_is_using_v2_ciphers(const SSL *ssl)
{
STACK_OF(SSL_CIPHER) *ciphers;
#ifdef HAVE_SSL_GET_CLIENT_CIPHERS
ciphers = SSL_get_client_ciphers(ssl);
#else
SSL_SESSION *session;
if (!(session = SSL_get_session((SSL *)ssl))) {
log_info(LD_NET, "No session on TLS?");
return CIPHERS_ERR;
}
ciphers = session->ciphers;
#endif
return tor_tls_classify_client_ciphers(ssl, session->ciphers) >= CIPHERS_V2;
return tor_tls_classify_client_ciphers(ssl, ciphers) >= CIPHERS_V2;
}
/** Invoked when we're accepting a connection on <b>ssl</b>, and the connection
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment