Commit cee6e7d9 authored by Nick Mathewson's avatar Nick Mathewson 🌉
Browse files

Give an error message if LibreSSL's TLSv1.3 APIs aren't what we need

From LibreSSL versions 3.2.1 through 3.4.0, our configure script
would conclude that TLSv1.3 as supported, but it actually wasn't.
This led to annoying breakage like #40128 and #40445.

Now we give an error message if we try to build with one of those
versions.

Closes #40511.
parent 8beb560b
o Minor features (compilation):
- Give an error message if trying to build with a version of LibreSSL
known not to work with Tor. (There's an incompatibility with
LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their
incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.)
Closes ticket 40511.
......@@ -963,6 +963,18 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
[ AC_MSG_RESULT([no]) ],
[ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
AC_MSG_CHECKING([whether LibreSSL TLS 1.3 APIs are busted])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#if defined(LIBRESSL_VERSION_NUMBER) && \
LIBRESSL_VERSION_NUMBER >= 0x3020100fL && \
LIBRESSL_VERSION_NUMBER < 0x3040100fL
#error "oh no"
#endif
]], [[]])],
[ AC_MSG_RESULT([no]) ],
[ AC_MSG_ERROR([This version of LibreSSL won't work with Tor. Please upgrade to LibreSSL 3.4.1 or later. (Or downgrade to 3.2.0 if you really must.)]) ])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#include <openssl/evp.h>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment