Give an error message if LibreSSL's TLSv1.3 APIs aren't what we need (!487) · Merge requests · The Tor Project / Core / Tor

Nick Mathewson requested to merge nickm/tor:ticket40511_035 into maint-0.3.5 Nov 06, 2021

From LibreSSL versions 3.2.1 through 3.4.0, our configure script would conclude that TLSv1.3 as supported, but it actually wasn't. This led to annoying breakage like #40128 (closed) and #40445 (closed).

Now we give an error message if we try to build with one of those versions.

Closes #40511 (closed).

Note that this MR is built on top of !486 (merged), since it touches the same part of the configure.ac file, and I wanted to avoid a conflict.

When I was writing this patch, I considered having this error only happen at runtime if we were running as a relay, or making it possible to disable this message with --disable-module-relay. (The errors above only happen when running as a relay.) I decided not to take that route, since we should just encourage everybody to have a crypto library that works with Tor.

Give an error message if LibreSSL's TLSv1.3 APIs aren't what we need

Merge request reports