aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2015-05-26 11:05:36 -0400
committerNick Mathewson <nickm@torproject.org>2015-05-26 11:05:36 -0400
commit95375963981bb2346429de86b0cbb558d6b399d5 (patch)
tree225afc7cd6efe20871d8e507e2b62345464f6f74
parent80082b7185feb77f83ff484e1779438aa0396634 (diff)
downloadtor-95375963981bb2346429de86b0cbb558d6b399d5.tar.gz
tor-95375963981bb2346429de86b0cbb558d6b399d5.zip
Stop looking at session->ciphers when possible
If the OpenSSL team accepts my patch to add an SSL_get_client_ciphers function, this patch will make Tor use it when available, thereby working better with openssl 1.1.
-rw-r--r--configure.ac17
-rw-r--r--src/common/tortls.c8
2 files changed, 24 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac
index cc271c83c3..ede8f8438c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -623,10 +623,27 @@ else
fi
AC_SUBST(TOR_OPENSSL_LIBS)
+dnl Now check for particular openssl functions.
+save_LIBS="$LIBS"
+save_LDFLAGS="$LDFLAGS"
+save_CPPFLAGS="$CPPFLAGS"
+LIBS="$TOR_OPENSSL_LIBS $LIBS"
+LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
+CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
[#include <openssl/ssl.h>
])
+AC_CHECK_FUNCS([ \
+ SSL_SESSION_get_master_key \
+ SSL_get_server_random \
+ SSL_get_client_ciphers \
+ SSL_get_client_random \
+ ])
+LIBS="$save_LIBS"
+LDFLAGS="$save_LDFLAGS"
+CPPFLAGS="$save_CPPFLAGS"
+
dnl ------------------------------------------------------
dnl Where do you live, zlib? And how do we call you?
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 01bccd7a53..d4a565c017 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1644,13 +1644,19 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
static int
tor_tls_client_is_using_v2_ciphers(const SSL *ssl)
{
+ STACK_OF(SSL_CIPHER) *ciphers;
+#ifdef HAVE_SSL_GET_CLIENT_CIPHERS
+ ciphers = SSL_get_client_ciphers(ssl);
+#else
SSL_SESSION *session;
if (!(session = SSL_get_session((SSL *)ssl))) {
log_info(LD_NET, "No session on TLS?");
return CIPHERS_ERR;
}
+ ciphers = session->ciphers;
+#endif
- return tor_tls_classify_client_ciphers(ssl, session->ciphers) >= CIPHERS_V2;
+ return tor_tls_classify_client_ciphers(ssl, ciphers) >= CIPHERS_V2;
}
/** Invoked when we're accepting a connection on <b>ssl</b>, and the connection