diff options
| author | Alexander Færøy <ahf@torproject.org> | 2021-11-08 14:16:18 +0000 |
|---|---|---|
| committer | Alexander Færøy <ahf@torproject.org> | 2021-11-08 14:16:18 +0000 |
| commit | 882fd1f0d45656e0535e70b5e115281b39ac6307 (patch) | |
| tree | bee76c5ec9010bbf5ce03a96e4d7dd254fb43a4c | |
| parent | a7fe37f1fa7821d0bdbeabe480df8aba7dc1fded (diff) | |
| parent | 4a24673436b2f8cf7a6bbbb353f97f1ae403e411 (diff) | |
| download | tor-882fd1f0d45656e0535e70b5e115281b39ac6307.tar.gz tor-882fd1f0d45656e0535e70b5e115281b39ac6307.zip | |
Merge branch 'maint-0.3.5' into maint-0.4.5
| -rw-r--r-- | changes/bug40429 | 5 | ||||
| -rw-r--r-- | changes/ticket40511 | 6 | ||||
| -rw-r--r-- | configure.ac | 14 |
3 files changed, 24 insertions, 1 deletions
diff --git a/changes/bug40429 b/changes/bug40429 new file mode 100644 index 0000000000..9bf3b63818 --- /dev/null +++ b/changes/bug40429 @@ -0,0 +1,5 @@ + o Minor bugfixes (compilation): + - Fix our configuration logic to detect whether we had OpenSSL 3: + previously, our logic was reversed. This has no other effect than to + change whether we suppress deprecated API warnings. Fixes + bug 40429; bugfix on 0.3.5.13. diff --git a/changes/ticket40511 b/changes/ticket40511 new file mode 100644 index 0000000000..756edd874d --- /dev/null +++ b/changes/ticket40511 @@ -0,0 +1,6 @@ + o Minor features (compilation): + - Give an error message if trying to build with a version of LibreSSL + known not to work with Tor. (There's an incompatibility with + LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their + incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) + Closes ticket 40511. diff --git a/configure.ac b/configure.ac index 52ec019d01..0e714e66c0 100644 --- a/configure.ac +++ b/configure.ac @@ -1103,7 +1103,7 @@ dnl warnings. AC_MSG_CHECKING([for OpenSSL >= 3.0.0]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> -#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L #error "you_have_version_3" #endif ]], [[]])], @@ -1121,6 +1121,18 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ [ AC_MSG_RESULT([no]) ], [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) +AC_MSG_CHECKING([whether LibreSSL TLS 1.3 APIs are busted]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include <openssl/opensslv.h> +#if defined(LIBRESSL_VERSION_NUMBER) && \ + LIBRESSL_VERSION_NUMBER >= 0x3020100fL && \ + LIBRESSL_VERSION_NUMBER < 0x3040100fL +#error "oh no" +#endif + ]], [[]])], + [ AC_MSG_RESULT([no]) ], + [ AC_MSG_ERROR([This version of LibreSSL won't work with Tor. Please upgrade to LibreSSL 3.4.1 or later. (Or downgrade to 3.2.0 if you really must.)]) ]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #include <openssl/evp.h> |