diff options
| author | Alexander Færøy <ahf@torproject.org> | 2021-11-08 14:16:19 +0000 |
|---|---|---|
| committer | Alexander Færøy <ahf@torproject.org> | 2021-11-08 14:16:19 +0000 |
| commit | a78dafbf7ce5d6fc6d4b6e7ddc7e0714bd377c2e (patch) | |
| tree | 55100d1b03c6ea0d4bacd7c3b13a9eb76327520d | |
| parent | 77b265f96ee65871ae7ed3f54642878116c65ff4 (diff) | |
| parent | 882fd1f0d45656e0535e70b5e115281b39ac6307 (diff) | |
| download | tor-a78dafbf7ce5d6fc6d4b6e7ddc7e0714bd377c2e.tar.gz tor-a78dafbf7ce5d6fc6d4b6e7ddc7e0714bd377c2e.zip | |
Merge branch 'maint-0.4.5' into maint-0.4.6
| -rw-r--r-- | changes/bug40429 | 5 | ||||
| -rw-r--r-- | changes/ticket40511 | 6 | ||||
| -rw-r--r-- | configure.ac | 14 |
3 files changed, 24 insertions, 1 deletions
diff --git a/changes/bug40429 b/changes/bug40429 new file mode 100644 index 0000000000..9bf3b63818 --- /dev/null +++ b/changes/bug40429 @@ -0,0 +1,5 @@ + o Minor bugfixes (compilation): + - Fix our configuration logic to detect whether we had OpenSSL 3: + previously, our logic was reversed. This has no other effect than to + change whether we suppress deprecated API warnings. Fixes + bug 40429; bugfix on 0.3.5.13. diff --git a/changes/ticket40511 b/changes/ticket40511 new file mode 100644 index 0000000000..756edd874d --- /dev/null +++ b/changes/ticket40511 @@ -0,0 +1,6 @@ + o Minor features (compilation): + - Give an error message if trying to build with a version of LibreSSL + known not to work with Tor. (There's an incompatibility with + LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their + incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) + Closes ticket 40511. diff --git a/configure.ac b/configure.ac index 1eb613f321..3043802ba8 100644 --- a/configure.ac +++ b/configure.ac @@ -1116,7 +1116,7 @@ dnl warnings. AC_MSG_CHECKING([for OpenSSL >= 3.0.0]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> -#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L #error "you_have_version_3" #endif ]], [[]])], @@ -1134,6 +1134,18 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ [ AC_MSG_RESULT([no]) ], [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) +AC_MSG_CHECKING([whether LibreSSL TLS 1.3 APIs are busted]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include <openssl/opensslv.h> +#if defined(LIBRESSL_VERSION_NUMBER) && \ + LIBRESSL_VERSION_NUMBER >= 0x3020100fL && \ + LIBRESSL_VERSION_NUMBER < 0x3040100fL +#error "oh no" +#endif + ]], [[]])], + [ AC_MSG_RESULT([no]) ], + [ AC_MSG_ERROR([This version of LibreSSL won't work with Tor. Please upgrade to LibreSSL 3.4.1 or later. (Or downgrade to 3.2.0 if you really must.)]) ]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #include <openssl/evp.h> |