diff options
| author | Nick Mathewson <nickm@torproject.org> | 2009-12-04 14:31:17 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2009-12-04 14:31:17 -0500 |
| commit | b51a33e527b3a4b683a8e4220a9dc0cbae138d12 (patch) | |
| tree | bb1b83b23aa268001ff5b48def9cb9a9afcfbd52 | |
| parent | 0faf5c5fd258ddc65282d6025e70c10226148045 (diff) | |
| parent | 3a2d677fa70be56054dcabb43a88cab75500e162 (diff) | |
| download | tor-b51a33e527b3a4b683a8e4220a9dc0cbae138d12.tar.gz tor-b51a33e527b3a4b683a8e4220a9dc0cbae138d12.zip | |
Merge commit 'origin/maint-0.2.1'
| -rw-r--r-- | src/common/tortls.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index ff49ecf9c5..71d0bd6be2 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -589,6 +589,18 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) SSL_CTX_set_options(result->ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); #endif +#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + /* Yes, we know what we are doing here. No, we do not treat a renegotiation + * as authenticating any earlier-received data. + * + * (OpenSSL 0.9.8l introdeced SSL3_FLAGS_ALLOW_UNSAGE_LEGACY_RENEGOTIATION + * here. OpenSSL 0.9.8m thoughtfully turned it into an option and (it + * seems) broke anything that used SSL3_FLAGS_* for the purpose. So we need + * to do both.) + */ + SSL_CTX_set_options(result->ctx, + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); +#endif /* Don't actually allow compression; it uses ram and time, but the data * we transmit is all encrypted anyway. */ if (result->ctx->comp_methods) |