diff options
| author | Nick Mathewson <nickm@torproject.org> | 2021-11-06 11:04:08 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2021-11-06 11:04:08 -0400 |
| commit | cee6e7d9e16fdede9e0c7f319e82bd176de25504 (patch) | |
| tree | a7971b8d08e932a735546017d877f5a165fd2f8b /configure.ac | |
| parent | 8beb560bfd19106ab75e13f6bf6230fde93e5fac (diff) | |
| download | tor-cee6e7d9e16fdede9e0c7f319e82bd176de25504.tar.gz tor-cee6e7d9e16fdede9e0c7f319e82bd176de25504.zip | |
Give an error message if LibreSSL's TLSv1.3 APIs aren't what we need
From LibreSSL versions 3.2.1 through 3.4.0, our configure script
would conclude that TLSv1.3 as supported, but it actually wasn't.
This led to annoying breakage like #40128 and #40445.
Now we give an error message if we try to build with one of those
versions.
Closes #40511.
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 249a250a2f..8ab35bf9dd 100644 --- a/configure.ac +++ b/configure.ac @@ -963,6 +963,18 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ [ AC_MSG_RESULT([no]) ], [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) +AC_MSG_CHECKING([whether LibreSSL TLS 1.3 APIs are busted]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include <openssl/opensslv.h> +#if defined(LIBRESSL_VERSION_NUMBER) && \ + LIBRESSL_VERSION_NUMBER >= 0x3020100fL && \ + LIBRESSL_VERSION_NUMBER < 0x3040100fL +#error "oh no" +#endif + ]], [[]])], + [ AC_MSG_RESULT([no]) ], + [ AC_MSG_ERROR([This version of LibreSSL won't work with Tor. Please upgrade to LibreSSL 3.4.1 or later. (Or downgrade to 3.2.0 if you really must.)]) ]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #include <openssl/evp.h> |