Merge remote branch 'origin/maint-0.2.1'

Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h

1 files changed, 9 insertions, 2 deletions

diff --git a/src/common/tortls.c b/src/common/tortls.c
index cdd9f7ccbd..eda9979014 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -368,7 +368,7 @@ tor_tls_init(void)
      * OpenSSL 0.9.8l.
      *
      * No, we can't just set flag 0x0010 everywhere.  It breaks Tor with
-     * OpenSSL 1.0.0beta, since i.  No, we can't just set option
+     * OpenSSL 1.0.0beta3 and later.  No, we can't just set option
      * 0x00040000L everywhere: before 0.9.8m, it meant something else.
      *
      * No, we can't simply detect whether the flag or the option is present
@@ -381,7 +381,7 @@ tor_tls_init(void)
      */
     if (version >= 0x009080c0L && version < 0x009080d0L) {
       log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; "
-                 "I will try SSL3_FLAGS  to enable renegotation.",
+                 "I will try SSL3_FLAGS to enable renegotation.",
                  SSLeay_version(SSLEAY_VERSION));
       use_unsafe_renegotiation_flag = 1;
       use_unsafe_renegotiation_op = 1;
@@ -390,6 +390,13 @@ tor_tls_init(void)
                  "I will try SSL_OP to enable renegotiation",
                  SSLeay_version(SSLEAY_VERSION));
       use_unsafe_renegotiation_op = 1;
+    } else if (version < 0x009080c0L) {
+      log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
+                 "0.9.8l, but some vendors have backported 0.9.8l's "
+                 "renegotiation code to earlier versions.  I'll set "
+                 "SSL3_FLAGS just to be safe.",
+                 SSLeay_version(SSLEAY_VERSION), version);
+      use_unsafe_renegotiation_flag = 1;
     } else {
       log_info(LD_GENERAL, "OpenSSL %s has version %lx",
                SSLeay_version(SSLEAY_VERSION), version);