summaryrefslogtreecommitdiff
path: root/src/common/tortls.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2015-05-22 10:22:11 -0400
committerNick Mathewson <nickm@torproject.org>2015-05-22 10:22:11 -0400
commitc8024b633eeff6161292666b209b538fda9df4ab (patch)
tree096116a08dff5fea36b04f87d1ffecd3472a38cb /src/common/tortls.c
parent45a90573e69d12dc6fece4c6bab15a1268e90778 (diff)
downloadtor-c8024b633eeff6161292666b209b538fda9df4ab.tar.gz
tor-c8024b633eeff6161292666b209b538fda9df4ab.zip
Revert "Try using SSL_get_ciphers in place of session->ciphers"
This reverts commit 67964cfa787461bc56380fe46439fd5c9863bb4f. It was the cause of #16153, and was not in any released Tor. We need a better solution for getting session->ciphers.
Diffstat (limited to 'src/common/tortls.c')
-rw-r--r--src/common/tortls.c36
1 files changed, 5 insertions, 31 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 57d5408ca8..2b8daaaf06 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1597,39 +1597,13 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
static int
tor_tls_client_is_using_v2_ciphers(const SSL *ssl)
{
- STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(ssl);
-
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0)
- {
- SSL_SESSION *session;
- STACK_OF(SSL_CIPHER) *c1;
- int i;
- if (!(session = SSL_get_session((SSL *)ssl))) {
- log_info(LD_NET, "No session on TLS?");
- return CIPHERS_ERR;
- }
- c1 = session->ciphers;
-
- if (sk_SSL_CIPHER_num(c1) != sk_SSL_CIPHER_num(ciphers)) {
- log_warn(LD_BUG, "Whoops. session->ciphers doesn't "
- "match SSL_get_ciphers()");
- return 0;
- }
- for (i = 0; i < sk_SSL_CIPHER_num(c1); ++i) {
- SSL_CIPHER *a = sk_SSL_CIPHER_value(ciphers, i);
- SSL_CIPHER *b = sk_SSL_CIPHER_value(c1, i);
- unsigned long a_id = SSL_CIPHER_get_id(a);
- unsigned long b_id = SSL_CIPHER_get_id(b);
- if (a_id != b_id) {
- log_warn(LD_BUG, "Cipher mismatch between session->ciphers and "
- "SSL_get_ciphers() at %d: %lx vs %lx", i,
- a_id, b_id);
- }
- }
+ SSL_SESSION *session;
+ if (!(session = SSL_get_session((SSL *)ssl))) {
+ log_info(LD_NET, "No session on TLS?");
+ return CIPHERS_ERR;
}
-#endif
- return tor_tls_classify_client_ciphers(ssl, ciphers) >= CIPHERS_V2;
+ return tor_tls_classify_client_ciphers(ssl, session->ciphers) >= CIPHERS_V2;
}
/** Invoked when we're accepting a connection on <b>ssl</b>, and the connection