diff options
| author | Yawning Angel <yawning@schwanenlied.me> | 2016-06-14 06:14:28 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-06-14 12:13:09 -0400 |
| commit | b563a3a09dd94892454210e82e46b62b947c5061 (patch) | |
| tree | 320c2083a3ced93ba7a028e5aa77470ec42bea0a /src/common/tortls.c | |
| parent | 86f0b806812da8a53c25061acca500e0dcfb1103 (diff) | |
| download | tor-b563a3a09dd94892454210e82e46b62b947c5061.tar.gz tor-b563a3a09dd94892454210e82e46b62b947c5061.zip | |
Bug 19406: OpenSSL made RSA and DH opaque in 1.1.0.
There's accessors to get at things, but it ends up being rather
cumbersome. The only place where behavior should change is that the
code will fail instead of attempting to generate a new DH key if our
internal sanity check fails.
Like the previous commit, this probably breaks snapshots prior to pre5.
Diffstat (limited to 'src/common/tortls.c')
| -rw-r--r-- | src/common/tortls.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 4ffc672546..7d070c54cd 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -904,7 +904,11 @@ tor_tls_cert_is_valid(int severity, cert_key = X509_get_pubkey(cert->cert); if (check_rsa_1024 && cert_key) { RSA *rsa = EVP_PKEY_get1_RSA(cert_key); +#ifdef OPENSSL_1_1_API + if (rsa && RSA_bits(rsa) == 1024) +#else if (rsa && BN_num_bits(rsa->n) == 1024) +#endif key_ok = 1; if (rsa) RSA_free(rsa); |