diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-02-03 11:13:12 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-02-03 11:13:12 -0500 |
| commit | 27582325dc691f02c41612a258483a73f2e0e000 (patch) | |
| tree | 61314753c73f7ee49a2f94cff54a86f2ad6d7733 /src/common/tortls.c | |
| parent | 957cdb54699937818b539c75e413e88760ee34cd (diff) | |
| download | tor-27582325dc691f02c41612a258483a73f2e0e000.tar.gz tor-27582325dc691f02c41612a258483a73f2e0e000.zip | |
Make Tor build happily with OpenSSL master and libressl.
Also tested with 1.0.0t and 1.0.2f.
Closes ticket 19784.
Closes most of 17921. (Still need to make some tests pass.)
Diffstat (limited to 'src/common/tortls.c')
| -rw-r--r-- | src/common/tortls.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 6e4cd3d480..5f84e5cf4d 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -911,7 +911,7 @@ tor_tls_cert_is_valid(int severity, } else if (cert_key) { int min_bits = 1024; #ifdef EVP_PKEY_EC - if (EVP_PKEY_type(cert_key->type) == EVP_PKEY_EC) + if (EVP_PKEY_base_id(cert_key) == EVP_PKEY_EC) min_bits = 128; #endif if (EVP_PKEY_bits(cert_key) >= min_bits) @@ -1414,7 +1414,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl, /* Now we need to see if there are any ciphers whose presence means we're * dealing with an updated Tor. */ for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) { - SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); + const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); const char *ciphername = SSL_CIPHER_get_name(cipher); if (strcmp(ciphername, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA) && strcmp(ciphername, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) && @@ -1431,7 +1431,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl, { const uint16_t *v2_cipher = v2_cipher_list; for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) { - SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); + const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); uint16_t id = SSL_CIPHER_get_id(cipher) & 0xffff; if (id == 0x00ff) /* extended renegotiation indicator. */ continue; @@ -1453,7 +1453,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl, smartlist_t *elts = smartlist_new(); char *s; for (i = 0; i < sk_SSL_CIPHER_num(peer_ciphers); ++i) { - SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); + const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(peer_ciphers, i); const char *ciphername = SSL_CIPHER_get_name(cipher); smartlist_add(elts, (char*)ciphername); } @@ -1562,7 +1562,8 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, - SSL_CIPHER **cipher, void *arg) + CONST_IF_OPENSSL_1_1_API SSL_CIPHER **cipher, + void *arg) { (void) secret; (void) secret_len; @@ -1733,8 +1734,13 @@ tor_tls_block_renegotiation(tor_tls_t *tls) void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls) { +#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && \ + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION != 0 long options = SSL_get_options(tls->ssl); tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)); +#else + (void) tls; +#endif } /** Return whether this tls initiated the connect (client) or |