diff options
| author | Yawning Angel <yawning@schwanenlied.me> | 2015-06-02 18:58:57 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-06-02 15:04:20 -0400 |
| commit | 8024f6a75f00044fd342323d26e9907fc571c283 (patch) | |
| tree | 67fcb2652d436aac2ec24349aebd9a9b4f1553d0 /src/common | |
| parent | ff835e23280c0f29ca9ab25bfc3069276c0b8ab6 (diff) | |
| download | tor-8024f6a75f00044fd342323d26e9907fc571c283.tar.gz tor-8024f6a75f00044fd342323d26e9907fc571c283.zip | |
A few more minor OpenSSL 1.1 fixes.
* Use `TLS_method()` instead of the deprecated `SSLv23_method()`
* Fix one missed conversion to `SSL_CIPHER_get_id()`
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/tortls.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index deeee5f052..1812e3f9d5 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1252,8 +1252,13 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, #endif /* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */ +#ifdef HAVE_TLS_METHOD + if (!(result->ctx = SSL_CTX_new(TLS_method()))) + goto error; +#else if (!(result->ctx = SSL_CTX_new(SSLv23_method()))) goto error; +#endif SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3); @@ -1497,7 +1502,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher) * cipher with the appropriate 3 bytes. */ c = SSL_CIPHER_find((SSL*)ssl, cipherid); if (c) - tor_assert((c->id & 0xffff) == cipher); + tor_assert((SSL_CIPHER_get_id(c) & 0xffff) == cipher); return c != NULL; } #elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR) @@ -1540,7 +1545,11 @@ static void prune_v2_cipher_list(const SSL *ssl) { uint16_t *inp, *outp; +#ifdef HAVE_TLS_METHOD + const SSL_METHOD *m = TLS_method(); +#else const SSL_METHOD *m = SSLv23_method(); +#endif inp = outp = v2_cipher_list; while (*inp) { |