diff options
| author | Nick Mathewson <nickm@torproject.org> | 2010-02-18 12:01:56 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2010-02-18 12:01:56 -0500 |
| commit | 715f104eebac8d35d9cd7a404ac9924e9d623774 (patch) | |
| tree | 0664d51ccae6c5f584bb53c16afafee6a8ff4006 /src | |
| parent | 0bd6cb31edbd33764c8d24dc3e79b8a7ca9eba84 (diff) | |
| parent | 4a3bd153c0c181a1b478ead9efef3d5c0dbbb849 (diff) | |
| download | tor-715f104eebac8d35d9cd7a404ac9924e9d623774.tar.gz tor-715f104eebac8d35d9cd7a404ac9924e9d623774.zip | |
Merge remote branch 'origin/maint-0.2.1'
Conflicts:
ChangeLog
configure.in
contrib/tor-mingw.nsi.in
src/win32/orconfig.h
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/tortls.c | 11 | ||||
| -rw-r--r-- | src/or/config.c | 4 |
2 files changed, 10 insertions, 5 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index cdd9f7ccbd..eda9979014 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -368,7 +368,7 @@ tor_tls_init(void) * OpenSSL 0.9.8l. * * No, we can't just set flag 0x0010 everywhere. It breaks Tor with - * OpenSSL 1.0.0beta, since i. No, we can't just set option + * OpenSSL 1.0.0beta3 and later. No, we can't just set option * 0x00040000L everywhere: before 0.9.8m, it meant something else. * * No, we can't simply detect whether the flag or the option is present @@ -381,7 +381,7 @@ tor_tls_init(void) */ if (version >= 0x009080c0L && version < 0x009080d0L) { log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; " - "I will try SSL3_FLAGS to enable renegotation.", + "I will try SSL3_FLAGS to enable renegotation.", SSLeay_version(SSLEAY_VERSION)); use_unsafe_renegotiation_flag = 1; use_unsafe_renegotiation_op = 1; @@ -390,6 +390,13 @@ tor_tls_init(void) "I will try SSL_OP to enable renegotiation", SSLeay_version(SSLEAY_VERSION)); use_unsafe_renegotiation_op = 1; + } else if (version < 0x009080c0L) { + log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than " + "0.9.8l, but some vendors have backported 0.9.8l's " + "renegotiation code to earlier versions. I'll set " + "SSL3_FLAGS just to be safe.", + SSLeay_version(SSLEAY_VERSION), version); + use_unsafe_renegotiation_flag = 1; } else { log_info(LD_GENERAL, "OpenSSL %s has version %lx", SSLeay_version(SSLEAY_VERSION), version); diff --git a/src/or/config.c b/src/or/config.c index e544917ae4..b8813877fa 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -738,8 +738,6 @@ add_default_trusted_dir_authorities(authority_type_t type) "moria1 orport=9101 no-v2 " "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 " "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", - "moria2 v1 orport=9002 128.31.0.34:9032 " - "719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF", "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 " "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D", "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 " @@ -753,7 +751,7 @@ add_default_trusted_dir_authorities(authority_type_t type) "80.190.246.100:8180 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281", "dannenberg orport=443 no-v2 " "v3ident=585769C78764D58426B8B52B6651A5A71137189A " - "213.73.91.31:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123", + "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123", "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C " "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417", NULL |