From b563a3a09dd94892454210e82e46b62b947c5061 Mon Sep 17 00:00:00 2001 From: Yawning Angel Date: Tue, 14 Jun 2016 06:14:28 +0000 Subject: Bug 19406: OpenSSL made RSA and DH opaque in 1.1.0. There's accessors to get at things, but it ends up being rather cumbersome. The only place where behavior should change is that the code will fail instead of attempting to generate a new DH key if our internal sanity check fails. Like the previous commit, this probably breaks snapshots prior to pre5. --- src/common/tortls.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/common/tortls.c') diff --git a/src/common/tortls.c b/src/common/tortls.c index 4ffc672546..7d070c54cd 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -904,7 +904,11 @@ tor_tls_cert_is_valid(int severity, cert_key = X509_get_pubkey(cert->cert); if (check_rsa_1024 && cert_key) { RSA *rsa = EVP_PKEY_get1_RSA(cert_key); +#ifdef OPENSSL_1_1_API + if (rsa && RSA_bits(rsa) == 1024) +#else if (rsa && BN_num_bits(rsa->n) == 1024) +#endif key_ok = 1; if (rsa) RSA_free(rsa); -- cgit v1.2.3-54-g00ecf From 6ddef1f7e0fe36f6e0b87873dfef5809dd593539 Mon Sep 17 00:00:00 2001 From: Yawning Angel Date: Tue, 14 Jun 2016 06:22:19 +0000 Subject: Bug 19406: OpenSSL removed SSL_R_RECORD_TOO_LARGE in 1.1.0. This is a logging onlu change, we were suppressing the severity down to INFO when it occured (treating it as "Mostly harmless"). Now it is no more. --- src/common/tortls.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/common/tortls.c') diff --git a/src/common/tortls.c b/src/common/tortls.c index 7d070c54cd..b68f5dfcdf 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -228,7 +228,9 @@ tor_tls_log_one_error(tor_tls_t *tls, unsigned long err, case SSL_R_HTTP_REQUEST: case SSL_R_HTTPS_PROXY_REQUEST: case SSL_R_RECORD_LENGTH_MISMATCH: +#ifndef OPENSSL_1_1_API case SSL_R_RECORD_TOO_LARGE: +#endif case SSL_R_UNKNOWN_PROTOCOL: case SSL_R_UNSUPPORTED_PROTOCOL: severity = LOG_INFO; -- cgit v1.2.3-54-g00ecf