From 6fd61cf767c0680707e034d9e6a4d46b44bd10af Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 9 Jan 2012 12:21:04 -0500
Subject: [PATCH 1/2] Fix a trivial log message error in renservice.c

Fixes bug 4856; bugfix on 0.0.6

This bug was introduced in 79fc5217, back in 2004.
---
 changes/bug4856      | 3 +++
 src/or/rendservice.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 changes/bug4856

diff --git a/changes/bug4856 b/changes/bug4856
new file mode 100644
index 000000000..fa284a09f
--- /dev/null
+++ b/changes/bug4856
@@ -0,0 +1,3 @@
+  o Trivial bugfixes
+    - Fix a typo in a log message in rend_service_rendezvous_has_opened().
+      Fixes bug 4856; bugfix on Tor 0.0.6.
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 25695c5e6..bb3aacd92 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1564,7 +1564,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
                 circuit->rend_data->rend_pk_digest);
   if (!service) {
     log_warn(LD_GENERAL, "Internal error: unrecognized service ID on "
-             "introduction circuit.");
+             "rendezvous circuit.");
     reason = END_CIRC_REASON_INTERNAL;
     goto err;
   }

From c78a314e95ef7f0d05e9d58066ee6bf6795ee9d7 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 9 Jan 2012 16:40:21 -0500
Subject: [PATCH 2/2] Fix comment about TLSv1_method() per comments by
 wanoskarnet

---
 src/common/tortls.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 37074decf..f7a15b0b2 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -777,15 +777,10 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
   }
 
 #if 0
-  /* Tell OpenSSL to only use TLS1. This would actually break compatibility
-   * with clients that are configured to use SSLv23_method(), so we should
-   * probably never use it.
-   */
-  /* XXX wanoskarnet says this comment is bunk -- that even if we turn
-   * this line on, clients configured to use SSLv23 would still able to
-   * talk to us. But he also says it's ok to leave it out. I suggest we
-   * delete this whole clause (the one that's #if 0'ed out). I'll leave
-   * it in place until Nick expresses an opinion. -RD */
+  /* Tell OpenSSL to only use TLS1.  This may have subtly different results
+   * from SSLv23_method() with SSLv2 and SSLv3 disabled, so we need to do some
+   * investigation before we consider adjusting it. It should be compatible
+   * with existing Tors. */
   if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
     goto error;
 #endif