Stop looking at session->ciphers when possible
If the OpenSSL team accepts my patch to add an SSL_get_client_ciphers function, this patch will make Tor use it when available, thereby working better with openssl 1.1.
This commit is contained in:
parent
80082b7185
commit
9537596398
17
configure.ac
17
configure.ac
|
@ -623,10 +623,27 @@ else
|
|||
fi
|
||||
AC_SUBST(TOR_OPENSSL_LIBS)
|
||||
|
||||
dnl Now check for particular openssl functions.
|
||||
save_LIBS="$LIBS"
|
||||
save_LDFLAGS="$LDFLAGS"
|
||||
save_CPPFLAGS="$CPPFLAGS"
|
||||
LIBS="$TOR_OPENSSL_LIBS $LIBS"
|
||||
LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
|
||||
CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
|
||||
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
|
||||
[#include <openssl/ssl.h>
|
||||
])
|
||||
|
||||
AC_CHECK_FUNCS([ \
|
||||
SSL_SESSION_get_master_key \
|
||||
SSL_get_server_random \
|
||||
SSL_get_client_ciphers \
|
||||
SSL_get_client_random \
|
||||
])
|
||||
LIBS="$save_LIBS"
|
||||
LDFLAGS="$save_LDFLAGS"
|
||||
CPPFLAGS="$save_CPPFLAGS"
|
||||
|
||||
dnl ------------------------------------------------------
|
||||
dnl Where do you live, zlib? And how do we call you?
|
||||
|
||||
|
|
|
@ -1644,13 +1644,19 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
|
|||
static int
|
||||
tor_tls_client_is_using_v2_ciphers(const SSL *ssl)
|
||||
{
|
||||
STACK_OF(SSL_CIPHER) *ciphers;
|
||||
#ifdef HAVE_SSL_GET_CLIENT_CIPHERS
|
||||
ciphers = SSL_get_client_ciphers(ssl);
|
||||
#else
|
||||
SSL_SESSION *session;
|
||||
if (!(session = SSL_get_session((SSL *)ssl))) {
|
||||
log_info(LD_NET, "No session on TLS?");
|
||||
return CIPHERS_ERR;
|
||||
}
|
||||
ciphers = session->ciphers;
|
||||
#endif
|
||||
|
||||
return tor_tls_classify_client_ciphers(ssl, session->ciphers) >= CIPHERS_V2;
|
||||
return tor_tls_classify_client_ciphers(ssl, ciphers) >= CIPHERS_V2;
|
||||
}
|
||||
|
||||
/** Invoked when we're accepting a connection on <b>ssl</b>, and the connection
|
||||
|
|
Loading…
Reference in New Issue