[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Stop implying that we support openssl 1.0.0; we don't.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] Stop implying that we support openssl 1.0.0; we don't.
From: nickm@xxxxxxxxxxxxxx
Date: Thu, 6 Oct 2016 20:36:56 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 06 Oct 2016 16:37:05 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 850ec1e2822482435bb0efa8853a74d6f0feaa20
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Thu Oct 6 12:58:49 2016 -0400

    Stop implying that we support openssl 1.0.0; we don't.
    
    Closes ticket 20303.
    
    The LIBRESSL_VERSION_NUMBER check is needed because if our openssl
    is really libressl, it will have an openssl version number we can't
    really believe.
---
 changes/no_openssl_100      | 4 ++++
 configure.ac                | 4 ++--
 src/common/compat_openssl.h | 5 +++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/changes/no_openssl_100 b/changes/no_openssl_100
new file mode 100644
index 0000000..dd89da8
--- /dev/null
+++ b/changes/no_openssl_100
@@ -0,0 +1,4 @@
+  o Required libraries:
+    - When building with OpenSSL, Tor now requires version 1.0.1 or later.
+      OpenSSL 1.0.0 and earlier are no longer supported by the openssl team,
+      and should not be used. Closes ticket 20303.
diff --git a/configure.ac b/configure.ac
index 23371d3..af42896 100644
--- a/configure.ac
+++ b/configure.ac
@@ -614,12 +614,12 @@ CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
 
 AC_TRY_COMPILE([
 #include <openssl/opensslv.h>
-#if OPENSSL_VERSION_NUMBER < 0x1000000fL
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
 #error "too old"
 #endif
    ], [],
    [ : ],
-   [ AC_ERROR([OpenSSL is too old. We require 1.0.0 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
+   [ AC_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
 
 AC_TRY_COMPILE([
 #include <openssl/opensslv.h>
diff --git a/src/common/compat_openssl.h b/src/common/compat_openssl.h
index a7bdb0a..1bfe188 100644
--- a/src/common/compat_openssl.h
+++ b/src/common/compat_openssl.h
@@ -15,8 +15,9 @@
  * \brief compatability definitions for working with different openssl forks
  **/
 
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
-#error "We require OpenSSL >= 1.0.0"
+#if !defined(LIBRESSL_VERSION_NUMBER) && \
+  OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
+#error "We require OpenSSL >= 1.0.1"
 #endif
 
 #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] Merge branch 'bug20176_v2'
Next by Author: [tor-commits] [tor/master] Merge branch 'buf_sentinel_026_v2' into maint-0.2.8
Previous by thread: [tor-commits] [tor/release-0.2.8] Merge branch 'maint-0.2.8' into release-0.2.8
Next by thread: [tor-commits] [tor/master] Merge branch 'no_openssl_100'
Index(es):
- Author
- Thread