Merge branch 'maint-0.3.4' into maint-0.3.5

diff --cc configure.ac
Simple merge

diff --cc src/lib/tls/tortls_openssl.c
index 227225b96e5adb0c82a7adf1fa40fe8e64b0b254,653bd66de5d5918514234ea09378ebd3b8367a0c..235620714a2407d5f334bc0e8a1df1bd20ee8abd
--- 1/src/lib/tls/tortls_openssl.c
--- 2/src/common/tortls.c
+++ b/src/lib/tls/tortls_openssl.c
@@@ -632,13 -1278,28 +632,29 @@@ tor_tls_context_new(crypto_pk_t *identi
      if (!SSL_CTX_check_private_key(result->ctx))
        goto error;
    }
 +
    {
 -    crypto_dh_t *dh = crypto_dh_new(DH_TYPE_TLS);
 +    DH *dh = crypto_dh_new_openssl_tls();
      tor_assert(dh);
 -    SSL_CTX_set_tmp_dh(result->ctx, crypto_dh_get_dh_(dh));
 -    crypto_dh_free(dh);
 +    SSL_CTX_set_tmp_dh(result->ctx, dh);
 +    DH_free(dh);
    }
+ /* We check for this function in two ways, since it might be either a symbol
+  * or a macro. */
+ #if defined(SSL_CTX_set1_groups_list) || defined(HAVE_SSL_CTX_SET1_GROUPS_LIST)
+   {
+     const char *list;
+     if (flags & TOR_TLS_CTX_USE_ECDHE_P224)
+       list = "P-224:P-256";
+     else if (flags & TOR_TLS_CTX_USE_ECDHE_P256)
+       list = "P-256:P-224";
+     else
+       list = "P-256:P-224";
+     int r = SSL_CTX_set1_groups_list(result->ctx, list);
+     if (r < 0)
+       goto error;
+   }
+ #else
    if (! is_client) {
      int nid;
      EC_KEY *ec_key;