A few more minor OpenSSL 1.1 fixes.

 * Use `TLS_method()` instead of the deprecated `SSLv23_method()`
 * Fix one missed conversion to `SSL_CIPHER_get_id()`

diff --git a/configure.ac b/configure.ac
index ab96c20f3f1d1efd11fb9e9860a87ea8ee8784fe..b8ca188a871f4a0df4325aa8765142b17b7b96bd 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -640,6 +640,7 @@ AC_CHECK_FUNCS([ \
                 SSL_get_client_ciphers \
                 SSL_get_client_random \
                SSL_CIPHER_find \
+               TLS_method
               ])
 LIBS="$save_LIBS"
 LDFLAGS="$save_LDFLAGS"

diff --git a/src/common/tortls.c b/src/common/tortls.c
index deeee5f0521673b8584b8ebeb53ec69473ba576d..1812e3f9d5ba8f633c6edb99eae82b00e302d2fc 100644 (file)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1252,8 +1252,13 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
 #endif
 
   /* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */
+#ifdef HAVE_TLS_METHOD
+  if (!(result->ctx = SSL_CTX_new(TLS_method())))
+    goto error;
+#else
   if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
     goto error;
+#endif
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2);
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
 
@@ -1497,7 +1502,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
                       * cipher with the appropriate 3 bytes. */
     c = SSL_CIPHER_find((SSL*)ssl, cipherid);
     if (c)
-      tor_assert((c->id & 0xffff) == cipher);
+      tor_assert((SSL_CIPHER_get_id(c) & 0xffff) == cipher);
     return c != NULL;
   }
 #elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR)
@@ -1540,7 +1545,11 @@ static void
 prune_v2_cipher_list(const SSL *ssl)
 {
   uint16_t *inp, *outp;
+#ifdef HAVE_TLS_METHOD
+  const SSL_METHOD *m = TLS_method();
+#else
   const SSL_METHOD *m = SSLv23_method();
+#endif
 
   inp = outp = v2_cipher_list;
   while (*inp) {