result = tor_malloc_zero(sizeof(tor_tls_context_t));
result->refcnt = 1;
if (!is_client) {
- result->my_cert = X509_dup(cert);
- result->my_id_cert = X509_dup(idcert);
- result->key = crypto_pk_dup_key(rsa);
+ result->my_link_cert = tor_cert_new(X509_dup(cert));
+ result->my_id_cert = tor_cert_new(X509_dup(idcert));
+ result->my_auth_cert = tor_cert_new(X509_dup(authcert));
+ if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert)
+ goto error;
+ result->link_key = crypto_pk_dup_key(rsa);
+ result->auth_key = crypto_pk_dup_key(rsa_auth);
}
- #ifdef EVERYONE_HAS_AES
- /* Tell OpenSSL to only use TLS1 */
+ #if 0
+ /* Tell OpenSSL to only use TLS1. This would actually break compatibility
+ * with clients that are configured to use SSLv23_method(), so we should
+ * probably never use it.
+ */
if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
goto error;
- #else
+ #endif
+
/* Tell OpenSSL to use SSL3 or TLS1 but not SSL2. */
if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
goto error;
projects / thirdparty / tor.git / commitdiff
