From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 6 May 2025 12:25:25 +0000 (-0400)
Subject: openssl: Use TLS_method unconditionally.
X-Git-Tag: tor-0.4.9.3-alpha~55^2~11
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=64c1d38664e13dcd4a21413d877820f6ee656d0d;p=thirdparty%2Ftor.git

openssl: Use TLS_method unconditionally.

Every version of openssl/libressl we support has this.
---

diff --git a/configure.ac b/configure.ac
index d0585ca154..4e73a848cc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1128,8 +1128,7 @@ AC_CHECK_FUNCS([ \
 		SSL_CIPHER_find \
 		SSL_CTX_set1_groups_list \
 		SSL_CTX_set_security_level \
-		SSL_get_client_ciphers \
-		TLS_method \
+		SSL_get_client_ciphers
 	       ])
 
 fi # enable_nss
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 8b238d7bda..4c74085d64 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -507,13 +507,8 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
 #endif /* 0 */
 
   /* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */
-#ifdef HAVE_TLS_METHOD
   if (!(result->ctx = SSL_CTX_new(TLS_method())))
     goto error;
-#else
-  if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
-    goto error;
-#endif /* defined(HAVE_TLS_METHOD) */
 
 #ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
   /* Level 1 re-enables RSA1024 and DH1024 for compatibility with old tors */