From: Nick Mathewson Date: Fri, 10 Feb 2012 15:56:37 +0000 (-0500) Subject: Merge remote-tracking branch 'origin/maint-0.2.2' X-Git-Tag: tor-0.2.3.12-alpha~16 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8855b2a90c8b3314ac9aa804ec2802e9d4c50617;p=thirdparty%2Ftor.git Merge remote-tracking branch 'origin/maint-0.2.2' Conflicts: src/common/tortls.c Conflict on comment near use of the new OPENSSL_V macro --- 8855b2a90c8b3314ac9aa804ec2802e9d4c50617 diff --cc src/common/tortls.c index 26d37145a3,4c9d2188d4..cffba2e6ce --- a/src/common/tortls.c +++ b/src/common/tortls.c @@@ -79,11 -68,11 +79,11 @@@ #define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer") -#if (OPENSSL_VERSION_NUMBER < 0x0090813fL || \ - (OPENSSL_VERSION_NUMBER >= 0x00909000L && \ - OPENSSL_VERSION_NUMBER < 0x1000006fL)) +#if (OPENSSL_VERSION_NUMBER < OPENSSL_V(0,9,8,'s') || \ + (OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,9) && \ + OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f'))) /* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have - * the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and + * the CVE-2011-4576 fix, and as such it can't use RELEASE_BUFFERS and * SSL3 safely at the same time. */ #define DISABLE_SSL3_HANDSHAKE @@@ -1179,12 -794,12 +1179,12 @@@ tor_tls_context_new(crypto_pk_t *identi #ifdef DISABLE_SSL3_HANDSHAKE 1 || #endif - SSLeay() < 0x0090813fL || - (SSLeay() >= 0x00909000L && - SSLeay() < 0x1000006fL)) { + SSLeay() < OPENSSL_V(0,9,8,'s') || + (SSLeay() >= OPENSSL_V_SERIES(0,9,9) && + SSLeay() < OPENSSL_V(1,0,0,'f'))) { - /* And not SSL3 if it's subject to CVE-2011-4657. */ + /* And not SSL3 if it's subject to CVE-2011-4576. */ log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version " - "might otherwise be vulnerable to CVE-2011-4657 " + "might otherwise be vulnerable to CVE-2011-4576 " "(compile-time version %08lx (%s); " "runtime version %08lx (%s))", (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,