From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 5 Jan 2012 19:17:44 +0000 (-0500)
Subject: Merge remote-tracking branch 'origin/maint-0.2.2'
X-Git-Tag: tor-0.2.3.11-alpha~52
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ef69f2f2ab588ea51ade8587c8c0af2064c32c85;p=thirdparty%2Ftor.git

Merge remote-tracking branch 'origin/maint-0.2.2'
---

ef69f2f2ab588ea51ade8587c8c0af2064c32c85
diff --cc src/common/tortls.c
index 2b46612aec,ef61f71b3d..b7cd835444
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@@ -1158,20 -771,20 +1168,24 @@@ tor_tls_context_new(crypto_pk_env_t *id
    result = tor_malloc_zero(sizeof(tor_tls_context_t));
    result->refcnt = 1;
    if (!is_client) {
 -    result->my_cert = X509_dup(cert);
 -    result->my_id_cert = X509_dup(idcert);
 -    result->key = crypto_pk_dup_key(rsa);
 +    result->my_link_cert = tor_cert_new(X509_dup(cert));
 +    result->my_id_cert = tor_cert_new(X509_dup(idcert));
 +    result->my_auth_cert = tor_cert_new(X509_dup(authcert));
 +    if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert)
 +      goto error;
 +    result->link_key = crypto_pk_dup_key(rsa);
 +    result->auth_key = crypto_pk_dup_key(rsa_auth);
    }
  
- #ifdef EVERYONE_HAS_AES
-   /* Tell OpenSSL to only use TLS1 */
+ #if 0
+   /* Tell OpenSSL to only use TLS1. This would actually break compatibility
+    * with clients that are configured to use SSLv23_method(), so we should
+    * probably never use it.
+    */
    if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
      goto error;
- #else
+ #endif
+ 
    /* Tell OpenSSL to use SSL3 or TLS1 but not SSL2. */
    if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
      goto error;