commit ef69f2f2ab588ea51ade8587c8c0af2064c32c85 Merge: 13b2aa6 ccd8289 Author: Nick Mathewson nickm@torproject.org Date: Thu Jan 5 14:17:44 2012 -0500
Merge remote-tracking branch 'origin/maint-0.2.2'
changes/bug4822 | 13 +++++++++++++ src/common/tortls.c | 37 ++++++++++++++++++++++++++++++++++--- 2 files changed, 47 insertions(+), 3 deletions(-)
diff --cc src/common/tortls.c index 2b46612,ef61f71..b7cd835 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@@ -1158,20 -771,20 +1168,24 @@@ tor_tls_context_new(crypto_pk_env_t *id result = tor_malloc_zero(sizeof(tor_tls_context_t)); result->refcnt = 1; if (!is_client) { - result->my_cert = X509_dup(cert); - result->my_id_cert = X509_dup(idcert); - result->key = crypto_pk_dup_key(rsa); + result->my_link_cert = tor_cert_new(X509_dup(cert)); + result->my_id_cert = tor_cert_new(X509_dup(idcert)); + result->my_auth_cert = tor_cert_new(X509_dup(authcert)); + if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert) + goto error; + result->link_key = crypto_pk_dup_key(rsa); + result->auth_key = crypto_pk_dup_key(rsa_auth); }
- #ifdef EVERYONE_HAS_AES - /* Tell OpenSSL to only use TLS1 */ + #if 0 + /* Tell OpenSSL to only use TLS1. This would actually break compatibility + * with clients that are configured to use SSLv23_method(), so we should + * probably never use it. + */ if (!(result->ctx = SSL_CTX_new(TLSv1_method()))) goto error; - #else + #endif + /* Tell OpenSSL to use SSL3 or TLS1 but not SSL2. */ if (!(result->ctx = SSL_CTX_new(SSLv23_method()))) goto error;