commit 8e562874a42a1a3eb982ba2df3ff1f3860db0d31 Author: Nick Mathewson nickm@torproject.org Date: Mon Mar 5 15:34:04 2018 -0500
Edit our openssl detection in autoconf to tolerate no-deprecated.
When openssl is built with no-deprecated, the TLSv1_1_method() function isn't visible in the headers. That's sad, because that method is what we were looking at.
Instead, we now look at SSL_CIPHER_get_id(), which is present in OpenSSL 1.0.1 and later, which is _not_ deprecated, and which is also present in LibreSSL.
Fixes ticket 25353. Not a bugfix exactly -- we never really worked with this configuration. --- configure.ac | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac index 878f5a88b..aa2617b70 100644 --- a/configure.ac +++ b/configure.ac @@ -788,9 +788,18 @@ AC_ARG_WITH(ssl-dir,
AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1]) TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS32], - [#include <openssl/ssl.h>], - [struct ssl_method_st; const struct ssl_method_st *TLSv1_1_method(void);], - [TLSv1_1_method();], [], + [#include <openssl/ssl.h> + char *getenv(const char *);], + [struct ssl_cipher_st; + unsigned SSL_CIPHER_get_id(const struct ssl_cipher_st *); + char *getenv(const char *);], + dnl This funny-looking test program calls getenv, so that the compiler + dnl will neither make code that call SSL_CIPHER_get_id(NULL) [producing + dnl a crash], nor optimize out the call to SSL_CIPHER_get_id(). + dnl We look for SSL_cipher_get_id() because it is present in + dnl OpenSSL >=1.0.1, because it is not deprecated, and because Tor + dnl depends on it. + [if (getenv("THIS_SHOULDNT_BE_SET_X201803")) SSL_CIPHER_get_id((void *)0);], [], [/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl])
dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()
tor-commits@lists.torproject.org