[tor/master] Stop implying that we support openssl 1.0.0; we don't. - tor-commits

6 Oct 2016

commit 850ec1e2822482435bb0efa8853a74d6f0feaa20
Author: Nick Mathewson nickm@torproject.org
Date:   Thu Oct 6 12:58:49 2016 -0400
Stop implying that we support openssl 1.0.0; we don't.
Closes ticket 20303.
The LIBRESSL_VERSION_NUMBER check is needed because if our openssl
    is really libressl, it will have an openssl version number we can't
    really believe.
---
 changes/no_openssl_100      | 4 ++++
 configure.ac                | 4 ++--
 src/common/compat_openssl.h | 5 +++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/changes/no_openssl_100 b/changes/no_openssl_100
new file mode 100644
index 0000000..dd89da8
--- /dev/null
+++ b/changes/no_openssl_100
@@ -0,0 +1,4 @@
+  o Required libraries:
+    - When building with OpenSSL, Tor now requires version 1.0.1 or later.
+      OpenSSL 1.0.0 and earlier are no longer supported by the openssl team,
+      and should not be used. Closes ticket 20303.
diff --git a/configure.ac b/configure.ac
index 23371d3..af42896 100644
--- a/configure.ac
+++ b/configure.ac
@@ -614,12 +614,12 @@ CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
AC_TRY_COMPILE([
 #include <openssl/opensslv.h>
-#if OPENSSL_VERSION_NUMBER < 0x1000000fL
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
 #error "too old"
 #endif
    ], [],
    [ : ],
-   [ AC_ERROR([OpenSSL is too old. We require 1.0.0 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
+   [ AC_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
AC_TRY_COMPILE([
 #include <openssl/opensslv.h>
diff --git a/src/common/compat_openssl.h b/src/common/compat_openssl.h
index a7bdb0a..1bfe188 100644
--- a/src/common/compat_openssl.h
+++ b/src/common/compat_openssl.h
@@ -15,8 +15,9 @@
  * \brief compatability definitions for working with different openssl forks
  **/
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
-#error "We require OpenSSL >= 1.0.0"
+#if !defined(LIBRESSL_VERSION_NUMBER) && \
+  OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
+#error "We require OpenSSL >= 1.0.1"
 #endif
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \

    