commit 8855b2a90c8b3314ac9aa804ec2802e9d4c50617 Merge: ef0bc7f 2da0efb Author: Nick Mathewson <nickm@torproject.org> Date: Fri Feb 10 10:56:37 2012 -0500 Merge remote-tracking branch 'origin/maint-0.2.2' Conflicts: src/common/tortls.c Conflict on comment near use of the new OPENSSL_V macro src/common/tortls.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --cc src/common/tortls.c index 26d3714,4c9d218..cffba2e --- a/src/common/tortls.c +++ b/src/common/tortls.c @@@ -79,11 -68,11 +79,11 @@@ #define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer") -#if (OPENSSL_VERSION_NUMBER < 0x0090813fL || \ - (OPENSSL_VERSION_NUMBER >= 0x00909000L && \ - OPENSSL_VERSION_NUMBER < 0x1000006fL)) +#if (OPENSSL_VERSION_NUMBER < OPENSSL_V(0,9,8,'s') || \ + (OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(0,9,9) && \ + OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f'))) /* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have - * the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and + * the CVE-2011-4576 fix, and as such it can't use RELEASE_BUFFERS and * SSL3 safely at the same time. */ #define DISABLE_SSL3_HANDSHAKE @@@ -1179,12 -794,12 +1179,12 @@@ tor_tls_context_new(crypto_pk_t *identi #ifdef DISABLE_SSL3_HANDSHAKE 1 || #endif - SSLeay() < 0x0090813fL || - (SSLeay() >= 0x00909000L && - SSLeay() < 0x1000006fL)) { + SSLeay() < OPENSSL_V(0,9,8,'s') || + (SSLeay() >= OPENSSL_V_SERIES(0,9,9) && + SSLeay() < OPENSSL_V(1,0,0,'f'))) { - /* And not SSL3 if it's subject to CVE-2011-4657. */ + /* And not SSL3 if it's subject to CVE-2011-4576. */ log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version " - "might otherwise be vulnerable to CVE-2011-4657 " + "might otherwise be vulnerable to CVE-2011-4576 " "(compile-time version %08lx (%s); " "runtime version %08lx (%s))", (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,