[or-cvs] [tor/master] Detect the correct versions of openssl for tls negotiation fix

[nickm at torproject.org]

Author: Nick Mathewson <nickm at torproject.org>
Date: Fri, 29 Jan 2010 17:11:20 -0500
Subject: Detect the correct versions of openssl for tls negotiation fix
Commit: 4905eaa38cefadf3aa5aac25e679fd3102688984

Since it doesn't seem to hurt, we should use _both_ fixes whenever
we see OpenSSL 0.9.7L .. 0.9.8, or OpenSSL 0.9.8L..
---
 src/common/tortls.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 33fed4c..344515b 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -358,13 +358,13 @@ tor_tls_init(void)
     version = SSLeay();
     if (version >= 0x009070c0L && version < 0x00908000L) {
       log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.7l or later; "
-                 "I will use SSL3_FLAGS to enable renegotation",
+                 "I will try SSL3_FLAGS and SSL3_OP to enable renegotation",
                  SSLeay_version(SSLEAY_VERSION));
       use_unsafe_renegotiation_flag = 1;
       use_unsafe_renegotiation_op = 1;
-    } else if (version >= 0x009080d0L) {
-      log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8m or later; "
-                 "I will use SSL_OP to enable renegotiation",
+    } else if (version >= 0x009080c0L) {
+      log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l or later; "
+                 "I will try SSL3_FLAGS and SSL_OP to enable renegotiation",
                  SSLeay_version(SSLEAY_VERSION));
       use_unsafe_renegotiation_flag = 1;
       use_unsafe_renegotiation_op = 1;
-- 
1.6.5