[tor-commits] [tor/master] Merge remote-tracking branch 'origin/maint-0.2.2'

[nickm at torproject.org]

commit ef69f2f2ab588ea51ade8587c8c0af2064c32c85
Merge: 13b2aa6 ccd8289
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Jan 5 14:17:44 2012 -0500

    Merge remote-tracking branch 'origin/maint-0.2.2'

 changes/bug4822     |   13 +++++++++++++
 src/common/tortls.c |   37 ++++++++++++++++++++++++++++++++++---
 2 files changed, 47 insertions(+), 3 deletions(-)

diff --cc src/common/tortls.c
index 2b46612,ef61f71..b7cd835
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@@ -1158,20 -771,20 +1168,24 @@@ tor_tls_context_new(crypto_pk_env_t *id
    result = tor_malloc_zero(sizeof(tor_tls_context_t));
    result->refcnt = 1;
    if (!is_client) {
 -    result->my_cert = X509_dup(cert);
 -    result->my_id_cert = X509_dup(idcert);
 -    result->key = crypto_pk_dup_key(rsa);
 +    result->my_link_cert = tor_cert_new(X509_dup(cert));
 +    result->my_id_cert = tor_cert_new(X509_dup(idcert));
 +    result->my_auth_cert = tor_cert_new(X509_dup(authcert));
 +    if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert)
 +      goto error;
 +    result->link_key = crypto_pk_dup_key(rsa);
 +    result->auth_key = crypto_pk_dup_key(rsa_auth);
    }
  
- #ifdef EVERYONE_HAS_AES
-   /* Tell OpenSSL to only use TLS1 */
+ #if 0
+   /* Tell OpenSSL to only use TLS1. This would actually break compatibility
+    * with clients that are configured to use SSLv23_method(), so we should
+    * probably never use it.
+    */
    if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
      goto error;
- #else
+ #endif
+ 
    /* Tell OpenSSL to use SSL3 or TLS1 but not SSL2. */
    if (!(result->ctx = SSL_CTX_new(SSLv23_method())))
      goto error;