Minix/pkgsrc-ng
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
popt
pkgsrc-ng/net/tor/patches/patch-aa
Lionel Sambuc 4af1cdf7a9 Import of pkgsrc-2015Q1
2016-01-21 23:40:00 +01:00

43 lines
2.0 KiB
Plaintext
Raw Permalink Blame History

$NetBSD: patch-aa,v 1.10 2014/06/25 13:08:37 drochner Exp $
From: Taylor R Campbell
Subject: patch for Tor to workaround OpenSSL renegotiation lossage on 5.1
Cc: athaba (pkgsrc/net/tor maintainer)
Date: Fri, 30 Jul 2010 01:31:50 +0000
Here's a patch to make Tor work on NetBSD 5.1, which implemented
OpenSSL 0.9.8l's ABI-incompatible SSL3_FLAGS method for reenabling TLS
renegotiation. Tor already jumps through a number of hoops to guess
the right way to reenable renegotiation in OpenSSL, but it guesses
wrong for the version of OpenSSL that comes with NetBSD 5.1, which,
being 0.9.9-dev, looks newer than 0.9.8m.
I'm posting this here rather than on a Tor list because I don't think
it should be Tor's responsibility to work around back-ports and
forward-ports of broken OpenSSL features. What I'd really rather see
is OpenSSL 0.9.8m's ABI-compatible SSL_OP method for reenabling TLS[*]
put into NetBSD 5.1 (and SSL_OP_ALLOW_UNSAFE_RENEGOTIATION defined in
ssl.h) so that this patch would be unnecessary.
[2. text/plain; nbsd51-reneg]
--- src/common/tortls.c.orig 2014-05-08 03:20:58.000000000 +0000
+++ src/common/tortls.c
@@ -487,6 +487,17 @@ tor_tls_init(void)
* program should be allowed to use renegotiation unless it first passed
* a test of intelligence and determination.
*/
+#ifdef __NetBSD__
+ /* In NetBSD 5.1, OpenSSL 0.9.9-dev was imported and `fixed' to use
+ the same scheme as 0.9.8l. */
+ if (version == OPENSSL_V_NOPATCH(0,9,9)) {
+ log_info(LD_GENERAL, "OpenSSL %s on NetBSD looks like version 0.9.8l; "
+ "I will try SSL3_FLAGS and SSL_OP to enable renegotation.",
+ SSLeay_version(SSLEAY_VERSION));
+ use_unsafe_renegotiation_flag = 1;
+ use_unsafe_renegotiation_op = 1;
+ } else
+#endif
if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
log_info(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
"some vendors have backported renegotiation code from "
Reference in New Issue View Git Blame Copy Permalink