[tor-commits] [tor/master] Stop looking at session->ciphers when possible

nickm at torproject.org nickm at torproject.org
Tue Jun 2 17:45:51 UTC 2015 

commit 95375963981bb2346429de86b0cbb558d6b399d5
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue May 26 11:05:36 2015 -0400

    Stop looking at session->ciphers when possible
    
    If the OpenSSL team accepts my patch to add an
    SSL_get_client_ciphers function, this patch will make Tor use it
    when available, thereby working better with openssl 1.1.
---
 configure.ac        |   17 +++++++++++++++++
 src/common/tortls.c |    8 +++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index cc271c8..ede8f84 100644
--- a/configure.ac
+++ b/configure.ac
@@ -623,10 +623,27 @@ else
 fi
 AC_SUBST(TOR_OPENSSL_LIBS)
 
+dnl Now check for particular openssl functions.
+save_LIBS="$LIBS"
+save_LDFLAGS="$LDFLAGS"
+save_CPPFLAGS="$CPPFLAGS"
+LIBS="$TOR_OPENSSL_LIBS $LIBS"
+LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
+CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
 AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
 [#include <openssl/ssl.h>
 ])
 
+AC_CHECK_FUNCS([ \
+		SSL_SESSION_get_master_key \
+		SSL_get_server_random \
+                SSL_get_client_ciphers \
+                SSL_get_client_random \
+	       ])
+LIBS="$save_LIBS"
+LDFLAGS="$save_LDFLAGS"
+CPPFLAGS="$save_CPPFLAGS"
+
 dnl ------------------------------------------------------
 dnl Where do you live, zlib?  And how do we call you?
 
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 01bccd7..d4a565c 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1644,13 +1644,19 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
 static int
 tor_tls_client_is_using_v2_ciphers(const SSL *ssl)
 {
+  STACK_OF(SSL_CIPHER) *ciphers;
+#ifdef HAVE_SSL_GET_CLIENT_CIPHERS
+  ciphers = SSL_get_client_ciphers(ssl);
+#else
   SSL_SESSION *session;
   if (!(session = SSL_get_session((SSL *)ssl))) {
     log_info(LD_NET, "No session on TLS?");
     return CIPHERS_ERR;
   }
+  ciphers = session->ciphers;
+#endif
 
-  return tor_tls_classify_client_ciphers(ssl, session->ciphers) >= CIPHERS_V2;
+  return tor_tls_classify_client_ciphers(ssl, ciphers) >= CIPHERS_V2;
 }
 
 /** Invoked when we're accepting a connection on <b>ssl</b>, and the connection

More information about the tor-commits mailing list