commit 4a24673436b2f8cf7a6bbbb353f97f1ae403e411
parent 4914e0e1ccc9ce52ce6c96c53925a5e64f7c6ff6
Author: Alexander Færøy <ahf@torproject.org>
Date: Mon, 8 Nov 2021 14:15:59 +0000
Merge remote-tracking branch 'tor-gitlab/mr/487' into maint-0.3.5
Diffstat:
2 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/changes/ticket40511 b/changes/ticket40511
@@ -0,0 +1,6 @@
+ o Minor features (compilation):
+ - Give an error message if trying to build with a version of LibreSSL
+ known not to work with Tor. (There's an incompatibility with
+ LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their
+ incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.)
+ Closes ticket 40511.
diff --git a/configure.ac b/configure.ac
@@ -963,6 +963,18 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
[ AC_MSG_RESULT([no]) ],
[ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
+AC_MSG_CHECKING([whether LibreSSL TLS 1.3 APIs are busted])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <openssl/opensslv.h>
+#if defined(LIBRESSL_VERSION_NUMBER) && \
+ LIBRESSL_VERSION_NUMBER >= 0x3020100fL && \
+ LIBRESSL_VERSION_NUMBER < 0x3040100fL
+#error "oh no"
+#endif
+ ]], [[]])],
+ [ AC_MSG_RESULT([no]) ],
+ [ AC_MSG_ERROR([This version of LibreSSL won't work with Tor. Please upgrade to LibreSSL 3.4.1 or later. (Or downgrade to 3.2.0 if you really must.)]) ])
+
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#include <openssl/evp.h>
