diff options
| author | gdt <gdt> | 2010-07-30 16:59:06 +0000 |
|---|---|---|
| committer | gdt <gdt> | 2010-07-30 16:59:06 +0000 |
| commit | df9a3685a5589c933e1013ae84c8f1b23f29a967 (patch) | |
| tree | a66786f622d0e7803c3926cb6f314e765719de8b /net/tor | |
| parent | 5888e3a22d73269925bd37bb6ace75d302ebd572 (diff) | |
| download | pkgsrc-df9a3685a5589c933e1013ae84c8f1b23f29a967.tar.gz | |
Add patch that should have been in previous commit.
Diffstat (limited to 'net/tor')
| -rw-r--r-- | net/tor/patches/patch-aa | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/net/tor/patches/patch-aa b/net/tor/patches/patch-aa new file mode 100644 index 00000000000..3180b6c6a26 --- /dev/null +++ b/net/tor/patches/patch-aa @@ -0,0 +1,40 @@ +From: Taylor R Campbell +Subject: patch for Tor to workaround OpenSSL renegotiation lossage on 5.1 +Cc: athaba (pkgsrc/net/tor maintainer) +Date: Fri, 30 Jul 2010 01:31:50 +0000 + +Here's a patch to make Tor work on NetBSD 5.1, which implemented +OpenSSL 0.9.8l's ABI-incompatible SSL3_FLAGS method for reenabling TLS +renegotiation. Tor already jumps through a number of hoops to guess +the right way to reenable renegotiation in OpenSSL, but it guesses +wrong for the version of OpenSSL that comes with NetBSD 5.1, which, +being 0.9.9-dev, looks newer than 0.9.8m. + +I'm posting this here rather than on a Tor list because I don't think +it should be Tor's responsibility to work around back-ports and +forward-ports of broken OpenSSL features. What I'd really rather see +is OpenSSL 0.9.8m's ABI-compatible SSL_OP method for reenabling TLS[*] +put into NetBSD 5.1 (and SSL_OP_ALLOW_UNSAFE_RENEGOTIATION defined in +ssl.h) so that this patch would be unnecessary. +[2. text/plain; nbsd51-reneg] + +--- ./src/common/tortls.c.~1~ 2010-05-02 22:02:50.000000000 +0000 ++++ ./src/common/tortls.c 2010-07-30 00:34:00.000000000 +0000 +@@ -356,6 +356,17 @@ + * program should be allowed to use renegotiation its first passed an + * test of intelligence and determination. + */ ++#ifdef __NetBSD__ ++ /* In NetBSD 5.1, OpenSSL 0.9.9-dev was imported and `fixed' to use ++ the same scheme as 0.9.8l. */ ++ if (version == 0x00909000L) { ++ log_notice(LD_GENERAL, "OpenSSL %s on NetBSD looks like version 0.9.8l; " ++ "I will try SSL3_FLAGS to enable renegotation.", ++ SSLeay_version(SSLEAY_VERSION)); ++ use_unsafe_renegotiation_flag = 1; ++ use_unsafe_renegotiation_op = 1; ++ } else ++#endif + if (version >= 0x009080c0L && version < 0x009080d0L) { + log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; " + "I will try SSL3_FLAGS to enable renegotation.", |