NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

patch for Tor to workaround OpenSSL renegotiation lossage on 5.1

(I am not subscribed to this list, so please cc me in replies.)

Here's a patch to make Tor work on NetBSD 5.1, which implemented
OpenSSL 0.9.8l's ABI-incompatible SSL3_FLAGS method for reenabling TLS
renegotiation.  Tor already jumps through a number of hoops to guess
the right way to reenable renegotiation in OpenSSL, but it guesses
wrong for the version of OpenSSL that comes with NetBSD 5.1, which,
being 0.9.9-dev, looks newer than 0.9.8m.

I'm posting this here rather than on a Tor list because I don't think
it should be Tor's responsibility to work around back-ports and
forward-ports of broken OpenSSL features.  What I'd really rather see
is OpenSSL 0.9.8m's ABI-compatible SSL_OP method for reenabling TLS[*]
put into NetBSD 5.1 (and SSL_OP_ALLOW_UNSAFE_RENEGOTIATION defined in
ssl.h) so that this patch would be unnecessary.

Attachment: nbsd51-reneg.patch
Description: Binary data

Home | Main Index | Thread Index | Old Index