(I am not subscribed to this list, so please cc me in replies.) Here's a patch to make Tor work on NetBSD 5.1, which implemented OpenSSL 0.9.8l's ABI-incompatible SSL3_FLAGS method for reenabling TLS renegotiation. Tor already jumps through a number of hoops to guess the right way to reenable renegotiation in OpenSSL, but it guesses wrong for the version of OpenSSL that comes with NetBSD 5.1, which, being 0.9.9-dev, looks newer than 0.9.8m. I'm posting this here rather than on a Tor list because I don't think it should be Tor's responsibility to work around back-ports and forward-ports of broken OpenSSL features. What I'd really rather see is OpenSSL 0.9.8m's ABI-compatible SSL_OP method for reenabling TLS[*] put into NetBSD 5.1 (and SSL_OP_ALLOW_UNSAFE_RENEGOTIATION defined in ssl.h) so that this patch would be unnecessary.
Attachment:
nbsd51-reneg.patch
Description: Binary data