Updated libtor dependencies.

berty · Dec 11, 2020 · 245a979 · 245a979
1 parent 957c98c
commit 245a979
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ The `go-libtor` project is a self-contained, fully statically linked Tor library
 |:-:|:-:|:-:|
 | zlib | 1.2.11 | [`cacf7f1d4e3d44d871b605da3b647f07d718623f`](https://github.com/madler/zlib/commit/cacf7f1d4e3d44d871b605da3b647f07d718623f) |
 | libevent | 2.2.0-alpha-dev | [`657e180694a97c6d70d58cd60b82e43dc23ac4b2`](https://github.com/libevent/libevent/commit/657e180694a97c6d70d58cd60b82e43dc23ac4b2) |
-| openssl | 1.1.1-stable | [`7da3894cdddd70ce0d6641f345a23ee9de0082cb`](https://github.com/openssl/openssl/commit/7da3894cdddd70ce0d6641f345a23ee9de0082cb) |
+| openssl | 1.1.1-stable | [`ad8e83cf11187388c71cfbdb70880d9e7ed26e0e`](https://github.com/openssl/openssl/commit/ad8e83cf11187388c71cfbdb70880d9e7ed26e0e) |
 | tor | 0.3.5.12-dev | [`6cd23b29d262da3ecd07208804804d66550a6c9a`](https://gitweb.torproject.org/tor.git/commit/?id=6cd23b29d262da3ecd07208804804d66550a6c9a) |
 
 The library is currently supported on:

diff --git a/darwin/openssl/ssl/statem/statem_lib.c b/darwin/openssl/ssl/statem/statem_lib.c
@@ -1504,8 +1504,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
 
 /*
  * Only called by servers. Returns 1 if the server has a TLSv1.3 capable
- * certificate type, or has PSK or a certificate callback configured. Otherwise
- * returns 0.
+ * certificate type, or has PSK or a certificate callback configured, or has
+ * a servername callback configured. Otherwise returns 0.
  */
 static int is_tls13_capable(const SSL *s)
 {
@@ -1515,6 +1515,17 @@ static int is_tls13_capable(const SSL *s)
     EC_KEY *eckey;
 #endif
 
+    if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
+        return 0;
+
+    /*
+     * A servername callback can change the available certs, so if a servername
+     * cb is set then we just assume TLSv1.3 will be ok
+     */
+    if (s->ctx->ext.servername_cb != NULL
+            || s->session_ctx->ext.servername_cb != NULL)
+        return 1;
+
 #ifndef OPENSSL_NO_PSK
     if (s->psk_server_callback != NULL)
         return 1;

diff --git a/linux/openssl/ssl/statem/statem_lib.c b/linux/openssl/ssl/statem/statem_lib.c
@@ -1504,8 +1504,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
 
 /*
  * Only called by servers. Returns 1 if the server has a TLSv1.3 capable
- * certificate type, or has PSK or a certificate callback configured. Otherwise
- * returns 0.
+ * certificate type, or has PSK or a certificate callback configured, or has
+ * a servername callback configured. Otherwise returns 0.
  */
 static int is_tls13_capable(const SSL *s)
 {
@@ -1515,6 +1515,17 @@ static int is_tls13_capable(const SSL *s)
     EC_KEY *eckey;
 #endif
 
+    if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
+        return 0;
+
+    /*
+     * A servername callback can change the available certs, so if a servername
+     * cb is set then we just assume TLSv1.3 will be ok
+     */
+    if (s->ctx->ext.servername_cb != NULL
+            || s->session_ctx->ext.servername_cb != NULL)
+        return 1;
+
 #ifndef OPENSSL_NO_PSK
     if (s->psk_server_callback != NULL)
         return 1;

diff --git a/lock.json b/lock.json
@@ -1 +1 @@
-{"zlib":"cacf7f1d4e3d44d871b605da3b647f07d718623f","libevent":"657e180694a97c6d70d58cd60b82e43dc23ac4b2","openssl":"7da3894cdddd70ce0d6641f345a23ee9de0082cb","tor":"6cd23b29d262da3ecd07208804804d66550a6c9a"}
+{"zlib":"cacf7f1d4e3d44d871b605da3b647f07d718623f","libevent":"657e180694a97c6d70d58cd60b82e43dc23ac4b2","openssl":"ad8e83cf11187388c71cfbdb70880d9e7ed26e0e","tor":"6cd23b29d262da3ecd07208804804d66550a6c9a"}
diff --git a/openssl_config/buildinf.macos64.h b/openssl_config/buildinf.macos64.h
@@ -11,7 +11,7 @@
  */
 
 #define PLATFORM "platform: darwin64-x86_64-cc"
-#define DATE "built on: Wed Dec 9 13:43:44 2020 +0100"
+#define DATE "built on: Thu Dec 10 11:34:23 2020 +0000"
 
 /*
  * Generate compiler_flags as an array of individual characters. This is a

diff --git a/openssl_config/buildinf.x64.h b/openssl_config/buildinf.x64.h
@@ -11,7 +11,7 @@
  */
 
 #define PLATFORM "platform: linux-x86_64"
-#define DATE "built on: Wed Dec 9 13:43:44 2020 +0100"
+#define DATE "built on: Thu Dec 10 11:34:23 2020 +0000"
 
 /*
  * Generate compiler_flags as an array of individual characters. This is a

diff --git a/openssl_config/buildinf.x86.h b/openssl_config/buildinf.x86.h
@@ -11,7 +11,7 @@
  */
 
 #define PLATFORM "platform: linux-x86"
-#define DATE "built on: Wed Dec 9 13:43:44 2020 +0100"
+#define DATE "built on: Thu Dec 10 11:34:23 2020 +0000"
 
 /*
  * Generate compiler_flags as an array of individual characters. This is a