nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

simplify the tortls api: we only support being a "server", that

Browse Source 
is, even tor clients do the same sort of handshake.

this has been true for years, so it's best to get rid of the
stale code.


svn:r6557
This commit is contained in:
Roger Dingledine 2006-06-07 06:10:54 +00:00
parent 7512be0b65
commit 0bfef523df
4 changed files with 26 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/common/tortls.c
View File

@ -301,11 +301,12 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
#define CIPHER_LIST SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA #define CIPHER_LIST SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA
#endif #endif
/** Create a new TLS context. If we are going to be using it as a /** Create a new TLS context for use with Tor TLS handshakes.
* server, it must have isServer set to true, <b>identity</b> set to the * <b>identity</b> should be set to the identity key used to sign the
* identity key used to sign that certificate, and <b>nickname</b> set to * certificate, and <b>nickname</b> set to the nickname to use.
* the server's nickname. If we're only going to be a client, *
* isServer should be false, identity should be NULL, and nickname * XXX to be removed next:
* If we're only going to be a client, identity should be NULL, and nickname
* should be NULL. Return -1 if failure, else 0. * should be NULL. Return -1 if failure, else 0.
* *
* You can call this function multiple times. Each time you call it, * You can call this function multiple times. Each time you call it,
@ -313,8 +314,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
* the new SSL context. * the new SSL context.
*/ */
int int
tor_tls_context_new(crypto_pk_env_t *identity, tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname,
int isServer, const char *nickname,
unsigned int key_lifetime) unsigned int key_lifetime)
{ {
crypto_pk_env_t *rsa = NULL; crypto_pk_env_t *rsa = NULL;
@ -331,22 +331,20 @@ tor_tls_context_new(crypto_pk_env_t *identity,
tor_tls_init(); tor_tls_init();
if (isServer) { /* Generate short-term RSA key. */
/* Generate short-term RSA key. */ if (!(rsa = crypto_new_pk_env()))
if (!(rsa = crypto_new_pk_env())) goto error;
goto error; if (crypto_pk_generate_key(rsa)<0)
if (crypto_pk_generate_key(rsa)<0) goto error;
goto error; /* Create certificate signed by identity key. */
/* Create certificate signed by identity key. */ cert = tor_tls_create_certificate(rsa, identity, nickname, nn2,
cert = tor_tls_create_certificate(rsa, identity, nickname, nn2, key_lifetime);
key_lifetime); /* Create self-signed certificate for identity key. */
/* Create self-signed certificate for identity key. */ idcert = tor_tls_create_certificate(identity, identity, nn2, nn2,
idcert = tor_tls_create_certificate(identity, identity, nn2, nn2, IDENTITY_CERT_LIFETIME);
IDENTITY_CERT_LIFETIME); if (!cert || !idcert) {
if (!cert || !idcert) { log(LOG_WARN, LD_CRYPTO, "Error creating certificate");
log(LOG_WARN, LD_CRYPTO, "Error creating certificate"); goto error;
goto error;
}
} }
result = tor_malloc(sizeof(tor_tls_context_t)); result = tor_malloc(sizeof(tor_tls_context_t));
@ -376,7 +374,7 @@ tor_tls_context_new(crypto_pk_env_t *identity,
idcert=NULL; /* The context now owns the reference to idcert */ idcert=NULL; /* The context now owns the reference to idcert */
} }
SSL_CTX_set_session_cache_mode(*ctx, SSL_SESS_CACHE_OFF); SSL_CTX_set_session_cache_mode(*ctx, SSL_SESS_CACHE_OFF);
if (isServer && !client_only) { if (!client_only) {
tor_assert(rsa); tor_assert(rsa);
if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,1))) if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,1)))
goto error; goto error;

2
src/common/tortls.h
View File

@ -26,7 +26,7 @@ typedef struct tor_tls_t tor_tls_t;
#define TOR_TLS_DONE 0 #define TOR_TLS_DONE 0
void tor_tls_free_all(void); void tor_tls_free_all(void);
int tor_tls_context_new(crypto_pk_env_t *rsa, int isServer, int tor_tls_context_new(crypto_pk_env_t *rsa,
const char *nickname, unsigned int key_lifetime); const char *nickname, unsigned int key_lifetime);
tor_tls_t *tor_tls_new(int sock, int is_server, int use_no_cert); tor_tls_t *tor_tls_new(int sock, int is_server, int use_no_cert);
int tor_tls_is_server(tor_tls_t *tls); int tor_tls_is_server(tor_tls_t *tls);

2
src/or/main.c
View File

@ -757,7 +757,7 @@ run_scheduled_events(time_t now)
last_rotated_certificate = now; last_rotated_certificate = now;
if (last_rotated_certificate+MAX_SSL_KEY_LIFETIME < now) { if (last_rotated_certificate+MAX_SSL_KEY_LIFETIME < now) {
log_info(LD_GENERAL,"Rotating tls context."); log_info(LD_GENERAL,"Rotating tls context.");
if (tor_tls_context_new(get_identity_key(), 1, options->Nickname, if (tor_tls_context_new(get_identity_key(), options->Nickname,
MAX_SSL_KEY_LIFETIME) < 0) { MAX_SSL_KEY_LIFETIME) < 0) {
log_warn(LD_BUG, "Error reinitializing TLS context"); log_warn(LD_BUG, "Error reinitializing TLS context");
/* XXX is it a bug here, that we just keep going? */ /* XXX is it a bug here, that we just keep going? */

4
src/or/router.c
View File

@ -260,7 +260,7 @@ init_keys(void)
return -1; return -1;
set_identity_key(prkey); set_identity_key(prkey);
/* Create a TLS context; default the client nickname to "client". */ /* Create a TLS context; default the client nickname to "client". */
if (tor_tls_context_new(get_identity_key(), 1, if (tor_tls_context_new(get_identity_key(),
options->Nickname ? options->Nickname : "client", options->Nickname ? options->Nickname : "client",
MAX_SSL_KEY_LIFETIME) < 0) { MAX_SSL_KEY_LIFETIME) < 0) {
log_err(LD_GENERAL,"Error creating TLS context for OP."); log_err(LD_GENERAL,"Error creating TLS context for OP.");
@ -302,7 +302,7 @@ init_keys(void)
} }
/* 3. Initialize link key and TLS context. */ /* 3. Initialize link key and TLS context. */
if (tor_tls_context_new(get_identity_key(), 1, options->Nickname, if (tor_tls_context_new(get_identity_key(), options->Nickname,
MAX_SSL_KEY_LIFETIME) < 0) { MAX_SSL_KEY_LIFETIME) < 0) {
log_err(LD_GENERAL,"Error initializing TLS context"); log_err(LD_GENERAL,"Error initializing TLS context");
return -1; return -1;