From 759ed3ce3f1de0911f25ad1e3a8016e01d3272a6 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sun, 29 Jul 2007 23:11:42 +0000 Subject: [PATCH] r13988@catbus: nickm | 2007-07-29 16:32:36 -0400 Cheesy attempt to break some censorware. Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them. svn:r10975 --- ChangeLog | 4 ++++ src/common/tortls.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 82680ea469..104a07b060 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,10 @@ Changes in version 0.2.0.3-alpha - 2007-07-29 - Directory authorities now never mark more than 3 servers per IP as Valid and Running. (Implements proposal 109, by Kevin Bauer and Damon McCoy.) + - Minor change to organizationName and commonName generation procedures + in certificates, to invalidate some earlier censorware approaches. + This is not a long-term solution, but applying it will give us a bit of + time to look into the epidemiology of countermeasures as they spread. o Major bugfixes (directory): - Rewrite directory tokenization code to never run off the end of diff --git a/src/common/tortls.c b/src/common/tortls.c index f56ce10bab..de39969d54 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -274,7 +274,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa, if ((nid = OBJ_txt2nid("organizationName")) == NID_undef) goto error; if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, - (unsigned char*)"Tor", -1, -1, 0))) + (unsigned char*)"t o r", -1, -1, 0))) goto error; if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, @@ -288,7 +288,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa, if ((nid = OBJ_txt2nid("organizationName")) == NID_undef) goto error; if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC, - (unsigned char*)"Tor", -1, -1, 0))) + (unsigned char*)"t o r", -1, -1, 0))) goto error; if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC, @@ -361,7 +361,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname, char nn2[128]; if (!nickname) nickname = "null"; - tor_snprintf(nn2, sizeof(nn2), "%s ", nickname); + tor_snprintf(nn2, sizeof(nn2), "%s ", nickname); tor_tls_init();