nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

r13988@catbus: nickm | 2007-07-29 16:32:36 -0400

Browse Source 
Cheesy attempt to break some censorware.  Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them.


svn:r10975
This commit is contained in:
Nick Mathewson 2007-07-29 23:11:42 +00:00
parent ca7c53d3cc
commit 759ed3ce3f
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -18,6 +18,10 @@ Changes in version 0.2.0.3-alpha - 2007-07-29
- Directory authorities now never mark more than 3 servers per IP as - Directory authorities now never mark more than 3 servers per IP as
Valid and Running. (Implements proposal 109, by Kevin Bauer and Valid and Running. (Implements proposal 109, by Kevin Bauer and
Damon McCoy.) Damon McCoy.)
- Minor change to organizationName and commonName generation procedures
in certificates, to invalidate some earlier censorware approaches.
This is not a long-term solution, but applying it will give us a bit of
time to look into the epidemiology of countermeasures as they spread.
o Major bugfixes (directory): o Major bugfixes (directory):
- Rewrite directory tokenization code to never run off the end of - Rewrite directory tokenization code to never run off the end of

6
src/common/tortls.c
View File

@ -274,7 +274,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
if ((nid = OBJ_txt2nid("organizationName")) == NID_undef) if ((nid = OBJ_txt2nid("organizationName")) == NID_undef)
goto error; goto error;
if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
(unsigned char*)"Tor", -1, -1, 0))) (unsigned char*)"t o r", -1, -1, 0)))
goto error; goto error;
if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
@ -288,7 +288,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
if ((nid = OBJ_txt2nid("organizationName")) == NID_undef) if ((nid = OBJ_txt2nid("organizationName")) == NID_undef)
goto error; goto error;
if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC, if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC,
(unsigned char*)"Tor", -1, -1, 0))) (unsigned char*)"t o r", -1, -1, 0)))
goto error; goto error;
if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC, if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC,
@ -361,7 +361,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname,
char nn2[128]; char nn2[128];
if (!nickname) if (!nickname)
nickname = "null"; nickname = "null";
tor_snprintf(nn2, sizeof(nn2), "%s <identity>", nickname); tor_snprintf(nn2, sizeof(nn2), "%s <signing>", nickname);
tor_tls_init(); tor_tls_init();