Add some points to make it easy to turn off v3 support

2024-11-24 04:13:28 +01:00 · 2011-10-10 23:12:29 -04:00 · 2011-10-10 23:12:29 -04:00 · 8af0cfc10d
commit 8af0cfc10d
parent cc07b5a129
2 changed files with 16 additions and 0 deletions
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -1095,7 +1095,11 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)

  tor_tls_init();
  nickname = crypto_random_hostname(8, 20, "www.", ".net");
+#ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
+  nn2 = crypto_random_hostname(8, 20, "www.", ".net");
+#else
  nn2 = crypto_random_hostname(8, 20, "www.", ".com");
+#endif

  /* Generate short-term RSA key for use with TLS. */
  if (!(rsa = crypto_new_pk_env()))
@ -2183,6 +2187,10 @@ tor_tls_used_v1_handshake(tor_tls_t *tls)
 static int
 dn_indicates_v3_cert(X509_NAME *name)
 {
+#ifdef DISABLE_V3_LINKPROTO_CLIENTSIDE
+  (void)name;
+  return 0;
+#else
  X509_NAME_ENTRY *entry;
  int n_entries;
  ASN1_OBJECT *obj;
@ -2206,6 +2214,7 @@ dn_indicates_v3_cert(X509_NAME *name)
  r = fast_memneq(s + len - 4, ".net", 4);
  OPENSSL_free(s);
  return r;
+#endif
 }

 /** Return true iff the peer certificate we're received on <b>tls</b>
--- a/src/or/command.c
+++ b/src/or/command.c
@ -689,6 +689,13 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
             send_chall ? " AUTH_CHALLENGE" : "",
             send_netinfo ? " NETINFO" : "");

+#ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
+    if (1) {
+      connection_mark_for_close(TO_CONN(conn));
+      return;
+    }
+#endif
+
    if (send_versions) {
      if (connection_or_send_versions(conn, 1) < 0) {
        log_warn(LD_OR, "Couldn't send versions cell");