Set OpenSSL 0.9.8l renegotiation flag early enough for bufferevents

This seems to fix another case of bug2001.
This commit is contained in:
Nick Mathewson 2010-10-12 14:45:15 -04:00
parent a9172c87be
commit fbacbf9fd9
2 changed files with 21 additions and 0 deletions

View File

@ -863,6 +863,10 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
if (tls) { if (tls) {
tls->wasV2Handshake = 1; tls->wasV2Handshake = 1;
#ifdef USE_BUFFEREVENTS
if (use_unsafe_renegotiation_flag)
tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
#endif
} else { } else {
log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!"); log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!");
} }
@ -1071,6 +1075,18 @@ tor_tls_block_renegotiation(tor_tls_t *tls)
tls->ssl->s3->flags &= ~SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; tls->ssl->s3->flags &= ~SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
} }
void
tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
{
if (use_unsafe_renegotiation_flag) {
tor_assert(0 != (tls->ssl->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
}
if (use_unsafe_renegotiation_op) {
long options = SSL_get_options(tls->ssl);
tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
}
}
/** Return whether this tls initiated the connect (client) or /** Return whether this tls initiated the connect (client) or
* received it (server). */ * received it (server). */
int int
@ -1752,6 +1768,10 @@ tor_tls_init_bufferevent(tor_tls_t *tls, struct bufferevent *bufev_in,
state, state,
BEV_OPT_DEFER_CALLBACKS); BEV_OPT_DEFER_CALLBACKS);
#endif #endif
/* Unblock _after_ creating the bufferevent, since accept/connect tend to
* clear flags. */
tor_tls_unblock_renegotiation(tls);
return out; return out;
} }
#endif #endif

View File

@ -68,6 +68,7 @@ int tor_tls_finish_handshake(tor_tls_t *tls);
int tor_tls_renegotiate(tor_tls_t *tls); int tor_tls_renegotiate(tor_tls_t *tls);
void tor_tls_unblock_renegotiation(tor_tls_t *tls); void tor_tls_unblock_renegotiation(tor_tls_t *tls);
void tor_tls_block_renegotiation(tor_tls_t *tls); void tor_tls_block_renegotiation(tor_tls_t *tls);
void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls);
int tor_tls_shutdown(tor_tls_t *tls); int tor_tls_shutdown(tor_tls_t *tls);
int tor_tls_get_pending_bytes(tor_tls_t *tls); int tor_tls_get_pending_bytes(tor_tls_t *tls);
size_t tor_tls_get_forced_write_size(tor_tls_t *tls); size_t tor_tls_get_forced_write_size(tor_tls_t *tls);