Commit Graph

11667 Commits

Author SHA1 Message Date
Andrew Lewman
0bd6cb31ed add in the apple incantations to get tls renegotiation to work. 2010-02-17 23:08:39 -05:00
Andrew Lewman
7f3b85d1df fix the win32 build instructions for openssl. 2010-02-17 23:07:51 -05:00
Roger Dingledine
de0330b092 Merge commit 'sebastian/oldstuff'
Conflicts:

	ChangeLog
2010-02-16 02:34:52 -05:00
Sebastian Hahn
f164a76f72 Remove legacy files from main source distribution
The AUTHORS file was pretty outdated. Its contents moved onto the
people page. Design paper and roadmaps moved to the projects
directory in svn.
2010-02-16 06:41:36 +01:00
Nick Mathewson
4e082ec84b Build correctly with Libevent 2.0.4-alpha and later 2010-02-15 16:47:47 -05:00
Nick Mathewson
79bdfb63e9 Remove the --enable-iphone option as needless.
On or-talk, Marco Bonetti reports that recent iPhone SDKs build
Tor fine without it.
2010-02-12 23:06:05 -05:00
Sebastian Hahn
82bba906f4 Remove the --enable-debug option for configure, it didn't do anything. 2010-02-13 01:19:26 +01:00
Nick Mathewson
3a7e7f1be4 Clean up whitespace 2010-02-11 00:24:23 -05:00
Andrew Lewman
ca2e4d20a5 updated win32 build instructions with new mingw and msys versions. 2010-02-11 00:23:34 -05:00
Andrew Lewman
dfbface39e clean up the documentation, break out sections for osx compiles. 2010-02-11 00:23:34 -05:00
Sebastian Hahn
fe18275563 Add Windows version detection for Vista and 7
Vista is Windows 6.0, and 7 is Windows 6.1. Fixes bug 1097.

Also fix a coding style violation.
2010-02-10 08:40:44 +01:00
Nick Mathewson
a4ef33a3f8 Add changelog for memcpy bug, with credit for "memcpyfail" 2010-02-09 13:08:49 -05:00
Nick Mathewson
a6a1b8b815 Merge remote branch 'origin/maint-0.2.1' 2010-02-09 12:58:25 -05:00
Nick Mathewson
a4065cd832 Merge remote branch 'sebastian/bug925' 2010-02-09 12:50:54 -05:00
Nick Mathewson
6dd71d314d Merge remote branch 'sebastian/bug1238' 2010-02-09 12:50:45 -05:00
Nick Mathewson
d784eecad9 Merge remote branch 'sebastian/exit-notice' 2010-02-09 12:47:38 -05:00
Nick Mathewson
c0d682686a Make tor_addr_copy() conform to memcpy requirements
The src and dest of a memcpy() call aren't supposed to overlap,
but we were sometimes calling tor_addr_copy() as a no-op.

Also, tor_addr_assign was a redundant copy of tor_addr_copy(); this patch
removes it.
2010-02-09 12:32:10 -05:00
Sebastian Hahn
253fd21ae1 Fix a whitespace violation 2010-02-09 09:10:07 +01:00
Sebastian Hahn
1e49c908f7 Speed up the execution of exit_policy_is_general_exit_helper()
It isn't necessary to walk through all possible subnets when the policy
we're looking at doesn't touch that subnet.
2010-02-09 09:10:07 +01:00
Sebastian Hahn
01030a4db2 Another unit test for exit_policy_is_general_exit() 2010-02-09 09:10:03 +01:00
Sebastian Hahn
0e0c31b1b8 Fix the path to the exit-notice file in torrc.sample
Also reword it slightly to reflect the fact that no packagers
ship the file.
2010-02-08 23:36:01 +01:00
Sebastian Hahn
20422cde2b 0/8 doesn't count as a /8 subnet towards an Exit flag 2010-02-08 16:46:22 +01:00
Sebastian Hahn
b2b99a70c0 Don't spam controllers with TOO_MANY_CONNECTIONS events
We implemented ratelimiting for warnings going into the logfile, but didn't
rate-limit controller events. Now both log warnings and controller events
are rate-limited.
2010-02-08 16:45:36 +01:00
Sebastian Hahn
a168cd2a54 Don't use gethostbyname() in resolve_my_address()
Tor has tor_lookup_hostname(), which prefers ipv4 addresses automatically.
Bug 1244 occured because gethostbyname() returned an ipv6 address, which
Tor cannot handle currently. Fixes bug 1244; bugfix on 0.0.2pre25.
Reported by Mike Mestnik.
2010-02-08 15:49:54 +01:00
Nick Mathewson
080e8f50f8 Merge commit 'origin/maint-0.2.1' 2010-02-07 22:34:08 -05:00
Sebastian Hahn
dfee173289 lookup_last_hid_serv_request() could overflow and leak memory
The problem was that we didn't allocate enough memory on 32-bit
platforms with 64-bit time_t. The memory leak occured every time
we fetched a hidden service descriptor we've fetched before.
2010-02-07 06:37:35 +01:00
Sebastian Hahn
c10c7c9d83 Fix building of RPMs. Patch by Erinn Clark. 2010-02-06 03:11:34 +01:00
Sebastian Hahn
30b6fe6e9b Another unit test for exit_policy_is_general_exit() 2010-02-04 00:06:56 +01:00
Sebastian Hahn
25ec240cc3 Call exit_policy_is_general_exit less
When calculating the is_exit flag for a routerinfo_t, we don't need
to call exit_policy_is_general_exit() if router_exit_policy_rejects_all()
tells us it definitely is an exit. This check is much cheaper than
running exit_policy_is_general_exit().
2010-02-04 00:06:56 +01:00
Sebastian Hahn
82a5fbafab New unit test, testing for b0red's exit policy 2010-02-04 00:06:56 +01:00
Nick Mathewson
7d5d4f9f03 When we've disabled .exit hostnames, actually reject them.
Previously we were treating them as decent hostnames and sending them
to the exit, which is completely wrong.
2010-02-03 15:59:15 -05:00
Nick Mathewson
ba0c9e5d03 Trivial doc fix for exit_policy_is_general_exit_helper
The original comment said what it did if there was at least one /8 that
allowed access to the port, but not what it did otherwise.
2010-02-03 00:12:31 -05:00
Sebastian Hahn
b5b8d9e156 Another new test for exit_policy_is_general_exit() 2010-02-03 05:45:29 +01:00
Sebastian Hahn
c54e33e442 New testcase for exit_policy_is_general_exit 2010-02-03 05:44:05 +01:00
Sebastian Hahn
03bd98b3b1 Don't assign Exit flag incorrectly
exit_policy_is_general_exit() assumed that there are no redundancies
in the passed policy, in the sense that we actively combine entries
in the policy to really get rid of any redundancy. Since we cannot
do that without massively rewriting the policy lines the relay
operators set, fix exit_policy_is_general_exit().

Fixes bug 1238, discovered by Martin Kowalczyk.
2010-02-03 05:44:00 +01:00
Nick Mathewson
c7a2efb380 Add a changelog entry for fixing bug 1237.
We don't have such an entry for 0.2.1.x, since bug 1237 never made it
into a released version of 0.2.1.x.
2010-02-02 16:22:12 -05:00
Nick Mathewson
1a2129e3f7 Merge remote branch 'origin/maint-0.2.1' 2010-02-02 16:21:17 -05:00
Nick Mathewson
f6ff14a82e Link libssl and libcrypto in the right order.
For most linking setups, this doesn't matter.  But for some setups, when
statically linking openssl, it does matter, since you need to link things
with dependencies before you link things they depend on.

Fix for bug 1237.
2010-02-02 16:12:45 -05:00
Nick Mathewson
3a8ad7bfd8 add a2x intermediate files to gitignore 2010-01-31 22:53:40 -05:00
Nick Mathewson
5314438799 Merge remote branch 'origin/maint-0.2.1' 2010-01-31 22:53:19 -05:00
Nick Mathewson
abd447f876 Revise OpenSSL fix to work with OpenSSL 1.0.0beta*
In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
they use it for something different.

For the ugly version, see my long comment in tortls.c
2010-01-31 22:48:29 -05:00
Nick Mathewson
445e95b129 Merge commit 'origin/maint-0.2.1'
Conflicts:
	src/common/tortls.c
2010-01-29 17:20:59 -05:00
Nick Mathewson
1744e447a1 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.

[backported]
2010-01-29 17:17:47 -05:00
Nick Mathewson
4905eaa38c Detect the correct versions of openssl for tls negotiation fix
Since it doesn't seem to hurt, we should use _both_ fixes whenever
we see OpenSSL 0.9.7L .. 0.9.8, or OpenSSL 0.9.8L..
2010-01-29 17:11:20 -05:00
Nick Mathewson
8d68e5c748 Decide whether to use SSL flags based on runtime OpenSSL version.
We need to do this because Apple doesn't update its dev-tools headers
when it updates its libraries in a security patch.  On the bright
side, this might get us out of shipping a statically linked OpenSSL on
OSX.

May fix bug 1225.
2010-01-29 17:02:17 -05:00
Nick Mathewson
f75f7322b9 Clarify a paragraph in prop 169. 2010-01-29 16:39:27 -05:00
Sebastian Hahn
e015fe8b09 Make sure docdir is defined when making doc/
Apparently some autoconf versions need this, while others don't.
This means documentation will be installed into share/doc/tor/.
2010-01-28 09:03:21 +01:00
Sebastian Hahn
32c1863a67 Fix building the tarball
This removes the Makefile.am from doc/design-paper and replaces it with
a static Makefile. We don't need to call it during the normal Tor build
process, as we don't need its targets normally. Keeping it around in
case we want to rebuild the pdf or ps files later.
2010-01-28 09:03:21 +01:00
Nick Mathewson
c5380d6064 The name for the proposal status of 151 is "finished", not "Implemented" 2010-01-28 00:04:45 -05:00
Nick Mathewson
380d00246b Proposal 169: Eliminate TLS renegotiation
I propose a backward-compatible change to the Tor connection
establishment protocol to avoid the use of TLS
renegotiation.

Rather than doing a TLS renegotiation to exchange
certificates and authenticate the original handshake, this
proposal takes an approach similar to Steven Murdoch's
proposal 124, and uses Tor cells to authenticate the
parties' identities once the initial TLS handshake is
finished.
2010-01-28 00:04:25 -05:00