Nick Mathewson
f1de329e78
Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
...
Conflicts:
src/common/test.h
src/or/test.c
2011-01-03 11:51:17 -05:00
Nick Mathewson
1a07348a50
Bump copyright statements to 2011
2011-01-03 11:50:39 -05:00
Nick Mathewson
d238d8386f
Add a testing-only option to use bufferevent_openssl as a filter
...
We need filtering bufferevent_openssl so that we can wrap around
IOCP bufferevents on Windows. This patch adds a temporary option to
turn on filtering mode, so that we can test it out on non-IOCP
systems to make sure it hasn't got any surprising bugs.
It also fixes some allocation/teardown errors in using
bufferevent_openssl as a filter.
2010-11-09 15:36:27 -05:00
Nick Mathewson
17fdde3d92
Merge remote branch 'origin/maint-0.2.2'
...
Conflicts:
src/common/tortls.c
2010-10-21 16:23:01 -04:00
Nick Mathewson
fbacbf9fd9
Set OpenSSL 0.9.8l renegotiation flag early enough for bufferevents
...
This seems to fix another case of bug2001.
2010-10-12 14:52:33 -04:00
Nick Mathewson
a9172c87be
Actually call connection_tls_finish_handshake() with bufferevents
...
First start of a fix for bug2001, but my test network still isn't
working: the client and the server send each other VERSIONS cells,
but never notice that they got them.
2010-10-12 14:52:33 -04:00
Nick Mathewson
8ecb5abbe1
Add header for tor_tls_log_one_error
2010-10-11 13:26:57 -04:00
Robert Ransom
17efbe031d
Maintain separate server and client TLS contexts.
...
Fixes bug #988 .
2010-10-04 21:51:47 -07:00
Robert Ransom
d3879dbd16
Refactor tor_tls_context_new:
...
* Make tor_tls_context_new internal to tortls.c, and return the new
tor_tls_context_t from it.
* Add a public tor_tls_context_init wrapper function to replace it.
2010-10-04 17:57:29 -07:00
Nick Mathewson
6950749c0a
Make the bufferevent code use the renegotiation-reenabling hack
2010-09-27 16:07:14 -04:00
Nick Mathewson
a16ed90ec8
Document and/or fix stuff found by Sebastian in code review
...
Thanks to Sebastian for his code-review of the bufferevents patch series.x
2010-09-27 14:22:18 -04:00
Nick Mathewson
bd3612cd2b
Get SSL connections and linked connections working with bufferevents.
...
Clients are now verified to work and build circuits correctly. There
are still a few warnings given here and there that I need to look into.
2010-09-27 12:31:14 -04:00
Nick Mathewson
c3e63483b2
Update Tor Project copyright years
2010-02-27 17:14:21 -05:00
Nick Mathewson
ce0a89e262
Make Tor work with OpenSSL 0.9.8l
...
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default. We are not affected by this security problem, however,
since we do renegotiation right. (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.
Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.
For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done. There's no way to exploit a second handshake
either, but we might as well not allow it.
2009-11-05 18:13:08 -05:00
Sebastian Hahn
aea9cf1011
Fix compile warnings on Snow Leopard
...
Big thanks to nickm and arma for helping me with this!
2009-09-01 18:36:27 +02:00
Karsten Loesing
9b32e8c141
Update copyright to 2009.
2009-05-04 11:28:27 -04:00
Nick Mathewson
c4b8fef362
Remove svn $Id$s from our source, and remove tor --version --version.
...
The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed. They were not actually useful for
telling the version of Tor files in the wild.
svn:r17867
2009-01-04 00:35:51 +00:00
Nick Mathewson
e8a3fa91a6
Use a consistent naming standard for header file guard macros, taking care not to collide with any system headers. This tripped us up on Android.
...
svn:r17805
2008-12-29 02:21:02 +00:00
Nick Mathewson
122170c1d3
Downlgrade tweak, and answer lots of XXX021s. No actual code fixes in this patch.
...
svn:r17686
2008-12-18 16:11:24 +00:00
Nick Mathewson
6693f32530
Resolve many DOCDOCs.
...
svn:r17662
2008-12-17 22:58:20 +00:00
Nick Mathewson
b927ede48c
r15161@31-33-107: nickm | 2008-04-10 11:11:58 -0400
...
Make dumpstats() log the size and fullness of openssl-internal buffers, so I can test my hypothesis that many of them are empty, and my alternative hypothesis that many of them are mostly empty, against the null hypothesis that we really need to be burning 32K per open OR connection on this.
svn:r14350
2008-04-10 15:12:24 +00:00
Nick Mathewson
e2f25558b9
r14362@31-33-219: nickm | 2008-02-21 11:01:10 -0500
...
Change some of our log messages related to closed TLS connections in order to better reflect reality.
svn:r13657
2008-02-21 16:11:58 +00:00
Nick Mathewson
4ccffd7aea
r18218@catbus: nickm | 2008-02-19 17:27:40 -0500
...
When SafeLogging is off, have TLS errors and messages logged with their associated addresses.
svn:r13591
2008-02-19 22:27:44 +00:00
Nick Mathewson
f3eaeb99a3
r18051@catbus: nickm | 2008-02-12 15:20:43 -0500
...
Re-tune mempool parametes based on testing on peacetime: use smaller chuncks, free them a little more aggressively, and try very hard to concentrate allocations on fuller chunks. Also, lots of new documentation.
svn:r13484
2008-02-12 20:20:52 +00:00
Nick Mathewson
de827f89df
r14062@tombo: nickm | 2008-02-08 15:17:07 -0500
...
Change DNs in x509 certificates to be harder to fingerprint. Raise common code. Refactor random hostname generation into crypto.c
svn:r13429
2008-02-08 21:13:12 +00:00
Nick Mathewson
842a33ff20
Update some copyright notices: it is now 2008.
...
svn:r13412
2008-02-07 05:31:47 +00:00
Nick Mathewson
46b1a21dc4
r17955@catbus: nickm | 2008-02-06 16:53:07 -0500
...
The SSL portion of the revised handshake now seems to work: I just finally got a client and a server to negotiate versions. Now to make sure certificate verification is really happening, connections are getting opened, etc.
svn:r13409
2008-02-06 21:53:13 +00:00
Nick Mathewson
a869574c56
r17947@catbus: nickm | 2008-02-06 11:57:53 -0500
...
Fix a bunch of DOCDOC items; document the --quiet flag; refactor a couple of XXXX020 items.
svn:r13405
2008-02-06 16:58:05 +00:00
Nick Mathewson
9c7eaa7a9d
r17918@catbus: nickm | 2008-02-05 16:39:17 -0500
...
Remove a few #if-0d items.
svn:r13392
2008-02-05 21:39:56 +00:00
Nick Mathewson
a51deb9a9c
r17903@catbus: nickm | 2008-02-05 14:40:03 -0500
...
Remove some dead code; fix some XXX020s; turn some XXX020s into XXXX_IP6s (i.e., "needs to be fixed when we add ipv6 support").
svn:r13382
2008-02-05 19:40:26 +00:00
Roger Dingledine
1d8a8063b9
clean up copyrights, and assign 2007 copyrights to The Tor Project, Inc
...
svn:r12786
2007-12-12 21:09:01 +00:00
Nick Mathewson
d8ad247dfd
r15088@tombo: nickm | 2007-11-30 23:47:29 -0500
...
Add support to get a callback invoked when the client renegotiate a connection. Also, make clients renegotiate. (not enabled yet, until they detect that the server acted like a v2 server)
svn:r12623
2007-12-01 08:09:48 +00:00
Nick Mathewson
1789f94668
r15087@tombo: nickm | 2007-11-30 22:32:26 -0500
...
Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation. None of this is enabled unless you define V2_HANDSHAKE_SERVER.
svn:r12622
2007-12-01 08:09:46 +00:00
Nick Mathewson
d483d3144a
r16669@catbus: nickm | 2007-11-14 14:50:03 -0500
...
When we complete an OR handshake, set up all the internal fields and mark the connection as open.
svn:r12495
2007-11-14 20:01:12 +00:00
Nick Mathewson
0e993e6008
r16523@catbus: nickm | 2007-11-07 11:35:49 -0500
...
Improve "tls error. breaking" message a little.
svn:r12411
2007-11-07 16:37:08 +00:00
Nick Mathewson
e047f7f865
r16455@catbus: nickm | 2007-11-06 12:48:00 -0500
...
Parse CERT cells and act correctly when we get them.
svn:r12396
2007-11-06 18:00:07 +00:00
Nick Mathewson
85654f4ab9
r16432@catbus: nickm | 2007-11-05 14:18:57 -0500
...
Send and parse link_auth cells properly.
svn:r12386
2007-11-05 19:19:46 +00:00
Nick Mathewson
12afd4777c
r16413@catbus: nickm | 2007-11-05 13:14:18 -0500
...
Add functions to encode certificates
svn:r12384
2007-11-05 18:15:54 +00:00
Nick Mathewson
ea1bea5830
r16411@catbus: nickm | 2007-11-05 11:27:37 -0500
...
Remember X509 certificates in the context. Store peer/self certificate digests in handshake state.
svn:r12382
2007-11-05 18:15:50 +00:00
Nick Mathewson
22c31d91ab
r16410@catbus: nickm | 2007-11-05 10:54:29 -0500
...
Code to remember client_random and server_random values, and to compute hmac using TLS master secret.
svn:r12381
2007-11-05 18:15:47 +00:00
Nick Mathewson
7e80640b97
r16285@catbus: nickm | 2007-10-30 17:43:25 -0400
...
Implement (but do not enable) link connection version negotiation
svn:r12286
2007-10-30 21:46:02 +00:00
Nick Mathewson
3fc04529d4
r14093@catbus: nickm | 2007-08-08 01:49:54 -0400
...
Include fewer redundant headers; use the compiler search paths better.
svn:r11060
2007-08-08 05:50:31 +00:00
Nick Mathewson
759c58151e
r11775@catbus: nickm | 2007-02-12 16:39:09 -0500
...
Update copyright dates.
svn:r9570
2007-02-12 21:39:53 +00:00
Nick Mathewson
fefba95363
r11629@catbus: nickm | 2007-02-02 15:06:17 -0500
...
Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were. Oops. Hey, kids! Fixing some of these could be your first Tor patch!
svn:r9477
2007-02-02 20:06:43 +00:00
Nick Mathewson
76f896e714
r11607@catbus: nickm | 2007-01-30 17:19:27 -0500
...
Audit non-const char arguments; make a lot more of them const.
svn:r9466
2007-01-30 22:19:41 +00:00
Nick Mathewson
380f8983c7
r11966@Kushana: nickm | 2007-01-15 16:12:17 -0500
...
Tidy up ORCONN reason patch from Mike Perry. Changes: make some of the handling of TLS error codes less error prone. Enforce house style wrt spaces. Make it compile with --enable-gcc-warnings. Only set or_conn->tls_error in the case of an actual error. Add a changelog entry.
svn:r9355
2007-01-15 21:21:05 +00:00
Nick Mathewson
ead35ef944
r11957@Kushana: nickm | 2007-01-15 15:25:57 -0500
...
Patch from Mike Perry: Track reasons for OR connection failure; display them in control events. Needs review and revision.
svn:r9354
2007-01-15 21:13:37 +00:00
Nick Mathewson
361998d0f3
r11741@Kushana: nickm | 2006-12-28 22:41:29 -0500
...
Count TLS bytes accurately: previously, we counted only the number of bytes read or transmitted via tls, not the number of extra bytes used to do so. This has been a lonstanding wart. The fix "Works for me".
svn:r9207
2006-12-29 03:42:46 +00:00
Nick Mathewson
43e06eba8b
r11566@Kushana: nickm | 2006-12-13 17:46:24 -0500
...
Try to fix an assert failure in new write limiting code: make buffers.c aware of previous "forced" write sizes from tortls.
svn:r9105
2006-12-13 22:46:42 +00:00
Roger Dingledine
8cf45df230
and now the exciting part: there is now no such thing as doing
...
a client-only tls, that is, one with no certs.
svn:r6558
2006-06-07 06:21:11 +00:00
Roger Dingledine
0bfef523df
simplify the tortls api: we only support being a "server", that
...
is, even tor clients do the same sort of handshake.
this has been true for years, so it's best to get rid of the
stale code.
svn:r6557
2006-06-07 06:10:54 +00:00
Roger Dingledine
7f611f4732
if we're a server and some peer has a broken tls certificate, don't
...
shout about it unless we want to hear about protocol violations.
svn:r6507
2006-05-26 16:32:16 +00:00
Roger Dingledine
5f051574d5
Happy new year!
...
svn:r5949
2006-02-09 05:46:49 +00:00
Nick Mathewson
932106f54c
Efficiency hack: call tor_fix_source_file late, not early. Add "BUG" domain. Domains are now bitmasks... just in case. Make some err msgs non-general.
...
svn:r5309
2005-10-25 07:05:03 +00:00
Roger Dingledine
03dcef4c78
start the process of reducing clutter in server logs
...
svn:r5253
2005-10-17 00:35:53 +00:00
Nick Mathewson
ba24193ab5
Make doxygen marginally happier
...
svn:r5208
2005-10-06 04:33:40 +00:00
Nick Mathewson
0831823763
Change end-of-file NLNL convention. It turns out arma I and I agree.
...
svn:r4382
2005-06-09 19:03:31 +00:00
Nick Mathewson
a6f51001a5
New whitespace normalization rule: no blank line at EOF.
...
svn:r4378
2005-06-09 16:46:51 +00:00
Nick Mathewson
5827e2e216
Fix "JAP-client" hideous ASN1 bug, twice. (Fix1: check more thoroughly for TLS errors when handling certs. Fix2: stop assert(0)ing on uncaught TLS errors.)
...
svn:r4085
2005-04-23 14:26:02 +00:00
Nick Mathewson
0e81265359
update copyright notices.
...
svn:r3982
2005-04-01 20:15:56 +00:00
Roger Dingledine
4a82ac12b8
add a tor_tls_is_server method to remember if conn->tls
...
was an initiator or a receiver
svn:r3931
2005-03-31 07:46:38 +00:00
Nick Mathewson
5d836c8140
Free tls resources on exit too
...
svn:r3615
2005-02-11 01:41:19 +00:00
Nick Mathewson
32978afa54
Workaround for brain-damaged __FILE__ handling on MSVC: keep Nick's name out
...
of the warning messages.
svn:r3199
2004-12-22 02:32:26 +00:00
Nick Mathewson
7fbd297532
Suggestion from weasel: Make tor --version --version dump the cvs Id of every file.
...
svn:r3019
2004-11-29 22:25:31 +00:00
Roger Dingledine
7c9a707900
remove emacs droppings, since nick says he doesn't need them anymore
...
svn:r2989
2004-11-26 04:00:55 +00:00
Nick Mathewson
ffe9b01ad7
Split X509 certificate liveness checks into a separate function
...
svn:r2873
2004-11-14 22:07:48 +00:00
Roger Dingledine
5f4a390b33
oh, and some more in common/
...
svn:r2483
2004-10-14 02:48:57 +00:00
Nick Mathewson
38d8e36919
Make tor_tls_new variant use alternative (certless) context
...
svn:r2096
2004-07-22 04:53:34 +00:00
Nick Mathewson
334de84cbe
Misc small code cleanups; remove exit_server_mode(); change tor_tls_verify behavior
...
svn:r2073
2004-07-21 00:44:04 +00:00
Roger Dingledine
5dd9e60231
doxygen markup for common/*.h
...
svn:r1840
2004-05-10 07:54:13 +00:00
Nick Mathewson
908ccb9dcd
Handle windows socket errors correctly; comment most of common.
...
svn:r1756
2004-05-01 20:46:28 +00:00
Nick Mathewson
d6d4b93863
Remove spurious semi
...
svn:r1724
2004-04-26 23:01:15 +00:00
Nick Mathewson
ad07c62938
Add a macro to catch unhandled openssl errors.
...
svn:r1723
2004-04-26 23:00:07 +00:00
Nick Mathewson
c44016e86e
Merge flagday into main branch.
...
svn:r1683
2004-04-24 22:17:50 +00:00
Nick Mathewson
257d509b91
Document stuff, reduce magic numbers, add emacs magic
...
svn:r1502
2004-04-06 03:44:36 +00:00
Nick Mathewson
793c65e60f
Note discrepency between N bytes transmitted over TLS and actual bandwidth use; add 2 functions to help resolve.
...
svn:r986
2004-01-13 01:19:02 +00:00
Nick Mathewson
0ec2a34a1d
Code to get nicknames from peer certs
...
svn:r627
2003-10-19 00:46:51 +00:00
Roger Dingledine
677707433e
shift read_file_to_str() into util.c
...
svn:r504
2003-09-28 06:47:29 +00:00
Nick Mathewson
798bb6ab3b
Add function to wrap SSL_pending
...
svn:r501
2003-09-27 20:07:40 +00:00
Nick Mathewson
3d4ccb781a
Refactor buffers; implement descriptors.
...
'buf_t' is now an opaque type defined in buffers.c .
Router descriptors now include all keys; routers generate keys as
needed on startup (in a newly defined "data directory"), and generate
their own descriptors. Descriptors are now self-signed.
Implementation is not complete: descriptors are never published; and
upon receiving a descriptor, the directory doesn't do anything with
it.
At least "routers.or" and orkeygen are now obsolete, BTW.
svn:r483
2003-09-25 05:17:11 +00:00
Nick Mathewson
e22b271895
Add certificate verification functions
...
svn:r438
2003-09-10 00:47:39 +00:00
Nick Mathewson
67697d5ab1
Add prototypes for functions to check whether the peer certificate is
...
valid (if it is present); and to get a public key from a peer
certificate (in order to identify the peer).
svn:r436
2003-09-10 00:10:37 +00:00
Roger Dingledine
1a9b5f9de9
another wishlist function for the tls interface
...
svn:r433
2003-09-08 10:46:19 +00:00
Roger Dingledine
ace475f01c
hide the global tls context inside tortls.c
...
svn:r431
2003-09-08 06:22:19 +00:00
Nick Mathewson
fd20011c26
Add initial interfaces and code for TLS support. Interfaces are right; code needs work and testing.
...
svn:r424
2003-09-04 16:05:08 +00:00