Nick Mathewson
1789f94668
r15087@tombo: nickm | 2007-11-30 22:32:26 -0500
...
Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation. None of this is enabled unless you define V2_HANDSHAKE_SERVER.
svn:r12622
2007-12-01 08:09:46 +00:00
Nick Mathewson
d483d3144a
r16669@catbus: nickm | 2007-11-14 14:50:03 -0500
...
When we complete an OR handshake, set up all the internal fields and mark the connection as open.
svn:r12495
2007-11-14 20:01:12 +00:00
Nick Mathewson
0e993e6008
r16523@catbus: nickm | 2007-11-07 11:35:49 -0500
...
Improve "tls error. breaking" message a little.
svn:r12411
2007-11-07 16:37:08 +00:00
Roger Dingledine
7b826f8fe4
a note from steven about how to set up a private test network
...
without link encryption.
svn:r12410
2007-11-07 15:33:14 +00:00
Nick Mathewson
e047f7f865
r16455@catbus: nickm | 2007-11-06 12:48:00 -0500
...
Parse CERT cells and act correctly when we get them.
svn:r12396
2007-11-06 18:00:07 +00:00
Nick Mathewson
85654f4ab9
r16432@catbus: nickm | 2007-11-05 14:18:57 -0500
...
Send and parse link_auth cells properly.
svn:r12386
2007-11-05 19:19:46 +00:00
Nick Mathewson
12afd4777c
r16413@catbus: nickm | 2007-11-05 13:14:18 -0500
...
Add functions to encode certificates
svn:r12384
2007-11-05 18:15:54 +00:00
Nick Mathewson
323490303e
r16412@catbus: nickm | 2007-11-05 11:45:17 -0500
...
Make TLS contexts reference-counted, and add a reference from TLS objects to their corresponding context. This lets us reliably get the certificates for a given TLS connection, even if we have rotated TLS contexts.
svn:r12383
2007-11-05 18:15:52 +00:00
Nick Mathewson
ea1bea5830
r16411@catbus: nickm | 2007-11-05 11:27:37 -0500
...
Remember X509 certificates in the context. Store peer/self certificate digests in handshake state.
svn:r12382
2007-11-05 18:15:50 +00:00
Nick Mathewson
22c31d91ab
r16410@catbus: nickm | 2007-11-05 10:54:29 -0500
...
Code to remember client_random and server_random values, and to compute hmac using TLS master secret.
svn:r12381
2007-11-05 18:15:47 +00:00
Nick Mathewson
5da5d2bd79
r16302@catbus: nickm | 2007-10-31 16:45:16 -0400
...
Clean spaces.
svn:r12301
2007-10-31 20:48:10 +00:00
Nick Mathewson
7e80640b97
r16285@catbus: nickm | 2007-10-30 17:43:25 -0400
...
Implement (but do not enable) link connection version negotiation
svn:r12286
2007-10-30 21:46:02 +00:00
Nick Mathewson
7da93b80ca
r16159@catbus: nickm | 2007-10-25 12:53:38 -0400
...
Drop support for OpenSSL 0.9.6.
svn:r12191
2007-10-25 16:54:56 +00:00
Nick Mathewson
722c7bdff4
r15997@catbus: nickm | 2007-10-21 20:25:40 -0400
...
New code (disabled for now) to use the SSL context's cert store instead of using its "extra chain cert" list to get our identity certificate sent. This is a little close to what OpenSSL expects people to do, and it has the advantage that we should be able to keep the id cert from being sent by setting the NO_CHAIN_CERT bit. I have tried turning new code on, and it seemed to work fine.
svn:r12086
2007-10-22 00:26:02 +00:00
Nick Mathewson
759ed3ce3f
r13988@catbus: nickm | 2007-07-29 16:32:36 -0400
...
Cheesy attempt to break some censorware. Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them.
svn:r10975
2007-07-29 23:11:42 +00:00
Nick Mathewson
a312afd67e
r12936@catbus: nickm | 2007-05-24 14:12:34 -0400
...
Review XXXX comments without a version; upgrade some to XXXX020.
svn:r10315
2007-05-24 18:12:52 +00:00
Roger Dingledine
d112e7b1ad
fix some code comments, a wrapper, and add a todo item
...
svn:r10111
2007-05-04 07:24:01 +00:00
Nick Mathewson
6a27dd8284
r12595@catbus: nickm | 2007-04-30 18:32:34 -0400
...
Move private function declarations from crypto.c into a new #ifdef CRYPTO_PRIVATE block in crypto.h
svn:r10074
2007-04-30 22:42:50 +00:00
Nick Mathewson
d2893398f6
r11832@catbus: nickm | 2007-02-16 15:31:59 -0500
...
Fix 35 remaining DOCDOC comments. Yowza.
svn:r9596
2007-02-16 20:39:37 +00:00
Nick Mathewson
759c58151e
r11775@catbus: nickm | 2007-02-12 16:39:09 -0500
...
Update copyright dates.
svn:r9570
2007-02-12 21:39:53 +00:00
Nick Mathewson
0c40a080a4
r11773@catbus: nickm | 2007-02-12 15:18:48 -0500
...
Implement proposal 106: stop requiring clients to have certificates, and stop checking for nicknames in certificates. [See proposal 106 for rationale.] Also improve messages when checking TLS handshake, to re-resolve bug 382.
svn:r9568
2007-02-12 21:39:33 +00:00
Nick Mathewson
fefba95363
r11629@catbus: nickm | 2007-02-02 15:06:17 -0500
...
Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were. Oops. Hey, kids! Fixing some of these could be your first Tor patch!
svn:r9477
2007-02-02 20:06:43 +00:00
Nick Mathewson
76f896e714
r11607@catbus: nickm | 2007-01-30 17:19:27 -0500
...
Audit non-const char arguments; make a lot more of them const.
svn:r9466
2007-01-30 22:19:41 +00:00
Nick Mathewson
380f8983c7
r11966@Kushana: nickm | 2007-01-15 16:12:17 -0500
...
Tidy up ORCONN reason patch from Mike Perry. Changes: make some of the handling of TLS error codes less error prone. Enforce house style wrt spaces. Make it compile with --enable-gcc-warnings. Only set or_conn->tls_error in the case of an actual error. Add a changelog entry.
svn:r9355
2007-01-15 21:21:05 +00:00
Nick Mathewson
ead35ef944
r11957@Kushana: nickm | 2007-01-15 15:25:57 -0500
...
Patch from Mike Perry: Track reasons for OR connection failure; display them in control events. Needs review and revision.
svn:r9354
2007-01-15 21:13:37 +00:00
Roger Dingledine
254005fc1b
apparently i think of comments with no whitespace around them as
...
"read this if you don't understand the code and want some help."
which is not the same as "hey, you think you understand this code,
but you don't."
svn:r9307
2007-01-09 00:57:36 +00:00
Roger Dingledine
1d8a4cb989
Fix an assert error introduced in 0.1.2.5-alpha: if a single TLS
...
connection handles more than 4 gigs in either direction, we assert.
svn:r9306
2007-01-09 00:50:50 +00:00
Roger Dingledine
658c09c06f
more progress and cleanups
...
svn:r9269
2007-01-05 06:03:10 +00:00
Nick Mathewson
361998d0f3
r11741@Kushana: nickm | 2006-12-28 22:41:29 -0500
...
Count TLS bytes accurately: previously, we counted only the number of bytes read or transmitted via tls, not the number of extra bytes used to do so. This has been a lonstanding wart. The fix "Works for me".
svn:r9207
2006-12-29 03:42:46 +00:00
Nick Mathewson
43e06eba8b
r11566@Kushana: nickm | 2006-12-13 17:46:24 -0500
...
Try to fix an assert failure in new write limiting code: make buffers.c aware of previous "forced" write sizes from tortls.
svn:r9105
2006-12-13 22:46:42 +00:00
Nick Mathewson
f07f7a7a12
r8923@totoro: nickm | 2006-10-07 11:44:33 -0400
...
More doxygen comments
svn:r8637
2006-10-07 16:25:28 +00:00
Nick Mathewson
93beeac01d
Merge in some bsockets calls, all wrapped inside #if defined(USE_BSOCKETS)
...
svn:r8427
2006-09-19 20:41:31 +00:00
Nick Mathewson
c4ac4bcba3
r8696@Kushana: nickm | 2006-08-31 14:43:44 -0400
...
Try to appease some warnings with newer gccs that believe that ignoring a return value is okay, but casting a return value and then ignoring it is a sign of madness.
svn:r8312
2006-08-31 18:47:54 +00:00
Roger Dingledine
12cc290a7d
ok, i'm not allowed to say that there. oh well.
...
svn:r6720
2006-07-04 16:11:35 +00:00
Roger Dingledine
579849f600
fix a misleading function comment
...
svn:r6717
2006-07-04 15:52:22 +00:00
Roger Dingledine
5dc1e6f788
if we're the server-side of the tls and there are problems,
...
don't yell as loudly.
svn:r6716
2006-07-04 15:51:59 +00:00
Roger Dingledine
8cf45df230
and now the exciting part: there is now no such thing as doing
...
a client-only tls, that is, one with no certs.
svn:r6558
2006-06-07 06:21:11 +00:00
Roger Dingledine
0bfef523df
simplify the tortls api: we only support being a "server", that
...
is, even tor clients do the same sort of handshake.
this has been true for years, so it's best to get rid of the
stale code.
svn:r6557
2006-06-07 06:10:54 +00:00
Roger Dingledine
7512be0b65
looks like we missed a piece of the 0.1.1.9 paranoia code.
...
hopefully this change is a no-op.
svn:r6556
2006-06-07 02:57:23 +00:00
Roger Dingledine
7f611f4732
if we're a server and some peer has a broken tls certificate, don't
...
shout about it unless we want to hear about protocol violations.
svn:r6507
2006-05-26 16:32:16 +00:00
Roger Dingledine
67a885ecac
Claim a commonname of Tor, rather than TOR, in tls handshakes.
...
Maybe this will help us win the war of names.
svn:r6489
2006-05-24 00:21:55 +00:00
Nick Mathewson
5777ee0e1a
Add some functions to escape values from the network before sending them to the log. Use them everywhere except for routerinfo->plaftorm, routerinfo->contact_info, and rend*.c. (need sleep now)
...
svn:r6087
2006-03-05 09:50:26 +00:00
Roger Dingledine
6ce36ead42
Start the process of converting warn to log_warn and so on.
...
This is needed because Windows already has an err() that we
can't clobber. And we need to be able to make the log functions
a macro so we can print the function's name in the log entry.
svn:r6000
2006-02-13 08:01:59 +00:00
Roger Dingledine
5f051574d5
Happy new year!
...
svn:r5949
2006-02-09 05:46:49 +00:00
Nick Mathewson
241310bbac
Split 0119_PARANOIA into 0119_PARANOIA_[ABC]. A is "this is suspicious, and we have not tried running without this yet". B is "this is suspicious, but the last time we tested, it was okay." C is "How could this possibly be the cause?"
...
svn:r5840
2006-01-17 23:08:38 +00:00
Nick Mathewson
55ac4f032c
Add a (diabled by default) option in crypto.h to disable most of the interesting crypto-related changes made on 0.1.1.9. This will help hunt bug 234.
...
svn:r5777
2006-01-10 21:12:06 +00:00
Nick Mathewson
1af630d32c
Bite the bullet and limit all our source lines to 80 characters, the way IBM intended.
...
svn:r5582
2005-12-14 20:40:40 +00:00
Nick Mathewson
e022aa73e6
Hm; looks like the callback business was unnecessary, since DHparams_dup() copies dh->length.
...
svn:r5372
2005-11-14 21:17:38 +00:00
Nick Mathewson
027d0ef18c
Use a callback to set our DH parameters; set SSL_OP_SINGLE_DH_USE.
...
svn:r5371
2005-11-14 19:20:47 +00:00
Nick Mathewson
932106f54c
Efficiency hack: call tor_fix_source_file late, not early. Add "BUG" domain. Domains are now bitmasks... just in case. Make some err msgs non-general.
...
svn:r5309
2005-10-25 07:05:03 +00:00