Nick Mathewson
b7f3d52865
Use SSL_CIPHER accessor functions
2015-05-20 15:27:36 -04:00
Nick Mathewson
f8f407d66a
Now that OpenSSL 0.9.8 is dead, crypto_seed_rng() needs no args
...
It needed an argument before because it wasn't safe to call
RAND_poll() on openssl 0.9.8c if you had already opened more fds
than would fit in fd_set.
2015-05-20 15:27:36 -04:00
Nick Mathewson
496df21c89
Use SSL_CIPHER_find where possible.
2015-05-20 15:27:36 -04:00
Nick Mathewson
971f0f8e18
Remove code to support OpenSSL 0.9.8
2015-05-20 15:27:36 -04:00
Nick Mathewson
67964cfa78
Try using SSL_get_ciphers in place of session->ciphers
...
This should help openssl 1.1. On pre-1.1, we double-check that these
two methods give us the same list, since the underlying code is awfully
hairy.
2015-05-20 15:27:36 -04:00
Nick Mathewson
2f7c9b6ecb
Tweak rectify_client_ciphers to work with openssl 1.1
...
The key here is to never touch ssl->cipher_list directly, but only
via SSL_get_ciphers(). But it's not so simple.
See, if there is no specialized cipher_list on the SSL object,
SSL_get_ciphers returns the cipher_list on the SSL_CTX. But we sure
don't want to modify that one! So we need to use
SSL_set_cipher_list first to make sure that we really have a cipher
list on the SSL object.
2015-05-20 15:27:36 -04:00
Yawning Angel
712bf06978
Add support for 'HiddenServiceMaxStream' to 'ADD_ONION'.
...
Done as a separate commit to ease backporting the tunables to 0.2.6.x.
2015-05-20 17:41:27 +00:00
Yawning Angel
db7bde08be
Add "HiddenServiceMaxStreams" as a per-HS tunable.
...
When set, this limits the maximum number of simultaneous streams per
rendezvous circuit on the server side of a HS, with further RELAY_BEGIN
cells being silently ignored.
This can be modified via "HiddenServiceMaxStreamsCloseCircuit", which
if set will cause offending rendezvous circuits to be torn down instead.
Addresses part of #16052 .
2015-05-20 17:33:59 +00:00
Nick Mathewson
32bd533dda
Merge remote-tracking branch 'origin/maint-0.2.6'
2015-05-19 14:59:39 -04:00
Nick Mathewson
b3a225fb13
Bump maint-0.2.6 to 0.2.6.8
2015-05-19 14:48:09 -04:00
Nick Mathewson
d5e4a63436
Fix some compilation warnings
2015-05-18 15:57:21 -04:00
Nick Mathewson
2308f917f9
Merge remote-tracking branch 'andrea/ticket15358_squashed_2'
2015-05-18 14:44:28 -04:00
Nick Mathewson
0d3b3a4a23
Merge remote-tracking branch 'special/bug16060'
2015-05-18 11:56:16 -04:00
Nick Mathewson
cc1943bf6e
Merge remote-tracking branch 'dgoulet/bug16021_027_01'
2015-05-18 11:29:50 -04:00
cypherpunks
b54626fd11
Silence two make rules
2015-05-18 11:29:07 -04:00
Andrea Shepard
79f7721a7e
Changes file for ticket 15358
2015-05-17 13:58:05 +00:00
Andrea Shepard
4cbc9c5313
Add GETINFO network-liveness to control protocol
2015-05-17 13:42:57 +00:00
Andrea Shepard
dce9e915c7
Implement EVENT_NETWORK_LIVENESS
2015-05-17 13:42:57 +00:00
John Brooks
6f9e90101e
Fix crash on HUP with mixed ephemeral services
...
Ephemeral services will be listed in rend_services_list at the end of
rend_config_services, so it must check whether directory is non-NULL
before comparing.
This crash happens when reloading config on a tor with mixed configured
and ephemeral services.
Fixes bug #16060 . Bugfix on 0.2.7.1-alpha.
2015-05-16 20:01:38 -06:00
David Goulet
a324d7e8e1
Test: add unit test for rend_data_t object and functions
...
Closes #16021
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 12:08:54 -04:00
David Goulet
2aaaf7b145
Fix: init HSDirs list in rend_data_service_create
...
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 11:09:02 -04:00
Nick Mathewson
d05d21c89a
Merge branch 'bug15880_027_03'
2015-05-14 10:46:45 -04:00
David Goulet
acfa374048
Test: fix HS_DESC to expect descriptor ID
...
With #15881 implemented, this adds the missing descriptor ID at the end of
the expected control message.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:46:38 -04:00
David Goulet
c1ffeadff4
Add missing descriptor ID to HS_DESC control event
...
For FAILED and RECEIVED action of the HS_DESC event, we now sends back the
descriptor ID at the end like specified in the control-spec section 4.1.25.
Fixes #15881
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:46:38 -04:00
David Goulet
6346d73b8e
Fix rend_config_services() indentation
...
Not sure what happened but whitespace gone wild! :)
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:27:04 -04:00
David Goulet
b6e7b57d9a
Use safe_str_client() for service ID in log
...
Scrub the service ID in a warning log.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:26:57 -04:00
Nick Mathewson
d55db221e8
tor_tls_get_buffer_sizes() will not work on openssl 1.1. Patch from yawning
2015-05-13 12:12:53 -04:00
Nick Mathewson
34451c7a45
Use SSL_state() to inspect the state of SSL objects.
2015-05-13 11:34:10 -04:00
Nick Mathewson
22da5001b5
Use SSL_clear_mode where available.
2015-05-13 11:24:47 -04:00
Nick Mathewson
92b297bb58
SSL_clear_mode exists; we can use it.
2015-05-13 11:21:38 -04:00
Nick Mathewson
fa63f991c0
Stop accessing 'ssl->s3->flags' when we are using openssl 1.1
...
This field was only needed to work with the now-long-gone (I hope,
except for some horrible apples) openssl 0.9.8l; if your headers say
you have openssl 1.1, you won't even need it.
2015-05-13 11:19:19 -04:00
Yawning Angel
53a347592a
ERR_remove_state() is deprecated since OpenSSL 1.0.0.
...
OpenSSL 1.1.0 must be built with "enable-deprecated", and compiled with
`OPENSSL_USE_DEPRECATED` for this to work, so instead, use the newer
routine as appropriate.
2015-05-13 11:13:07 -04:00
Nick Mathewson
113dc51020
Merge remote-tracking branch 'origin/maint-0.2.6'
2015-05-13 11:06:10 -04:00
Nick Mathewson
614d9bc967
Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6
2015-05-13 11:05:33 -04:00
Nick Mathewson
b76314d3a1
Merge remote-tracking branch 'origin/maint-0.2.5'
2015-05-13 11:04:17 -04:00
Nick Mathewson
8aa04408fb
Merge branch 'bug15823_025' into maint-0.2.5
2015-05-13 11:03:05 -04:00
Nick Mathewson
95a9920461
Bump version to 0.2.7.1-alpha-dev
2015-05-12 11:54:06 -04:00
Nick Mathewson
df76da0f3b
Add a .dummy file in the changes directory to stop git from removing it
2015-05-11 11:41:48 -04:00
Nick Mathewson
2b441e25bc
comment patch from dgoulet that was in my inbox too long
2015-05-11 11:32:00 -04:00
Nick Mathewson
ece23da3ae
reflow changelog.
2015-05-11 11:18:17 -04:00
Nick Mathewson
424c68e3cb
Tweak spelling and word choice in changelog
2015-05-11 11:17:49 -04:00
Nick Mathewson
101fc13b99
Bump version to 0.2.7.1-alpha. (This is not the release yet.)
2015-05-11 10:10:29 -04:00
Nick Mathewson
1423040aa1
Intro blurb for 0.2.7.1-alpha
2015-05-11 09:46:28 -04:00
Nick Mathewson
d417870b27
Tweak changelog more.
2015-05-11 09:42:41 -04:00
Donncha O'Cearbhaill
4fc21e8dbc
Fix segfault in HSPOST command introduce with feature #3523
...
Checking if node->rs->is_hs_dir when the router_status for the node does
not exist results in a segfault. This bug is not in any released Tor.
2015-05-08 10:16:44 +01:00
Nick Mathewson
e086db7952
Merge branch 'writing_tests'
2015-05-07 15:29:56 -04:00
Nick Mathewson
79e85313aa
Write the outlines of a WritingTests.txt document
...
Also, add some sample tests to be examples.
2015-05-07 15:29:16 -04:00
Nick Mathewson
a2a6a19db1
Tweak changelog entries a bit
2015-05-05 18:24:19 -04:00
Nick Mathewson
993b4b8918
Fix a bug in format_changelog, in a silly way
2015-05-05 18:23:56 -04:00
Nick Mathewson
b0ea36d779
Merge remote-tracking branch 'public/bug15821_025'
2015-05-05 15:06:57 -04:00