nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 21:53:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,387 Commits 53 Branches 630 Tags 125 MiB
3737566465
Commit Graph

66 Commits

Author SHA1 Message Date
Roger Dingledine
5f4a390b33 oh, and some more in common/ 
svn:r2483
 2004-10-14 02:48:57 +00:00
Roger Dingledine
f91c552af7 fix a seg fault on solaris 
svn:r2313
 2004-08-25 17:37:00 +00:00
Roger Dingledine
3aaba3b16e tell the user what time _they_ are too, when a cert is expired 
svn:r2114
 2004-07-22 23:06:28 +00:00
Nick Mathewson
38d8e36919 Make tor_tls_new variant use alternative (certless) context 
svn:r2096
 2004-07-22 04:53:34 +00:00
Roger Dingledine
cdb98cf04a fix our tls handshake chain cert bug 
svn:r2086
 2004-07-21 22:11:11 +00:00
Nick Mathewson
c83f0e948f Log certificate lifetime on failure. 
svn:r2083
 2004-07-21 17:59:24 +00:00
Nick Mathewson
2d514037b7 Log number of certs in wrong-length chains 
svn:r2078
 2004-07-21 03:32:56 +00:00
Nick Mathewson
334de84cbe Misc small code cleanups; remove exit_server_mode(); change tor_tls_verify behavior 
svn:r2073
 2004-07-21 00:44:04 +00:00
Roger Dingledine
19deb93c29 more useful warning messages 
(fixed because the old ones confused a user)


svn:r2055
 2004-07-19 19:49:03 +00:00
Nick Mathewson
7511fbf993 Resolve some XXXs 
svn:r1889
 2004-05-18 15:35:21 +00:00
Roger Dingledine
3cdf2d67da it's amazing what a bit of punctuation can do for appearances 
svn:r1843
 2004-05-10 10:27:54 +00:00
Nick Mathewson
c0ea93337d Doxygenate common. 
svn:r1829
 2004-05-10 03:53:24 +00:00
Nick Mathewson
af08c4f878 Working strerror for windows socket errors, plus some snide comments. 
svn:r1775
 2004-05-02 20:18:21 +00:00
Roger Dingledine
1558fb7650 some patches on the patches 
svn:r1761
 2004-05-01 23:29:20 +00:00
Nick Mathewson
908ccb9dcd Handle windows socket errors correctly; comment most of common. 
svn:r1756
 2004-05-01 20:46:28 +00:00
Nick Mathewson
873564ea9c Some versions of openssl have an SSL_pending function that erroneously 
returns bytes when there is a non-application record pending.

I have no idea when/why this would even happen, but let's catch it and
make sure tor_tls_get_pending_bytes stays correct.


svn:r1727
 2004-04-26 23:19:21 +00:00
Nick Mathewson
ad07c62938 Add a macro to catch unhandled openssl errors. 
svn:r1723
 2004-04-26 23:00:07 +00:00
Roger Dingledine
719bb5c0f3 log debug so nick can see it too 
svn:r1721
 2004-04-26 22:22:11 +00:00
Nick Mathewson
337f7a981f Include strerror(errno) with tls syscall errors 
svn:r1718
 2004-04-26 18:11:58 +00:00
Nick Mathewson
b410dff6c0 Log pending TLS errors in a couple more places, in case they are possible. 
svn:r1716
 2004-04-26 16:52:47 +00:00
Nick Mathewson
0355d29e12 Call tls_log_errors at a more appropriate location; we can remove the other calls in tor_tls_verify once we are sure they never happen. 
svn:r1709
 2004-04-26 03:09:17 +00:00
Nick Mathewson
cb465160da Very blunt debugging code: log pending errors at start and end of tor_tls_verify 
svn:r1707
 2004-04-26 02:33:12 +00:00
Roger Dingledine
37192bd25e use tor_assert and PUBLIC_KEY_OK 
but don't use tor_assert inside log.c, to avoid loops


svn:r1696
 2004-04-25 19:59:38 +00:00
Nick Mathewson
c44016e86e Merge flagday into main branch. 
svn:r1683
 2004-04-24 22:17:50 +00:00
Roger Dingledine
4d380ea902 quiet a -l info that should be -l debug 
svn:r1634
 2004-04-15 22:08:37 +00:00
Roger Dingledine
47488fa525 allow 90 minutes of clock skew, not 30 
svn:r1544
 2004-04-08 01:08:56 +00:00
Nick Mathewson
257d509b91 Document stuff, reduce magic numbers, add emacs magic 
svn:r1502
 2004-04-06 03:44:36 +00:00
Nick Mathewson
b3c2b62a14 Make "common" no longer depend on or.h 
svn:r1466
 2004-04-03 04:05:12 +00:00
Nick Mathewson
137b577bbd Refactor the heck out of crypto interface: admit that we will stick with one ciphersuite at a time, make const things const, and stop putting openssl in the headers. 
svn:r1458
 2004-04-03 02:40:30 +00:00
Nick Mathewson
2da54de968 Make tor build on windows again. More work still needed 
svn:r1247
 2004-03-09 22:01:17 +00:00
Roger Dingledine
5cf0b6224b bugfix: stop trying to write to a stderr that may not be there 
also, tell start_daemon our desired cwd


svn:r1170
 2004-02-28 23:21:29 +00:00
Roger Dingledine
c12a6f58b5 fix typo 
svn:r1007
 2004-01-20 02:14:12 +00:00
Nick Mathewson
793c65e60f Note discrepency between N bytes transmitted over TLS and actual bandwidth use; add 2 functions to help resolve. 
svn:r986
 2004-01-13 01:19:02 +00:00
Roger Dingledine
eb730c41c8 clean tabs, trailing whitespace 
svn:r952
 2003-12-17 21:14:13 +00:00
Nick Mathewson
dd16a9abcb Stop leaking X509 certs; those things are _nasty_ on the carpet 
svn:r833
 2003-11-18 06:52:25 +00:00
Roger Dingledine
3d19a9b514 fix a bug in handling clock skew 
svn:r785
 2003-11-11 04:08:30 +00:00
Nick Mathewson
71e5ad714b resolve warning 
svn:r664
 2003-10-23 14:27:53 +00:00
Nick Mathewson
6b79d8a7e9 Two-pronged attack at my overzealous skew fixes. 
The problem was that the fixes had us generating TLS certs with a
2-day lifetime on the assumption that we'd rotate fairly often.  In
fact, we never rotate our TLS keys.

This patch fixes the situation in 2 ways:
   1. It bumps the default lifetime back up to one year until we get
      rotation in place.
   2. It changes tor_tls_context_new() so that it doesn't leak memory
      when you call it more than once.


svn:r663
 2003-10-23 14:20:51 +00:00
Nick Mathewson
7604cfe61b Clock skew fixes. 
Allow some slop (currently 3 minutes) when checking certificate validity.

Change certificate lifetime from 1 year to 2 days.  Since we
regenerate regularly (we regenerate regularly, right??), this
shouldn't be a problem.

Have directories reject descriptors published too far in the future
(currently 30 minutes).  If dirservs don't do this:
    0) Today is January 1, 2000.
    1) A very skewed server publishes descriptor X with a declared
       publication time of August 1, 2000.
    2) The directory includes X.
    3) Because of certificate lifetime issues, nobody can use the
       skewed server.
    4) The server fixes its skew, and goes to republish a new descriptor Y
       with publication time of January 1, 2000.
    5) But because the directory already has a "more recent" descriptor X,
       it rejects descriptor "Y" as superseded!

This patch should make step 2 go away.


svn:r658
 2003-10-22 16:41:35 +00:00
Roger Dingledine
069227db5b introduce new tor_free() macro 
svn:r643
 2003-10-21 09:48:58 +00:00
Roger Dingledine
dc85b7af3c warn, not err 
svn:r630
 2003-10-19 01:15:36 +00:00
Nick Mathewson
0ec2a34a1d Code to get nicknames from peer certs 
svn:r627
 2003-10-19 00:46:51 +00:00
Roger Dingledine
ec96419109 let tls tolerate reallocing the buf 
and also remember the params for ssl_write if it returns wantread.


svn:r626
 2003-10-19 00:39:48 +00:00
Roger Dingledine
c627ba2632 first steps toward a WANTWRITE SSL_write tls bug fix 
how exactly the same do the arguments need to be? :(


svn:r625
 2003-10-18 08:00:19 +00:00
Roger Dingledine
61e180ceb1 start to track down the 'peer has invalid cert' bug 
svn:r623
 2003-10-18 06:48:46 +00:00
Nick Mathewson
f32c1c3127 Log TLS errors even harder 
svn:r604
 2003-10-15 23:50:25 +00:00
Nick Mathewson
f81178a312 Add more logging on some ssl errors. 
svn:r603
 2003-10-15 23:42:44 +00:00
Roger Dingledine
36fb8e839d change WARNING to WARN 
svn:r570
 2003-10-10 01:48:03 +00:00
Roger Dingledine
677707433e shift read_file_to_str() into util.c 
svn:r504
 2003-09-28 06:47:29 +00:00
Nick Mathewson
798bb6ab3b Add function to wrap SSL_pending 
svn:r501
 2003-09-27 20:07:40 +00:00