Implement proposal 106: stop requiring clients to have certificates, and stop checking for nicknames in certificates. [See proposal 106 for rationale.] Also improve messages when checking TLS handshake, to re-resolve bug 382.
svn:r9568
Write the entry guards section of path-spec; note a possible bug in cirbuitbuild.c; add a const; defer work on torrc.complete to be part of a bigger config documentation reorg.
svn:r9465
This one is a little tricky. Our BEGIN_DIR implementation has a
problem: the dirserv conns will decide they can flush all their data
immediately, since the edge_conns will read greedily.
For our 0.1.2 workaround, we track which or_conn a bridged dirserv
conn is attached to, and stop writing when its outbuf is too full, and
start writing again when the or_conn's outbuf empties out a little.
This requires a bit of pointer management. Let's hope it works.
svn:r9432
TODO items: Defer complicated solution to BEGIN_DIR memory problem; mark the simple one partially implemented; note a forward compatibility TODO.
svn:r9431
Implement SOCKS_BAD_HOSTNAME status event. Defer remaining status events. Clean up control-spec.txt a little, and fill in recommendations for events.
svn:r9374
Add some comments to TODO about nastiness of getting data-choking to work with directory bridges; propose a better solution for later, and some simpler solutions for now.
svn:r9321
Add (and specify) a BadDirectory flag to networkstatuses, so authorities can tell clients that some caches are broken. Also, implement an as-yet-unused function to estimate how many bytes will be sent on a directory connection.
svn:r9255
Count TLS bytes accurately: previously, we counted only the number of bytes read or transmitted via tls, not the number of extra bytes used to do so. This has been a lonstanding wart. The fix "Works for me".
svn:r9207
If we only have a single nameserver, raise the threshold to decide that the nameserver is dead. (Another fumbling attempt to do something about bug 326.)
svn:r9203
Fix bug 364: check for whether popular hostnames (curently google, yahoo, mit, and slashdot) are getting wildcarded. If they are, we are probably behind a DNS server that is useless: change our exit policy to reject *:*.
svn:r9199
Better handling of internal addresses wrt X-Your-Address-Is (never believe them; never provide them.) Also, report something useful for X-Your-Address-Is with one-hop tunneled connections.
svn:r9191
Track when we get 503s from directory servers. Do not use directory servers that have given us a 503 until either an hour has passed, or we are are out of non-busy servers.
svn:r9172
Add an orport option to dirserver lines so that clients can tell where to connect to open an encrypted tunnel to a dirserver even before they have its descriptor.
svn:r9171
Add a maintainer script and a new make target "make check-docs" to get a quick dump of which options are undocumented where, and which documentation refers to nonexistent options.
svn:r9160
schedule. Now the first connect attempt will wait a full 10
seconds before switching to a new circuit. Perhaps this will help
a lot. Based on observations from Mike Perry.
svn:r9159
Resolve bug 363: do not fall back to 127.0.0.1 when no nameservers are configured. Instead, have the admin fix resolv.conf or configure a nameserver.
svn:r9157
Add address-spec.txt document to describe .exit, .onion, and .noconnnect. Hopefully, we will not add too many of these just because we have a file for them now...
svn:r9155
Add internal documentation for a bunch of configuration options. We should do something to keep this list, the canonical list, the tor.1 list, and the torrc.complete list in sync.
svn:r9133
Try to reconcile (except for whitespace) eventdns with version in libevent, so it is easier for me to send merges. These changes should be cosmetic. (Ha!)
svn:r9117
Document all structures and (non-exported) functions. External documentation will probably wind up being a manpage, hopefully written by somebody else.
svn:r9087
More evdns: tab fixes. Dont make users worry about flags. Set truncated flag correctly when generating responses, rather than just bailing out.
svn:r9084
Tweaks to test-connection patch: use ".noconnect" instead of ".test" (since there are lots of ways to test things). Use a regular sequence of STREAM events (NEW followed by CLOSED) instead of a new event type. Make the function that checks the address be static and use const and strcasecmpend properly.
svn:r8959
Let directory authorities set the BadExit flag if they like. Also, refactor directory authority code so we can believe multiple things about a single router, and do fewer linear searches.
svn:r8794
Fix longstanding bug in connection_exit_begin_conn(): Since connection_edge_end() exits when the connection is unattached, we were never sending RELAY_END cells back for failed RELAY_BEGIN attempts. Fix this. This might make clients that were otherwise timing out either fail faster or retry faster, which is good news for us.
svn:r8770
Add pragma:no-cache and expires headers so that directory lookups can work better in the presence of caching HTTP proxies. (I would have used Cache-Control, but that is an HTTP/1.1 thing.) All timeouts are currently wild-assed guesses.
svn:r8765
Never discard a descriptor for being too old until either it is recommended by no authorities, or until we download a better (more recent and recommended) one for the same router. This will eventually make it possible for servers to publish less often.
svn:r8761
Add client support for a 'BadExit' flag, so authorities can say "Server X is a poor choise for your nytimes.com connections, as it seems to direct them to HoorayForMao.com or (more likely) WouldYouLikeToBuyTheseFineEncyclopedias.com"
svn:r8690
Touch up last patch (to add REASON to CIRC events): make some reasons
more sensible, send reasons only to controllers that have enabled
extended events, and clean up whitespace.
svn:r8672
