Nick Mathewson
c8024b633e
Revert "Try using SSL_get_ciphers in place of session->ciphers"
...
This reverts commit 67964cfa78
.
It was the cause of #16153 , and was not in any released Tor. We need
a better solution for getting session->ciphers.
2015-05-22 10:22:11 -04:00
Nick Mathewson
45a90573e6
Merge remote-tracking branch 'yawning/ticket16140'
2015-05-21 13:20:24 -04:00
Nick Mathewson
9fee289d24
Revert the broken part of 548b4be
...
Fixes 16152.
2015-05-21 13:18:51 -04:00
Yawning Angel
452cebc4a4
Remove support for OpenSSL without ECC.
...
As OpenSSL >= 1.0.0 is now required, ECDHE is now mandatory. The group
has to be validated at runtime, because of RedHat lawyers (P224 support
is entirely missing in the OpenSSL RPM, but P256 is present and is the
default).
Resolves ticket #16140 .
2015-05-21 17:07:30 +00:00
Nick Mathewson
0b7bf3585a
Generate error ASAP if building with too-old openssl
2015-05-21 11:54:13 -04:00
Nick Mathewson
a35d22479b
move "version" declaration to avoid "set but not used" warnings
2015-05-21 11:17:18 -04:00
Nick Mathewson
eb7f4d0059
Merge remote-tracking branch 'yawning/bug16052a_027'
2015-05-21 10:48:52 -04:00
Nick Mathewson
b668d3017b
fwd-port 0.2.6.8 changelog
2015-05-21 10:42:16 -04:00
Nick Mathewson
0534d46bda
19:38 < Yawning> nickm: you left the "+#ifndef SSL_clear_mode" block in ;_;
2015-05-20 15:40:42 -04:00
Nick Mathewson
ed02a409cf
Merge branch 'bug16034_no_more_openssl_098_squashed'
...
Conflicts:
src/test/testing_common.c
2015-05-20 15:33:22 -04:00
Nick Mathewson
e9677c8f8d
Drop support for OpenSSLs without AES_CTR
2015-05-20 15:27:36 -04:00
Nick Mathewson
f8f407d66a
Now that OpenSSL 0.9.8 is dead, crypto_seed_rng() needs no args
...
It needed an argument before because it wasn't safe to call
RAND_poll() on openssl 0.9.8c if you had already opened more fds
than would fit in fd_set.
2015-05-20 15:27:36 -04:00
Nick Mathewson
971f0f8e18
Remove code to support OpenSSL 0.9.8
2015-05-20 15:27:36 -04:00
Nick Mathewson
f0a0568e7f
Stop poking SSL_CTX->comp_methods
2015-05-20 15:27:36 -04:00
Nick Mathewson
b7f3d52865
Use SSL_CIPHER accessor functions
2015-05-20 15:27:36 -04:00
Nick Mathewson
496df21c89
Use SSL_CIPHER_find where possible.
2015-05-20 15:27:36 -04:00
Nick Mathewson
67964cfa78
Try using SSL_get_ciphers in place of session->ciphers
...
This should help openssl 1.1. On pre-1.1, we double-check that these
two methods give us the same list, since the underlying code is awfully
hairy.
2015-05-20 15:27:36 -04:00
Nick Mathewson
2f7c9b6ecb
Tweak rectify_client_ciphers to work with openssl 1.1
...
The key here is to never touch ssl->cipher_list directly, but only
via SSL_get_ciphers(). But it's not so simple.
See, if there is no specialized cipher_list on the SSL object,
SSL_get_ciphers returns the cipher_list on the SSL_CTX. But we sure
don't want to modify that one! So we need to use
SSL_set_cipher_list first to make sure that we really have a cipher
list on the SSL object.
2015-05-20 15:27:36 -04:00
Yawning Angel
712bf06978
Add support for 'HiddenServiceMaxStream' to 'ADD_ONION'.
...
Done as a separate commit to ease backporting the tunables to 0.2.6.x.
2015-05-20 17:41:27 +00:00
Yawning Angel
db7bde08be
Add "HiddenServiceMaxStreams" as a per-HS tunable.
...
When set, this limits the maximum number of simultaneous streams per
rendezvous circuit on the server side of a HS, with further RELAY_BEGIN
cells being silently ignored.
This can be modified via "HiddenServiceMaxStreamsCloseCircuit", which
if set will cause offending rendezvous circuits to be torn down instead.
Addresses part of #16052 .
2015-05-20 17:33:59 +00:00
Nick Mathewson
32bd533dda
Merge remote-tracking branch 'origin/maint-0.2.6'
2015-05-19 14:59:39 -04:00
Nick Mathewson
b3a225fb13
Bump maint-0.2.6 to 0.2.6.8
2015-05-19 14:48:09 -04:00
Nick Mathewson
d5e4a63436
Fix some compilation warnings
2015-05-18 15:57:21 -04:00
Nick Mathewson
2308f917f9
Merge remote-tracking branch 'andrea/ticket15358_squashed_2'
2015-05-18 14:44:28 -04:00
Nick Mathewson
0d3b3a4a23
Merge remote-tracking branch 'special/bug16060'
2015-05-18 11:56:16 -04:00
Nick Mathewson
cc1943bf6e
Merge remote-tracking branch 'dgoulet/bug16021_027_01'
2015-05-18 11:29:50 -04:00
cypherpunks
b54626fd11
Silence two make rules
2015-05-18 11:29:07 -04:00
Andrea Shepard
79f7721a7e
Changes file for ticket 15358
2015-05-17 13:58:05 +00:00
Andrea Shepard
4cbc9c5313
Add GETINFO network-liveness to control protocol
2015-05-17 13:42:57 +00:00
Andrea Shepard
dce9e915c7
Implement EVENT_NETWORK_LIVENESS
2015-05-17 13:42:57 +00:00
John Brooks
6f9e90101e
Fix crash on HUP with mixed ephemeral services
...
Ephemeral services will be listed in rend_services_list at the end of
rend_config_services, so it must check whether directory is non-NULL
before comparing.
This crash happens when reloading config on a tor with mixed configured
and ephemeral services.
Fixes bug #16060 . Bugfix on 0.2.7.1-alpha.
2015-05-16 20:01:38 -06:00
David Goulet
a324d7e8e1
Test: add unit test for rend_data_t object and functions
...
Closes #16021
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 12:08:54 -04:00
David Goulet
2aaaf7b145
Fix: init HSDirs list in rend_data_service_create
...
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 11:09:02 -04:00
Nick Mathewson
d05d21c89a
Merge branch 'bug15880_027_03'
2015-05-14 10:46:45 -04:00
David Goulet
acfa374048
Test: fix HS_DESC to expect descriptor ID
...
With #15881 implemented, this adds the missing descriptor ID at the end of
the expected control message.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:46:38 -04:00
David Goulet
c1ffeadff4
Add missing descriptor ID to HS_DESC control event
...
For FAILED and RECEIVED action of the HS_DESC event, we now sends back the
descriptor ID at the end like specified in the control-spec section 4.1.25.
Fixes #15881
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:46:38 -04:00
David Goulet
6346d73b8e
Fix rend_config_services() indentation
...
Not sure what happened but whitespace gone wild! :)
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:27:04 -04:00
David Goulet
b6e7b57d9a
Use safe_str_client() for service ID in log
...
Scrub the service ID in a warning log.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:26:57 -04:00
Nick Mathewson
d55db221e8
tor_tls_get_buffer_sizes() will not work on openssl 1.1. Patch from yawning
2015-05-13 12:12:53 -04:00
Nick Mathewson
34451c7a45
Use SSL_state() to inspect the state of SSL objects.
2015-05-13 11:34:10 -04:00
Nick Mathewson
22da5001b5
Use SSL_clear_mode where available.
2015-05-13 11:24:47 -04:00
Nick Mathewson
92b297bb58
SSL_clear_mode exists; we can use it.
2015-05-13 11:21:38 -04:00
Nick Mathewson
fa63f991c0
Stop accessing 'ssl->s3->flags' when we are using openssl 1.1
...
This field was only needed to work with the now-long-gone (I hope,
except for some horrible apples) openssl 0.9.8l; if your headers say
you have openssl 1.1, you won't even need it.
2015-05-13 11:19:19 -04:00
Yawning Angel
53a347592a
ERR_remove_state() is deprecated since OpenSSL 1.0.0.
...
OpenSSL 1.1.0 must be built with "enable-deprecated", and compiled with
`OPENSSL_USE_DEPRECATED` for this to work, so instead, use the newer
routine as appropriate.
2015-05-13 11:13:07 -04:00
Nick Mathewson
113dc51020
Merge remote-tracking branch 'origin/maint-0.2.6'
2015-05-13 11:06:10 -04:00
Nick Mathewson
614d9bc967
Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6
2015-05-13 11:05:33 -04:00
Nick Mathewson
b76314d3a1
Merge remote-tracking branch 'origin/maint-0.2.5'
2015-05-13 11:04:17 -04:00
Nick Mathewson
8aa04408fb
Merge branch 'bug15823_025' into maint-0.2.5
2015-05-13 11:03:05 -04:00
Nick Mathewson
95a9920461
Bump version to 0.2.7.1-alpha-dev
2015-05-12 11:54:06 -04:00
Nick Mathewson
df76da0f3b
Add a .dummy file in the changes directory to stop git from removing it
2015-05-11 11:41:48 -04:00