Commit Graph

32 Commits

Author SHA1 Message Date
Nick Mathewson
dd16a9abcb Stop leaking X509 certs; those things are _nasty_ on the carpet
svn:r833
2003-11-18 06:52:25 +00:00
Roger Dingledine
3d19a9b514 fix a bug in handling clock skew
svn:r785
2003-11-11 04:08:30 +00:00
Nick Mathewson
71e5ad714b resolve warning
svn:r664
2003-10-23 14:27:53 +00:00
Nick Mathewson
6b79d8a7e9 Two-pronged attack at my overzealous skew fixes.
The problem was that the fixes had us generating TLS certs with a
2-day lifetime on the assumption that we'd rotate fairly often.  In
fact, we never rotate our TLS keys.

This patch fixes the situation in 2 ways:
   1. It bumps the default lifetime back up to one year until we get
      rotation in place.
   2. It changes tor_tls_context_new() so that it doesn't leak memory
      when you call it more than once.


svn:r663
2003-10-23 14:20:51 +00:00
Nick Mathewson
7604cfe61b Clock skew fixes.
Allow some slop (currently 3 minutes) when checking certificate validity.

Change certificate lifetime from 1 year to 2 days.  Since we
regenerate regularly (we regenerate regularly, right??), this
shouldn't be a problem.

Have directories reject descriptors published too far in the future
(currently 30 minutes).  If dirservs don't do this:
    0) Today is January 1, 2000.
    1) A very skewed server publishes descriptor X with a declared
       publication time of August 1, 2000.
    2) The directory includes X.
    3) Because of certificate lifetime issues, nobody can use the
       skewed server.
    4) The server fixes its skew, and goes to republish a new descriptor Y
       with publication time of January 1, 2000.
    5) But because the directory already has a "more recent" descriptor X,
       it rejects descriptor "Y" as superseded!

This patch should make step 2 go away.


svn:r658
2003-10-22 16:41:35 +00:00
Roger Dingledine
069227db5b introduce new tor_free() macro
svn:r643
2003-10-21 09:48:58 +00:00
Roger Dingledine
dc85b7af3c warn, not err
svn:r630
2003-10-19 01:15:36 +00:00
Nick Mathewson
0ec2a34a1d Code to get nicknames from peer certs
svn:r627
2003-10-19 00:46:51 +00:00
Roger Dingledine
ec96419109 let tls tolerate reallocing the buf
and also remember the params for ssl_write if it returns wantread.


svn:r626
2003-10-19 00:39:48 +00:00
Roger Dingledine
c627ba2632 first steps toward a WANTWRITE SSL_write tls bug fix
how exactly the same do the arguments need to be? :(


svn:r625
2003-10-18 08:00:19 +00:00
Roger Dingledine
61e180ceb1 start to track down the 'peer has invalid cert' bug
svn:r623
2003-10-18 06:48:46 +00:00
Nick Mathewson
f32c1c3127 Log TLS errors even harder
svn:r604
2003-10-15 23:50:25 +00:00
Nick Mathewson
f81178a312 Add more logging on some ssl errors.
svn:r603
2003-10-15 23:42:44 +00:00
Roger Dingledine
36fb8e839d change WARNING to WARN
svn:r570
2003-10-10 01:48:03 +00:00
Roger Dingledine
677707433e shift read_file_to_str() into util.c
svn:r504
2003-09-28 06:47:29 +00:00
Nick Mathewson
798bb6ab3b Add function to wrap SSL_pending
svn:r501
2003-09-27 20:07:40 +00:00
Roger Dingledine
bf10a3c0f1 finish enforcing the log convention
svn:r494
2003-09-26 22:27:24 +00:00
Roger Dingledine
3b5191d36d various bugfixes and updates
redo all the config files for the new format (we'll redo them again soon)

fix (another! yuck) segfault in log_fn when input is too large
tor_tls_context_new() returns -1 for error, not NULL
fix segfault in check_conn_marked() on conn's that die during tls handshake

make ORs also initialize conn from router when we're the receiving node

make non-dirserver ORs upload descriptor to every dirserver on startup
add our local address to the descriptor
add Content-Length field to POST command
revert the Content-Length search in fetch_from_buf_http() to previous code
fix segfault in memmove in fetch_from_buf_http()
raise maximum allowed headers/body size in directory.c


svn:r484
2003-09-25 10:42:07 +00:00
Nick Mathewson
3d4ccb781a Refactor buffers; implement descriptors.
'buf_t' is now an opaque type defined in buffers.c .

Router descriptors now include all keys; routers generate keys as
needed on startup (in a newly defined "data directory"), and generate
their own descriptors.  Descriptors are now self-signed.

Implementation is not complete: descriptors are never published; and
upon receiving a descriptor, the directory doesn't do anything with
it.

At least "routers.or" and orkeygen are now obsolete, BTW.


svn:r483
2003-09-25 05:17:11 +00:00
Nick Mathewson
5f9ac2bdfd More fine-grained logging messages on ZeroReturn/Syscall error cases
svn:r467
2003-09-16 20:53:09 +00:00
Nick Mathewson
e4dfc3c8fe Cipher lists need to be colon separated. Also make initialization more bulletproof
svn:r459
2003-09-15 19:38:52 +00:00
Nick Mathewson
633a5ffc0b Fix TLS error logging
svn:r458
2003-09-15 18:37:49 +00:00
Nick Mathewson
408bff4a23 Log protocol errors
svn:r457
2003-09-15 18:18:37 +00:00
Roger Dingledine
e585dad887 fix the cpuworker circ-had-vanished bug (maybe)
still several (many) tls-related bugs outstanding.


svn:r454
2003-09-14 02:58:50 +00:00
Nick Mathewson
001cd08b2e Fix bugs in certificate generation and SSL context creation. Both seem to work now.
svn:r447
2003-09-11 23:26:31 +00:00
Nick Mathewson
529d3bc56f Resolve XXXXs in tortls.c
svn:r443
2003-09-11 21:38:57 +00:00
Nick Mathewson
f5b4ef1fa2 Simplify some code paths in TLS; cut down on memory leaks; use
reasonable ciphers if not everyone has OpenSSL 0.9.7.


svn:r442
2003-09-11 21:12:39 +00:00
Roger Dingledine
0761bc7b83 fix typo that's been bugging me
svn:r440
2003-09-11 20:10:39 +00:00
Nick Mathewson
e22b271895 Add certificate verification functions
svn:r438
2003-09-10 00:47:39 +00:00
Roger Dingledine
ace475f01c hide the global tls context inside tortls.c
svn:r431
2003-09-08 06:22:19 +00:00
Roger Dingledine
99d1e4931b move variable declarations to top of function
svn:r425
2003-09-05 05:58:21 +00:00
Nick Mathewson
fd20011c26 Add initial interfaces and code for TLS support. Interfaces are right; code needs work and testing.
svn:r424
2003-09-04 16:05:08 +00:00