Nick Mathewson
9c3d17ebb5
Fix a small memory leak of around 32 bytes per TLS connection opened. Bugfix on 0.2.1.1-alpha.
...
svn:r17678
2008-12-18 15:00:09 +00:00
Nick Mathewson
6693f32530
Resolve many DOCDOCs.
...
svn:r17662
2008-12-17 22:58:20 +00:00
Nick Mathewson
339f094056
Refactor some code and add some asserts based on scanner results.
...
svn:r16783
2008-09-05 21:19:53 +00:00
Karsten Loesing
9231858ff5
Fix bug 763. When a hidden service is giving up on an introduction point candidate that was not included in the last published rendezvous descriptor, don't reschedule publication of the next descriptor.
...
svn:r15825
2008-07-10 21:02:01 +00:00
Nick Mathewson
cb7cc9e12d
r16882@tombo: nickm | 2008-07-10 14:31:25 -0400
...
Fix for session-related bug found by Geoff Goodell. backport candidate, once tested.
svn:r15821
2008-07-10 18:31:33 +00:00
Roger Dingledine
d395135e2f
fix a few typos, and give the bootstrap phase stuff a changelog entry.
...
svn:r15183
2008-06-13 04:26:05 +00:00
Nick Mathewson
22080354ed
r16217@tombo: nickm | 2008-06-12 21:13:09 -0400
...
Remove spurious debugging message.
svn:r15176
2008-06-13 01:13:12 +00:00
Nick Mathewson
617843988c
r16215@tombo: nickm | 2008-06-12 18:39:03 -0400
...
Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, *even if* we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented.
svn:r15173
2008-06-12 22:39:13 +00:00
Nick Mathewson
61ac80a914
Ouch. We were sometimes getting openssl compression by default. This is pointless for us, since the overwhelming majority of our cells are encrypted, full of compressed data, or both. This is also harmful, since doing piles of compression is not cheap. Backport candidate once more tested.
...
svn:r14830
2008-05-29 14:39:56 +00:00
Nick Mathewson
da67500336
If the user has an openssl that supports my "release buffer ram" patch, use it.
...
svn:r14671
2008-05-19 18:13:00 +00:00
Nick Mathewson
1823c45a71
r19613@catbus: nickm | 2008-05-05 19:57:06 -0400
...
Log correct openssl buf capacity when using my sooper sekrit buffer hack. This will help test the aforementioned ssbh.
svn:r14567
2008-05-05 23:57:17 +00:00
Roger Dingledine
a364592ca0
make check-spaces wants a newline at the end of tortls
...
svn:r14508
2008-04-29 19:51:38 +00:00
Nick Mathewson
b927ede48c
r15161@31-33-107: nickm | 2008-04-10 11:11:58 -0400
...
Make dumpstats() log the size and fullness of openssl-internal buffers, so I can test my hypothesis that many of them are empty, and my alternative hypothesis that many of them are mostly empty, against the null hypothesis that we really need to be burning 32K per open OR connection on this.
svn:r14350
2008-04-10 15:12:24 +00:00
Nick Mathewson
02acee891c
r19089@catbus: nickm | 2008-03-27 11:05:23 -0400
...
Free some static hashtables and the log mutex on exit. Backport candidate.
svn:r14212
2008-03-27 15:05:28 +00:00
Roger Dingledine
901e2ad04b
correct a confusing log message
...
svn:r14165
2008-03-24 18:37:52 +00:00
Nick Mathewson
05f5d778a2
r18919@catbus: nickm | 2008-03-18 10:53:38 -0400
...
Forward-port bug 622 fix as diagnosed by lodger.
svn:r14096
2008-03-18 14:53:41 +00:00
Nick Mathewson
0b941640df
r18852@catbus: nickm | 2008-03-16 22:47:19 -0400
...
Downgrade "sslv3 alert handshake failure" message to info.
svn:r14057
2008-03-17 02:47:49 +00:00
Nick Mathewson
4d32c2e81f
r18751@catbus: nickm | 2008-03-11 14:22:43 -0400
...
Fix for bug 614: always look at the network BIO for the SSL object, not at the buffering BIO (if one exists because we are renegotiating or something). Bugfix on 0.1.2.x, oddly enough, though it should be impossible to trigger the problem there. Backport candidate. See comments in tortls.c for detailed implementation note.
svn:r13975
2008-03-11 18:22:49 +00:00
Nick Mathewson
24f91d2876
r18747@catbus: nickm | 2008-03-11 13:21:25 -0400
...
Request client certs when renegotiating on server-side. Spotted by lodger. Bugfix on 0.2.0.x.
svn:r13973
2008-03-11 17:21:44 +00:00
Nick Mathewson
2675276618
r18638@catbus: nickm | 2008-03-07 20:11:15 -0500
...
Fix typo in tortls.c comment.
svn:r13887
2008-03-08 01:11:52 +00:00
Nick Mathewson
77d1654c50
r18535@catbus: nickm | 2008-03-01 09:58:33 -0500
...
Whoo. People diagnosed and fixed bug 616. See changelog for details. Bugfix on 0.2.0.20-rc.
svn:r13793
2008-03-01 14:59:03 +00:00
Roger Dingledine
e7f3d6f76c
fix most of pnx's warnings on irix64
...
svn:r13706
2008-02-24 23:39:53 +00:00
Roger Dingledine
a0bc80bbf8
<weasel> tortls.c: In function `tor_tls_client_is_using_v2_ciphers':
...
<weasel> tortls.c:634: warning: passing arg 1 of `SSL_get_session' discards
qualifiers from pointer target type
Nick, see if you like this patch.
svn:r13690
2008-02-24 00:35:20 +00:00
Nick Mathewson
b21a122ef6
r14379@tombo: nickm | 2008-02-21 17:14:24 -0500
...
Enable v2 handshakes.
svn:r13666
2008-02-21 22:14:32 +00:00
Nick Mathewson
69300eb606
r14374@tombo: nickm | 2008-02-21 16:57:39 -0500
...
Fix all remaining shorten-64-to-32 errors in src/common. Some were genuine problems. Many were compatibility errors with libraries (openssl, zlib) that like predate size_t. Partial backport candidate.
svn:r13665
2008-02-21 21:57:47 +00:00
Nick Mathewson
e2f25558b9
r14362@31-33-219: nickm | 2008-02-21 11:01:10 -0500
...
Change some of our log messages related to closed TLS connections in order to better reflect reality.
svn:r13657
2008-02-21 16:11:58 +00:00
Roger Dingledine
b3c0d066e5
other cleanups that have been sitting in my sandbox
...
svn:r13649
2008-02-21 09:01:32 +00:00
Roger Dingledine
b28a342e35
resolve one more, and leave two for nick.
...
svn:r13644
2008-02-21 05:53:50 +00:00
Nick Mathewson
063ced8903
r18296@catbus: nickm | 2008-02-20 23:30:11 -0500
...
Answer one xxx020 item; move 7 other ones to a new "XXX020rc" category: they should get fixed before we cut a release candidate. arma: please review these to see whether you have fixes/answers for any. Please check out the other 14 XXX020s to see if any look critical for the release candidate.
svn:r13640
2008-02-21 04:30:14 +00:00
Nick Mathewson
4ccffd7aea
r18218@catbus: nickm | 2008-02-19 17:27:40 -0500
...
When SafeLogging is off, have TLS errors and messages logged with their associated addresses.
svn:r13591
2008-02-19 22:27:44 +00:00
Nick Mathewson
ca4eb987c8
r14182@tombo: nickm | 2008-02-15 17:20:51 -0500
...
Defer, downgrade, or address more XXX020s. The remaining ones are all ones we should deal with before release.
svn:r13530
2008-02-15 23:39:08 +00:00
Nick Mathewson
f3eaeb99a3
r18051@catbus: nickm | 2008-02-12 15:20:43 -0500
...
Re-tune mempool parametes based on testing on peacetime: use smaller chuncks, free them a little more aggressively, and try very hard to concentrate allocations on fuller chunks. Also, lots of new documentation.
svn:r13484
2008-02-12 20:20:52 +00:00
Roger Dingledine
587a57fdef
fix the compile
...
svn:r13480
2008-02-12 04:50:53 +00:00
Nick Mathewson
a9f1fb20d7
r18045@catbus: nickm | 2008-02-11 23:48:54 -0500
...
oops. Not *quite* ready, just yet, maybe. Do not turn the TLS client handshake on by mistake _again_.
svn:r13479
2008-02-12 04:48:59 +00:00
Nick Mathewson
aace52320c
r18041@catbus: nickm | 2008-02-11 23:43:18 -0500
...
Make version negotiation and handshaking messages more useful and accurate.
svn:r13477
2008-02-12 04:43:25 +00:00
Nick Mathewson
5ced3fd790
r18036@catbus: nickm | 2008-02-11 23:36:38 -0500
...
Make a couple of messages less noisy
svn:r13476
2008-02-12 04:37:13 +00:00
Roger Dingledine
509d2912dc
doxygen and other cleanups
...
svn:r13440
2008-02-09 03:11:10 +00:00
Nick Mathewson
f27a368265
r17987@catbus: nickm | 2008-02-08 17:01:56 -0500
...
Remove spurious log stmt
svn:r13432
2008-02-08 22:01:59 +00:00
Nick Mathewson
de827f89df
r14062@tombo: nickm | 2008-02-08 15:17:07 -0500
...
Change DNs in x509 certificates to be harder to fingerprint. Raise common code. Refactor random hostname generation into crypto.c
svn:r13429
2008-02-08 21:13:12 +00:00
Nick Mathewson
842a33ff20
Update some copyright notices: it is now 2008.
...
svn:r13412
2008-02-07 05:31:47 +00:00
Nick Mathewson
46b1a21dc4
r17955@catbus: nickm | 2008-02-06 16:53:07 -0500
...
The SSL portion of the revised handshake now seems to work: I just finally got a client and a server to negotiate versions. Now to make sure certificate verification is really happening, connections are getting opened, etc.
svn:r13409
2008-02-06 21:53:13 +00:00
Nick Mathewson
46532d8111
r17953@catbus: nickm | 2008-02-06 15:00:44 -0500
...
Implement a better means for testing for renegotiation.
svn:r13408
2008-02-06 20:00:47 +00:00
Nick Mathewson
a869574c56
r17947@catbus: nickm | 2008-02-06 11:57:53 -0500
...
Fix a bunch of DOCDOC items; document the --quiet flag; refactor a couple of XXXX020 items.
svn:r13405
2008-02-06 16:58:05 +00:00
Nick Mathewson
a51deb9a9c
r17903@catbus: nickm | 2008-02-05 14:40:03 -0500
...
Remove some dead code; fix some XXX020s; turn some XXX020s into XXXX_IP6s (i.e., "needs to be fixed when we add ipv6 support").
svn:r13382
2008-02-05 19:40:26 +00:00
Roger Dingledine
750ed3d015
We accidentally enabled the under-development v2 TLS handshake
...
code, which is causing log entries like "TLS error while
renegotiating handshake". Disable it again. Resolves bug 590.
svn:r13219
2008-01-21 22:33:01 +00:00
Nick Mathewson
ddb753f87a
r17717@catbus: nickm | 2008-01-21 17:09:23 -0500
...
Fix certificate leak.
svn:r13218
2008-01-21 22:09:42 +00:00
Nick Mathewson
4a3b7496f0
r17639@catbus: nickm | 2008-01-15 19:09:21 -0500
...
Fix some hard to trigger but nonetheless real memory leaks spotted by an anonymous contributor. Needs review. Partial backport candidate.
svn:r13147
2008-01-16 05:27:19 +00:00
Roger Dingledine
2ac1e36248
minor cleanups
...
svn:r13095
2008-01-10 17:54:24 +00:00
Nick Mathewson
491298a067
r17490@catbus: nickm | 2008-01-07 11:48:02 -0500
...
Fix bug 582: decref the idcert when we add it to the store.
svn:r13052
2008-01-07 16:50:31 +00:00
Nick Mathewson
d73b791969
r17473@catbus: nickm | 2008-01-05 22:15:05 -0500
...
Add a reverse mapping from SSL to tor_tls_t*: we need this in order to do a couple of things the sensible way from inside callbacks. Also, add a couple of missing cases in connection_or.c
svn:r13040
2008-01-06 03:16:11 +00:00
Nick Mathewson
71e117e444
r15767@tombo: nickm | 2007-12-31 16:06:27 -0500
...
Note an unfreed cert
svn:r13008
2007-12-31 21:12:14 +00:00
Roger Dingledine
1d8a8063b9
clean up copyrights, and assign 2007 copyrights to The Tor Project, Inc
...
svn:r12786
2007-12-12 21:09:01 +00:00
Nick Mathewson
25a8744d9c
r15223@tombo: nickm | 2007-12-07 23:41:21 -0500
...
Aaand, do the code to enable the client side of the new TLS handshake. There are some loose ends that need tying up in connection_or, and a lot of half-baked code to remove, and some special cases to test for, and lots and lots of testing to do, but that is what weekends are for.
svn:r12721
2007-12-08 04:41:34 +00:00
Nick Mathewson
f4e228f849
r16919@catbus: nickm | 2007-12-03 12:59:02 -0500
...
Add DHE-RSA-AES256-SHA to the list of ciphers encountered from v1 connections.
svn:r12652
2007-12-03 17:59:32 +00:00
Nick Mathewson
d8ad247dfd
r15088@tombo: nickm | 2007-11-30 23:47:29 -0500
...
Add support to get a callback invoked when the client renegotiate a connection. Also, make clients renegotiate. (not enabled yet, until they detect that the server acted like a v2 server)
svn:r12623
2007-12-01 08:09:48 +00:00
Nick Mathewson
1789f94668
r15087@tombo: nickm | 2007-11-30 22:32:26 -0500
...
Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation. None of this is enabled unless you define V2_HANDSHAKE_SERVER.
svn:r12622
2007-12-01 08:09:46 +00:00
Nick Mathewson
d483d3144a
r16669@catbus: nickm | 2007-11-14 14:50:03 -0500
...
When we complete an OR handshake, set up all the internal fields and mark the connection as open.
svn:r12495
2007-11-14 20:01:12 +00:00
Nick Mathewson
0e993e6008
r16523@catbus: nickm | 2007-11-07 11:35:49 -0500
...
Improve "tls error. breaking" message a little.
svn:r12411
2007-11-07 16:37:08 +00:00
Roger Dingledine
7b826f8fe4
a note from steven about how to set up a private test network
...
without link encryption.
svn:r12410
2007-11-07 15:33:14 +00:00
Nick Mathewson
e047f7f865
r16455@catbus: nickm | 2007-11-06 12:48:00 -0500
...
Parse CERT cells and act correctly when we get them.
svn:r12396
2007-11-06 18:00:07 +00:00
Nick Mathewson
85654f4ab9
r16432@catbus: nickm | 2007-11-05 14:18:57 -0500
...
Send and parse link_auth cells properly.
svn:r12386
2007-11-05 19:19:46 +00:00
Nick Mathewson
12afd4777c
r16413@catbus: nickm | 2007-11-05 13:14:18 -0500
...
Add functions to encode certificates
svn:r12384
2007-11-05 18:15:54 +00:00
Nick Mathewson
323490303e
r16412@catbus: nickm | 2007-11-05 11:45:17 -0500
...
Make TLS contexts reference-counted, and add a reference from TLS objects to their corresponding context. This lets us reliably get the certificates for a given TLS connection, even if we have rotated TLS contexts.
svn:r12383
2007-11-05 18:15:52 +00:00
Nick Mathewson
ea1bea5830
r16411@catbus: nickm | 2007-11-05 11:27:37 -0500
...
Remember X509 certificates in the context. Store peer/self certificate digests in handshake state.
svn:r12382
2007-11-05 18:15:50 +00:00
Nick Mathewson
22c31d91ab
r16410@catbus: nickm | 2007-11-05 10:54:29 -0500
...
Code to remember client_random and server_random values, and to compute hmac using TLS master secret.
svn:r12381
2007-11-05 18:15:47 +00:00
Nick Mathewson
5da5d2bd79
r16302@catbus: nickm | 2007-10-31 16:45:16 -0400
...
Clean spaces.
svn:r12301
2007-10-31 20:48:10 +00:00
Nick Mathewson
7e80640b97
r16285@catbus: nickm | 2007-10-30 17:43:25 -0400
...
Implement (but do not enable) link connection version negotiation
svn:r12286
2007-10-30 21:46:02 +00:00
Nick Mathewson
7da93b80ca
r16159@catbus: nickm | 2007-10-25 12:53:38 -0400
...
Drop support for OpenSSL 0.9.6.
svn:r12191
2007-10-25 16:54:56 +00:00
Nick Mathewson
722c7bdff4
r15997@catbus: nickm | 2007-10-21 20:25:40 -0400
...
New code (disabled for now) to use the SSL context's cert store instead of using its "extra chain cert" list to get our identity certificate sent. This is a little close to what OpenSSL expects people to do, and it has the advantage that we should be able to keep the id cert from being sent by setting the NO_CHAIN_CERT bit. I have tried turning new code on, and it seemed to work fine.
svn:r12086
2007-10-22 00:26:02 +00:00
Nick Mathewson
759ed3ce3f
r13988@catbus: nickm | 2007-07-29 16:32:36 -0400
...
Cheesy attempt to break some censorware. Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them.
svn:r10975
2007-07-29 23:11:42 +00:00
Nick Mathewson
a312afd67e
r12936@catbus: nickm | 2007-05-24 14:12:34 -0400
...
Review XXXX comments without a version; upgrade some to XXXX020.
svn:r10315
2007-05-24 18:12:52 +00:00
Roger Dingledine
d112e7b1ad
fix some code comments, a wrapper, and add a todo item
...
svn:r10111
2007-05-04 07:24:01 +00:00
Nick Mathewson
6a27dd8284
r12595@catbus: nickm | 2007-04-30 18:32:34 -0400
...
Move private function declarations from crypto.c into a new #ifdef CRYPTO_PRIVATE block in crypto.h
svn:r10074
2007-04-30 22:42:50 +00:00
Nick Mathewson
d2893398f6
r11832@catbus: nickm | 2007-02-16 15:31:59 -0500
...
Fix 35 remaining DOCDOC comments. Yowza.
svn:r9596
2007-02-16 20:39:37 +00:00
Nick Mathewson
759c58151e
r11775@catbus: nickm | 2007-02-12 16:39:09 -0500
...
Update copyright dates.
svn:r9570
2007-02-12 21:39:53 +00:00
Nick Mathewson
0c40a080a4
r11773@catbus: nickm | 2007-02-12 15:18:48 -0500
...
Implement proposal 106: stop requiring clients to have certificates, and stop checking for nicknames in certificates. [See proposal 106 for rationale.] Also improve messages when checking TLS handshake, to re-resolve bug 382.
svn:r9568
2007-02-12 21:39:33 +00:00
Nick Mathewson
fefba95363
r11629@catbus: nickm | 2007-02-02 15:06:17 -0500
...
Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were. Oops. Hey, kids! Fixing some of these could be your first Tor patch!
svn:r9477
2007-02-02 20:06:43 +00:00
Nick Mathewson
76f896e714
r11607@catbus: nickm | 2007-01-30 17:19:27 -0500
...
Audit non-const char arguments; make a lot more of them const.
svn:r9466
2007-01-30 22:19:41 +00:00
Nick Mathewson
380f8983c7
r11966@Kushana: nickm | 2007-01-15 16:12:17 -0500
...
Tidy up ORCONN reason patch from Mike Perry. Changes: make some of the handling of TLS error codes less error prone. Enforce house style wrt spaces. Make it compile with --enable-gcc-warnings. Only set or_conn->tls_error in the case of an actual error. Add a changelog entry.
svn:r9355
2007-01-15 21:21:05 +00:00
Nick Mathewson
ead35ef944
r11957@Kushana: nickm | 2007-01-15 15:25:57 -0500
...
Patch from Mike Perry: Track reasons for OR connection failure; display them in control events. Needs review and revision.
svn:r9354
2007-01-15 21:13:37 +00:00
Roger Dingledine
254005fc1b
apparently i think of comments with no whitespace around them as
...
"read this if you don't understand the code and want some help."
which is not the same as "hey, you think you understand this code,
but you don't."
svn:r9307
2007-01-09 00:57:36 +00:00
Roger Dingledine
1d8a4cb989
Fix an assert error introduced in 0.1.2.5-alpha: if a single TLS
...
connection handles more than 4 gigs in either direction, we assert.
svn:r9306
2007-01-09 00:50:50 +00:00
Roger Dingledine
658c09c06f
more progress and cleanups
...
svn:r9269
2007-01-05 06:03:10 +00:00
Nick Mathewson
361998d0f3
r11741@Kushana: nickm | 2006-12-28 22:41:29 -0500
...
Count TLS bytes accurately: previously, we counted only the number of bytes read or transmitted via tls, not the number of extra bytes used to do so. This has been a lonstanding wart. The fix "Works for me".
svn:r9207
2006-12-29 03:42:46 +00:00
Nick Mathewson
43e06eba8b
r11566@Kushana: nickm | 2006-12-13 17:46:24 -0500
...
Try to fix an assert failure in new write limiting code: make buffers.c aware of previous "forced" write sizes from tortls.
svn:r9105
2006-12-13 22:46:42 +00:00
Nick Mathewson
f07f7a7a12
r8923@totoro: nickm | 2006-10-07 11:44:33 -0400
...
More doxygen comments
svn:r8637
2006-10-07 16:25:28 +00:00
Nick Mathewson
93beeac01d
Merge in some bsockets calls, all wrapped inside #if defined(USE_BSOCKETS)
...
svn:r8427
2006-09-19 20:41:31 +00:00
Nick Mathewson
c4ac4bcba3
r8696@Kushana: nickm | 2006-08-31 14:43:44 -0400
...
Try to appease some warnings with newer gccs that believe that ignoring a return value is okay, but casting a return value and then ignoring it is a sign of madness.
svn:r8312
2006-08-31 18:47:54 +00:00
Roger Dingledine
12cc290a7d
ok, i'm not allowed to say that there. oh well.
...
svn:r6720
2006-07-04 16:11:35 +00:00
Roger Dingledine
579849f600
fix a misleading function comment
...
svn:r6717
2006-07-04 15:52:22 +00:00
Roger Dingledine
5dc1e6f788
if we're the server-side of the tls and there are problems,
...
don't yell as loudly.
svn:r6716
2006-07-04 15:51:59 +00:00
Roger Dingledine
8cf45df230
and now the exciting part: there is now no such thing as doing
...
a client-only tls, that is, one with no certs.
svn:r6558
2006-06-07 06:21:11 +00:00
Roger Dingledine
0bfef523df
simplify the tortls api: we only support being a "server", that
...
is, even tor clients do the same sort of handshake.
this has been true for years, so it's best to get rid of the
stale code.
svn:r6557
2006-06-07 06:10:54 +00:00
Roger Dingledine
7512be0b65
looks like we missed a piece of the 0.1.1.9 paranoia code.
...
hopefully this change is a no-op.
svn:r6556
2006-06-07 02:57:23 +00:00
Roger Dingledine
7f611f4732
if we're a server and some peer has a broken tls certificate, don't
...
shout about it unless we want to hear about protocol violations.
svn:r6507
2006-05-26 16:32:16 +00:00
Roger Dingledine
67a885ecac
Claim a commonname of Tor, rather than TOR, in tls handshakes.
...
Maybe this will help us win the war of names.
svn:r6489
2006-05-24 00:21:55 +00:00
Nick Mathewson
5777ee0e1a
Add some functions to escape values from the network before sending them to the log. Use them everywhere except for routerinfo->plaftorm, routerinfo->contact_info, and rend*.c. (need sleep now)
...
svn:r6087
2006-03-05 09:50:26 +00:00
Roger Dingledine
6ce36ead42
Start the process of converting warn to log_warn and so on.
...
This is needed because Windows already has an err() that we
can't clobber. And we need to be able to make the log functions
a macro so we can print the function's name in the log entry.
svn:r6000
2006-02-13 08:01:59 +00:00
Roger Dingledine
5f051574d5
Happy new year!
...
svn:r5949
2006-02-09 05:46:49 +00:00
Nick Mathewson
241310bbac
Split 0119_PARANOIA into 0119_PARANOIA_[ABC]. A is "this is suspicious, and we have not tried running without this yet". B is "this is suspicious, but the last time we tested, it was okay." C is "How could this possibly be the cause?"
...
svn:r5840
2006-01-17 23:08:38 +00:00
Nick Mathewson
55ac4f032c
Add a (diabled by default) option in crypto.h to disable most of the interesting crypto-related changes made on 0.1.1.9. This will help hunt bug 234.
...
svn:r5777
2006-01-10 21:12:06 +00:00
Nick Mathewson
1af630d32c
Bite the bullet and limit all our source lines to 80 characters, the way IBM intended.
...
svn:r5582
2005-12-14 20:40:40 +00:00
Nick Mathewson
e022aa73e6
Hm; looks like the callback business was unnecessary, since DHparams_dup() copies dh->length.
...
svn:r5372
2005-11-14 21:17:38 +00:00
Nick Mathewson
027d0ef18c
Use a callback to set our DH parameters; set SSL_OP_SINGLE_DH_USE.
...
svn:r5371
2005-11-14 19:20:47 +00:00
Nick Mathewson
932106f54c
Efficiency hack: call tor_fix_source_file late, not early. Add "BUG" domain. Domains are now bitmasks... just in case. Make some err msgs non-general.
...
svn:r5309
2005-10-25 07:05:03 +00:00
Nick Mathewson
a20835ac92
Check for even more windows version flags, and note any we do not recognize.
...
svn:r5297
2005-10-24 18:37:09 +00:00
Nick Mathewson
edf5698474
Start dividing log messages into logging domains. No, LD_ is not the best of identifiers. src/or has not been converted yet. Domains dont do anything yet.
...
svn:r5284
2005-10-18 21:58:19 +00:00
Peter Palfrader
0d9aedfcea
Downgrade a few INFO level logs to DEBUG again. Also add two or three new
...
logs in cases where a calling function's log was downgraded and we wouldn't
get any log message otherwise.
svn:r5263
2005-10-17 16:21:42 +00:00
Roger Dingledine
03dcef4c78
start the process of reducing clutter in server logs
...
svn:r5253
2005-10-17 00:35:53 +00:00
Nick Mathewson
ba24193ab5
Make doxygen marginally happier
...
svn:r5208
2005-10-06 04:33:40 +00:00
Nick Mathewson
de198d800b
Never call free() on tor_malloc()d memory. This is unlikely to be our current leak, but it may help dmalloc work.
...
svn:r5168
2005-09-30 20:47:58 +00:00
Nick Mathewson
92451f74a8
Reformat inconsistent function declarations.
...
svn:r5160
2005-09-30 01:09:52 +00:00
Nick Mathewson
5c53545d81
Add a bunch more warnings to out warning suite; resolve them; pack structs a little better.
...
svn:r5150
2005-09-29 22:59:17 +00:00
Roger Dingledine
fa507c63e8
put quotes around user-supplied strings so they are more likely to
...
realize if they add bad characters (like quotes) to the torrc
svn:r4844
2005-08-26 18:40:44 +00:00
Nick Mathewson
d1c094637d
Try to resolve another reported solaris x86 warning
...
svn:r4771
2005-08-12 17:26:43 +00:00
Nick Mathewson
a37db0da26
Appease the hungry God of GCC: it hates K&R style unspecified args!
...
svn:r4470
2005-06-21 01:07:32 +00:00
Nick Mathewson
2aff87caae
Load hardware acceleration options when/where available. Can anybody test this?
...
svn:r4467
2005-06-20 18:56:35 +00:00
Roger Dingledine
fcd0fc3364
flesh out the source file descriptions for doxygen
...
svn:r4404
2005-06-11 05:31:17 +00:00
Nick Mathewson
0831823763
Change end-of-file NLNL convention. It turns out arma I and I agree.
...
svn:r4382
2005-06-09 19:03:31 +00:00
Nick Mathewson
a6f51001a5
New whitespace normalization rule: no blank line at EOF.
...
svn:r4378
2005-06-09 16:46:51 +00:00
Nick Mathewson
10b2208d93
Make Tor compile with no warnings with gcc4.0 on OSX
...
svn:r4184
2005-05-07 05:55:06 +00:00
Nick Mathewson
4fb95f166e
Apparently, ASN1 failures are not treated as SSL connection errors, but are just general OpenSSL errors. Or something. Anyway, bulletproof tor_tls_handshake.
...
svn:r4098
2005-04-23 20:35:38 +00:00
Roger Dingledine
54fd9df23f
LOG_ERR is for when you're planning to die.
...
svn:r4087
2005-04-23 14:35:13 +00:00
Nick Mathewson
5827e2e216
Fix "JAP-client" hideous ASN1 bug, twice. (Fix1: check more thoroughly for TLS errors when handling certs. Fix2: stop assert(0)ing on uncaught TLS errors.)
...
svn:r4085
2005-04-23 14:26:02 +00:00
Nick Mathewson
0e81265359
update copyright notices.
...
svn:r3982
2005-04-01 20:15:56 +00:00
Roger Dingledine
4a82ac12b8
add a tor_tls_is_server method to remember if conn->tls
...
was an initiator or a receiver
svn:r3931
2005-03-31 07:46:38 +00:00
Nick Mathewson
97bc49bd72
Try a little harder to avoid openssl SSL* double-free reports.
...
svn:r3710
2005-02-28 02:52:51 +00:00
Nick Mathewson
bed6c05453
give a better warning when tor points at an https server.
...
svn:r3706
2005-02-28 01:55:09 +00:00
Nick Mathewson
2be0508f0d
Be specific about which "illegal character" we just saw in the cert.
...
svn:r3699
2005-02-25 21:05:42 +00:00
Nick Mathewson
70c3580f81
Patch to localtime/gmtime handling: use the _r variants where available. Use mutexes to fake _r where necessary. Make mutexes no-ops where no threading is enabled.
...
svn:r3653
2005-02-22 07:03:03 +00:00
Nick Mathewson
5d836c8140
Free tls resources on exit too
...
svn:r3615
2005-02-11 01:41:19 +00:00
Nick Mathewson
fca7ba9777
Resolve task 42: find where 19-char nicknames were getting truncated when read from certs, and fix it. Also audit use of MAX_NICKNAME_LEN; no other badness found, but some docs/code cleaned up a touch.
...
svn:r3244
2005-01-03 17:53:20 +00:00
Nick Mathewson
a6aa5eebd6
Fix some memory leaks and unlikely segfaults
...
svn:r3103
2004-12-07 07:48:16 +00:00
Nick Mathewson
0f49fd3bcd
Fix leakable rsa key
...
svn:r3099
2004-12-07 06:48:02 +00:00
Nick Mathewson
7fbd297532
Suggestion from weasel: Make tor --version --version dump the cvs Id of every file.
...
svn:r3019
2004-11-29 22:25:31 +00:00
Nick Mathewson
6f5dbefa7e
Normalize space: add one between every control keyword and control clause.
...
svn:r3003
2004-11-28 09:05:49 +00:00
Roger Dingledine
7c9a707900
remove emacs droppings, since nick says he doesn't need them anymore
...
svn:r2989
2004-11-26 04:00:55 +00:00
Nick Mathewson
cd70264377
Clean up some logging and interfaces
...
svn:r2945
2004-11-23 00:08:26 +00:00
Nick Mathewson
d63d5cb139
Whitespace normalization
...
svn:r2895
2004-11-15 23:29:24 +00:00
Nick Mathewson
ffe9b01ad7
Split X509 certificate liveness checks into a separate function
...
svn:r2873
2004-11-14 22:07:48 +00:00
Nick Mathewson
5a5be93f80
Normalize whitespace; add a "tell me about all the unnormalized whitespace" target; fix a braino in dirserv.c
...
svn:r2758
2004-11-09 20:04:00 +00:00
Nick Mathewson
2fbf31533b
Tricksy compiler warnings! We hates them, hates them forever, my precious!
...
svn:r2615
2004-10-27 21:14:11 +00:00
Nick Mathewson
ce5709184b
Pass with -Wstrict-prototypes
...
svn:r2614
2004-10-27 18:16:37 +00:00
Nick Mathewson
44d4516155
Use tor_snprintf, not snprintf
...
svn:r2609
2004-10-27 06:37:34 +00:00
Nick Mathewson
bc62f8e983
Replace sprintf with snprintf
...
svn:r2602
2004-10-27 05:53:07 +00:00
Nick Mathewson
62094ebd32
Tolerate NULL nicknames better
...
svn:r2567
2004-10-19 18:17:12 +00:00
Roger Dingledine
6d873e5743
don't assert multiple things in the same tor_assert()
...
svn:r2545
2004-10-16 22:28:11 +00:00
Nick Mathewson
1c9426d6e0
Build without warnings on mac gcc 3.3
...
svn:r2487
2004-10-14 03:18:14 +00:00
Roger Dingledine
5f4a390b33
oh, and some more in common/
...
svn:r2483
2004-10-14 02:48:57 +00:00
Roger Dingledine
f91c552af7
fix a seg fault on solaris
...
svn:r2313
2004-08-25 17:37:00 +00:00
Roger Dingledine
3aaba3b16e
tell the user what time _they_ are too, when a cert is expired
...
svn:r2114
2004-07-22 23:06:28 +00:00
Nick Mathewson
38d8e36919
Make tor_tls_new variant use alternative (certless) context
...
svn:r2096
2004-07-22 04:53:34 +00:00
Roger Dingledine
cdb98cf04a
fix our tls handshake chain cert bug
...
svn:r2086
2004-07-21 22:11:11 +00:00
Nick Mathewson
c83f0e948f
Log certificate lifetime on failure.
...
svn:r2083
2004-07-21 17:59:24 +00:00
Nick Mathewson
2d514037b7
Log number of certs in wrong-length chains
...
svn:r2078
2004-07-21 03:32:56 +00:00
Nick Mathewson
334de84cbe
Misc small code cleanups; remove exit_server_mode(); change tor_tls_verify behavior
...
svn:r2073
2004-07-21 00:44:04 +00:00
Roger Dingledine
19deb93c29
more useful warning messages
...
(fixed because the old ones confused a user)
svn:r2055
2004-07-19 19:49:03 +00:00
Nick Mathewson
7511fbf993
Resolve some XXXs
...
svn:r1889
2004-05-18 15:35:21 +00:00
Roger Dingledine
3cdf2d67da
it's amazing what a bit of punctuation can do for appearances
...
svn:r1843
2004-05-10 10:27:54 +00:00
Nick Mathewson
c0ea93337d
Doxygenate common.
...
svn:r1829
2004-05-10 03:53:24 +00:00
Nick Mathewson
af08c4f878
Working strerror for windows socket errors, plus some snide comments.
...
svn:r1775
2004-05-02 20:18:21 +00:00
Roger Dingledine
1558fb7650
some patches on the patches
...
svn:r1761
2004-05-01 23:29:20 +00:00
Nick Mathewson
908ccb9dcd
Handle windows socket errors correctly; comment most of common.
...
svn:r1756
2004-05-01 20:46:28 +00:00
Nick Mathewson
873564ea9c
Some versions of openssl have an SSL_pending function that erroneously
...
returns bytes when there is a non-application record pending.
I have no idea when/why this would even happen, but let's catch it and
make sure tor_tls_get_pending_bytes stays correct.
svn:r1727
2004-04-26 23:19:21 +00:00
Nick Mathewson
ad07c62938
Add a macro to catch unhandled openssl errors.
...
svn:r1723
2004-04-26 23:00:07 +00:00
Roger Dingledine
719bb5c0f3
log debug so nick can see it too
...
svn:r1721
2004-04-26 22:22:11 +00:00
Nick Mathewson
337f7a981f
Include strerror(errno) with tls syscall errors
...
svn:r1718
2004-04-26 18:11:58 +00:00
Nick Mathewson
b410dff6c0
Log pending TLS errors in a couple more places, in case they are possible.
...
svn:r1716
2004-04-26 16:52:47 +00:00
Nick Mathewson
0355d29e12
Call tls_log_errors at a more appropriate location; we can remove the other calls in tor_tls_verify once we are sure they never happen.
...
svn:r1709
2004-04-26 03:09:17 +00:00
Nick Mathewson
cb465160da
Very blunt debugging code: log pending errors at start and end of tor_tls_verify
...
svn:r1707
2004-04-26 02:33:12 +00:00
Roger Dingledine
37192bd25e
use tor_assert and PUBLIC_KEY_OK
...
but don't use tor_assert inside log.c, to avoid loops
svn:r1696
2004-04-25 19:59:38 +00:00
Nick Mathewson
c44016e86e
Merge flagday into main branch.
...
svn:r1683
2004-04-24 22:17:50 +00:00
Roger Dingledine
4d380ea902
quiet a -l info that should be -l debug
...
svn:r1634
2004-04-15 22:08:37 +00:00
Roger Dingledine
47488fa525
allow 90 minutes of clock skew, not 30
...
svn:r1544
2004-04-08 01:08:56 +00:00
Nick Mathewson
257d509b91
Document stuff, reduce magic numbers, add emacs magic
...
svn:r1502
2004-04-06 03:44:36 +00:00
Nick Mathewson
b3c2b62a14
Make "common" no longer depend on or.h
...
svn:r1466
2004-04-03 04:05:12 +00:00
Nick Mathewson
137b577bbd
Refactor the heck out of crypto interface: admit that we will stick with one ciphersuite at a time, make const things const, and stop putting openssl in the headers.
...
svn:r1458
2004-04-03 02:40:30 +00:00
Nick Mathewson
2da54de968
Make tor build on windows again. More work still needed
...
svn:r1247
2004-03-09 22:01:17 +00:00
Roger Dingledine
5cf0b6224b
bugfix: stop trying to write to a stderr that may not be there
...
also, tell start_daemon our desired cwd
svn:r1170
2004-02-28 23:21:29 +00:00
Roger Dingledine
c12a6f58b5
fix typo
...
svn:r1007
2004-01-20 02:14:12 +00:00
Nick Mathewson
793c65e60f
Note discrepency between N bytes transmitted over TLS and actual bandwidth use; add 2 functions to help resolve.
...
svn:r986
2004-01-13 01:19:02 +00:00
Roger Dingledine
eb730c41c8
clean tabs, trailing whitespace
...
svn:r952
2003-12-17 21:14:13 +00:00
Nick Mathewson
dd16a9abcb
Stop leaking X509 certs; those things are _nasty_ on the carpet
...
svn:r833
2003-11-18 06:52:25 +00:00
Roger Dingledine
3d19a9b514
fix a bug in handling clock skew
...
svn:r785
2003-11-11 04:08:30 +00:00
Nick Mathewson
71e5ad714b
resolve warning
...
svn:r664
2003-10-23 14:27:53 +00:00
Nick Mathewson
6b79d8a7e9
Two-pronged attack at my overzealous skew fixes.
...
The problem was that the fixes had us generating TLS certs with a
2-day lifetime on the assumption that we'd rotate fairly often. In
fact, we never rotate our TLS keys.
This patch fixes the situation in 2 ways:
1. It bumps the default lifetime back up to one year until we get
rotation in place.
2. It changes tor_tls_context_new() so that it doesn't leak memory
when you call it more than once.
svn:r663
2003-10-23 14:20:51 +00:00
Nick Mathewson
7604cfe61b
Clock skew fixes.
...
Allow some slop (currently 3 minutes) when checking certificate validity.
Change certificate lifetime from 1 year to 2 days. Since we
regenerate regularly (we regenerate regularly, right??), this
shouldn't be a problem.
Have directories reject descriptors published too far in the future
(currently 30 minutes). If dirservs don't do this:
0) Today is January 1, 2000.
1) A very skewed server publishes descriptor X with a declared
publication time of August 1, 2000.
2) The directory includes X.
3) Because of certificate lifetime issues, nobody can use the
skewed server.
4) The server fixes its skew, and goes to republish a new descriptor Y
with publication time of January 1, 2000.
5) But because the directory already has a "more recent" descriptor X,
it rejects descriptor "Y" as superseded!
This patch should make step 2 go away.
svn:r658
2003-10-22 16:41:35 +00:00
Roger Dingledine
069227db5b
introduce new tor_free() macro
...
svn:r643
2003-10-21 09:48:58 +00:00
Roger Dingledine
dc85b7af3c
warn, not err
...
svn:r630
2003-10-19 01:15:36 +00:00
Nick Mathewson
0ec2a34a1d
Code to get nicknames from peer certs
...
svn:r627
2003-10-19 00:46:51 +00:00
Roger Dingledine
ec96419109
let tls tolerate reallocing the buf
...
and also remember the params for ssl_write if it returns wantread.
svn:r626
2003-10-19 00:39:48 +00:00
Roger Dingledine
c627ba2632
first steps toward a WANTWRITE SSL_write tls bug fix
...
how exactly the same do the arguments need to be? :(
svn:r625
2003-10-18 08:00:19 +00:00
Roger Dingledine
61e180ceb1
start to track down the 'peer has invalid cert' bug
...
svn:r623
2003-10-18 06:48:46 +00:00
Nick Mathewson
f32c1c3127
Log TLS errors even harder
...
svn:r604
2003-10-15 23:50:25 +00:00
Nick Mathewson
f81178a312
Add more logging on some ssl errors.
...
svn:r603
2003-10-15 23:42:44 +00:00
Roger Dingledine
36fb8e839d
change WARNING to WARN
...
svn:r570
2003-10-10 01:48:03 +00:00
Roger Dingledine
677707433e
shift read_file_to_str() into util.c
...
svn:r504
2003-09-28 06:47:29 +00:00
Nick Mathewson
798bb6ab3b
Add function to wrap SSL_pending
...
svn:r501
2003-09-27 20:07:40 +00:00
Roger Dingledine
bf10a3c0f1
finish enforcing the log convention
...
svn:r494
2003-09-26 22:27:24 +00:00
Roger Dingledine
3b5191d36d
various bugfixes and updates
...
redo all the config files for the new format (we'll redo them again soon)
fix (another! yuck) segfault in log_fn when input is too large
tor_tls_context_new() returns -1 for error, not NULL
fix segfault in check_conn_marked() on conn's that die during tls handshake
make ORs also initialize conn from router when we're the receiving node
make non-dirserver ORs upload descriptor to every dirserver on startup
add our local address to the descriptor
add Content-Length field to POST command
revert the Content-Length search in fetch_from_buf_http() to previous code
fix segfault in memmove in fetch_from_buf_http()
raise maximum allowed headers/body size in directory.c
svn:r484
2003-09-25 10:42:07 +00:00
Nick Mathewson
3d4ccb781a
Refactor buffers; implement descriptors.
...
'buf_t' is now an opaque type defined in buffers.c .
Router descriptors now include all keys; routers generate keys as
needed on startup (in a newly defined "data directory"), and generate
their own descriptors. Descriptors are now self-signed.
Implementation is not complete: descriptors are never published; and
upon receiving a descriptor, the directory doesn't do anything with
it.
At least "routers.or" and orkeygen are now obsolete, BTW.
svn:r483
2003-09-25 05:17:11 +00:00
Nick Mathewson
5f9ac2bdfd
More fine-grained logging messages on ZeroReturn/Syscall error cases
...
svn:r467
2003-09-16 20:53:09 +00:00
Nick Mathewson
e4dfc3c8fe
Cipher lists need to be colon separated. Also make initialization more bulletproof
...
svn:r459
2003-09-15 19:38:52 +00:00
Nick Mathewson
633a5ffc0b
Fix TLS error logging
...
svn:r458
2003-09-15 18:37:49 +00:00
Nick Mathewson
408bff4a23
Log protocol errors
...
svn:r457
2003-09-15 18:18:37 +00:00
Roger Dingledine
e585dad887
fix the cpuworker circ-had-vanished bug (maybe)
...
still several (many) tls-related bugs outstanding.
svn:r454
2003-09-14 02:58:50 +00:00
Nick Mathewson
001cd08b2e
Fix bugs in certificate generation and SSL context creation. Both seem to work now.
...
svn:r447
2003-09-11 23:26:31 +00:00
Nick Mathewson
529d3bc56f
Resolve XXXXs in tortls.c
...
svn:r443
2003-09-11 21:38:57 +00:00
Nick Mathewson
f5b4ef1fa2
Simplify some code paths in TLS; cut down on memory leaks; use
...
reasonable ciphers if not everyone has OpenSSL 0.9.7.
svn:r442
2003-09-11 21:12:39 +00:00
Roger Dingledine
0761bc7b83
fix typo that's been bugging me
...
svn:r440
2003-09-11 20:10:39 +00:00
Nick Mathewson
e22b271895
Add certificate verification functions
...
svn:r438
2003-09-10 00:47:39 +00:00
Roger Dingledine
ace475f01c
hide the global tls context inside tortls.c
...
svn:r431
2003-09-08 06:22:19 +00:00
Roger Dingledine
99d1e4931b
move variable declarations to top of function
...
svn:r425
2003-09-05 05:58:21 +00:00
Nick Mathewson
fd20011c26
Add initial interfaces and code for TLS support. Interfaces are right; code needs work and testing.
...
svn:r424
2003-09-04 16:05:08 +00:00