Commit Graph

507 Commits

Author SHA1 Message Date
Nick Mathewson
22b9caf0ae Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-10-16 09:08:52 -04:00
Nick Mathewson
943fd4a252 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-10-16 09:08:32 -04:00
Nick Mathewson
af73d3e4d8 Disable SSLv3 unconditionally. Closes ticket 13426.
The POODLE attack doesn't affect Tor, but there's no reason to tempt
fate: SSLv3 isn't going to get any better.
2014-10-15 11:50:05 -04:00
Nick Mathewson
bbffd0a018 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-03 19:58:25 -04:00
Nick Mathewson
d315b8e8bc Merge remote-tracking branch 'public/bug13325_024' into maint-0.2.5 2014-10-03 19:57:41 -04:00
Nick Mathewson
d1fa0163e5 Run correctly on OpenBSD systems without SSL_METHOD.get_cipher_by_char
Also, make sure we will compile correctly on systems where they
finally rip it out.

Fixes issue #13325.  Caused by this openbsd commit:

   ​http://marc.info/?l=openbsd-cvs&m=140768179627976&w=2

Reported by Fredzupy.
2014-10-03 12:15:09 -04:00
Nick Mathewson
9222707e5c Use the ARRAY_LENGTH macro more consistently. 2014-08-24 13:35:48 -04:00
Nick Mathewson
2cf229ab60 Make the two branches of tor_tls_used_v1_handshake into one.
(Coverity thinks that "if (a) X; else X;" is probably a bug.)

[Coverity CID 1232086]
2014-08-21 10:12:54 -04:00
Nick Mathewson
1b551823de Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-07-24 19:45:38 -04:00
Nick Mathewson
a36cd51b59 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-17 11:34:33 +02:00
Nick Mathewson
f6a776d915 Merge remote-tracking branch 'public/bug12602_024' into maint-0.2.5 2014-07-17 11:32:16 +02:00
Nick Mathewson
66798dfdc0 Fix compilation with no-compression OpenSSL builds and forks
Found because LibreSSL has OPENSSL_NO_COMP always-on, but this
conflicts with the way that _we_ turn off compression.  Patch from
dhill, who attributes it to "OpenBSD".  Fixes bug 12602; bugfix on
0.2.1.1-alpha, which introduced this turn-compression-off code.
2014-07-17 11:25:56 +02:00
Nick Mathewson
5b4ee475aa Remove code for Windows CE support
As far as I know, nobody has used this in ages.  It would be a
pretty big surprise if it had worked.

Closes ticket 11446.
2014-06-20 09:49:36 -04:00
Nick Mathewson
55c7a559df Merge remote-tracking branch 'public/bug12227_024' 2014-06-10 11:17:39 -04:00
Nick Mathewson
cca6198c77 Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-06-10 11:11:47 -04:00
Nick Mathewson
0ad8133a7e Merge remote-tracking branch 'public/ticket11528_024' into maint-0.2.4 2014-05-07 23:04:59 -04:00
Nick Mathewson
eb896d5e6f Merge remote-tracking branch 'public/ticket11528_024' 2014-04-17 12:17:14 -04:00
Nick Mathewson
0b319de60f Elevate server TLS cipher preferences over client
The server cipher list is (thanks to #11513) chosen systematically to
put the best choices for Tor first.  The client cipher list is chosen
to resemble a browser.  So let's set SSL_OP_CIPHER_SERVER_PREFERENCE
to have the servers pick according to their own preference order.
2014-04-17 10:33:04 -04:00
dana koch
3ce3984772 Uplift status.c unit test coverage with new test cases and macros.
A new set of unit test cases are provided, as well as introducing
an alternative paradigm and macros to support it. Primarily, each test
case is given its own namespace, in order to isolate tests from each
other. We do this by in the usual fashion, by appending module and
submodule names to our symbols. New macros assist by reducing friction
for this and other tasks, like overriding a function in the global
namespace with one in the current namespace, or declaring integer
variables to assist tracking how many times a mock has been called.

A set of tests for a small-scale module has been included in this
commit, in order to highlight how the paradigm can be used. This
suite gives 100% coverage to status.c in test execution.
2014-04-15 15:00:34 -04:00
Nick Mathewson
2704441e7f Merge remote-tracking branch 'public/bug11513_024' 2014-04-15 14:54:25 -04:00
Nick Mathewson
bd3db82906 New sort order for server choice of ciphersuites.
Back in 175b2678, we allowed servers to recognize clients who are
telling them the truth about their ciphersuites, and select the best
cipher from on that list. This implemented the server side of proposal
198.

In bugs 11492, 11498, and 11499, cypherpunks found a bunch of mistakes
and omissions and typos in the UNRESTRICTED_SERVER_CIPHER_LIST we had.
In #11513, I found a couple more.

Rather than try to hand-edit this list, I wrote a short python script
to generate our ciphersuite preferences from the openssl headers.

The new rules are:
  * Require forward secrecy.
  * Require RSA (since our servers only configure RSA keys)
  * Require AES or 3DES. (This means, reject RC4, DES, SEED, CAMELLIA,
    and NULL.)
  * No export ciphersuites.

Then:
  * Prefer AES to 3DES.
  * If both suites have the same cipher, prefer ECDHE to DHE.
  * If both suites have the same DHE group type, prefer GCM to CBC.
  * If both suites have the same cipher mode, prefer SHA384 to SHA256
    to SHA1.
  * If both suites have the same digest, prefer AES256 to AES128.
2014-04-14 14:16:49 -04:00
Nick Mathewson
c0441cca8b Merge branch 'bug8787_squashed' 2014-03-31 11:57:56 -04:00
Andrea Shepard
dea8190111 Check strftime() return in tortls.c 2014-03-31 11:27:08 -04:00
Nick Mathewson
d5e11f21cc Fix warnings from doxygen
Most of these are simple.  The only nontrivial part is that our
pattern for using ENUM_BF was confusing doxygen by making declarations
that didn't look like declarations.
2014-03-25 11:27:43 -04:00
Florent Daigniere
01132c93fd Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
2014-02-06 16:09:12 -05:00
Florent Daigniere
9d6e805d28 Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
2014-02-03 10:44:19 -05:00
Nick Mathewson
8f9c847fbf Restore prop198 behavior from 4677 patch
The previous commit from piet would have backed out some of proposal
198 and made servers built without the V2 handshake not use the
unrestricted cipher list from prop198.

Bug not in any released Tor.
2013-11-25 10:53:37 -05:00
Nick Mathewson
2d9adcd204 Restore ability to build with V2_HANDSHAKE_SERVER
Fixes bug 4677; bugfix on 0.2.3.2-alpha. Fix by "piet".
2013-11-25 10:51:00 -05:00
Nick Mathewson
61029d6926 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-31 14:03:01 -04:00
Nick Mathewson
1b312f7b55 Merge remote-tracking branch 'public/bug9780_024_v2' into maint-0.2.4 2013-10-31 14:02:28 -04:00
Nick Mathewson
72c1e5acfe Switch ECDHE group default logic for bridge/relay TLS
According to the manpage, bridges use P256 for conformity and relays
use P224 for speed. But skruffy points out that we've gotten it
backwards in the code.

In this patch, we make the default P256 for everybody.

Fixes bug 9780; bugfix on 0.2.4.8-alpha.
2013-10-08 16:32:07 -04:00
Nick Mathewson
090bff2dca Merge remote-tracking branch 'public/bug6055_v2_024' 2013-09-25 14:35:18 -04:00
Nick Mathewson
ad763a336c Re-enable TLS 1.[12] when building with OpenSSL >= 1.0.1e
To fix #6033, we disabled TLS 1.1 and 1.2.  Eventually, OpenSSL fixed
the bug behind #6033.

I've considered alternate implementations that do more testing to see
if there's secretly an OpenSSL 1.0.1c or something that secretly has a
backport of the OpenSSL 1.0.1e fix, and decided against it on the
grounds of complexity.
2013-09-25 14:34:24 -04:00
Nick Mathewson
a3e0a87d95 Completely refactor how FILENAME_PRIVATE works
We previously used FILENAME_PRIVATE identifiers mostly for
identifiers exposed only to the unit tests... but also for
identifiers exposed to the benchmarker, and sometimes for
identifiers exposed to a similar module, and occasionally for no
really good reason at all.

Now, we use FILENAME_PRIVATE identifiers for identifiers shared by
Tor and the unit tests.  They should be defined static when we
aren't building the unit test, and globally visible otherwise. (The
STATIC macro will keep us honest here.)

For identifiers used only by the unit tests and never by Tor at all,
on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS.

This is not the motivating use case for the split test/non-test
build system; it's just a test example to see how it works, and to
take a chance to clean up the code a little.
2013-07-10 15:20:10 -04:00
Marek Majkowski
16d1dd134a Fix #9043 - simplyfy the code and use EVP_PKEY_cmp instead of pkey_eq / tor_tls_evp_pkey_eq 2013-06-12 13:02:06 -04:00
Marek Majkowski
d769cd82b5 Bug #5170 - make pkey_eq testable, introduce test_tortls.c 2013-06-10 16:21:39 +01:00
Marek Majkowski
68be3469c5 Bug 5170 - simplify i2d_PublicKey in pkey_eq 2013-06-06 13:32:46 +01:00
Marek Majkowski
a022930fda Bug #5170 - simplify i2d_X509 2013-06-06 12:45:25 +01:00
Nick Mathewson
452cfaacfc Track TLS overhead: diagnostic for bug 7707 2013-03-11 22:06:07 -04:00
Roger Dingledine
0196647970 start part-way through the ssl cert lifetime
also, snap the start time and end time to a day boundary, since most
certs in the wild seem to do this.
2013-03-10 23:38:18 -04:00
Nick Mathewson
a141430ec3 Rename log() to tor_log() for logging
This is meant to avoid conflict with the built-in log() function in
math.h.  It resolves ticket 7599.  First reported by dhill.

This was generated with the following perl script:

 #!/usr/bin/perl -w -i -p

 s/\blog\(LOG_(ERR|WARN|NOTICE|INFO|DEBUG)\s*,\s*/log_\L$1\(/g;

 s/\blog\(/tor_log\(/g;
2013-02-01 15:43:37 -05:00
Nick Mathewson
d094a76cc8 Merge remote-tracking branch 'public/bug6302' 2013-01-17 09:20:24 -05:00
Nick Mathewson
b998431a33 Merge branch '024_msvc_squashed'
Conflicts:
	src/or/or.h
	 srcwin32/orconfig.h
2013-01-16 22:32:12 -05:00
Nick Mathewson
5e06c4ee32 When building with MSVC, call every enum bitfield unsigned
Fixes bug 7305.
2013-01-16 22:29:39 -05:00
Nick Mathewson
9bd811b337 Refactor: Use SOCK_ERRNO to avoid some #ifdef _WIN32s
Fixes ticket 6302
2013-01-16 15:30:20 -05:00
Nick Mathewson
4da083db3b Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
Nick Mathewson
68dae4cf35 One last fix for a warning on non-EC systems 2012-12-25 22:12:18 -05:00
Nick Mathewson
ddbe28919a Be more noncomittal about performance improvement of uint128 backend. 2012-12-25 21:08:42 -05:00
Nick Mathewson
25afecdbf9 Make ECDHE group configurable: 224 for public, 256 for bridges (default) 2012-12-25 20:22:46 -05:00
Nick Mathewson
c8b3bdb782 Inform the user if they're passing up a 10x ECDH speedup. 2012-12-25 20:14:07 -05:00
Nick Mathewson
175b2678d7 Let servers choose better ciphersuites when clients support them
This implements the server-side of proposal 198 by detecting when
clients lack the magic list of ciphersuites that indicates that
they're lying faking some ciphers they don't really have.  When
clients lack this list, we can choose any cipher that we'd actually
like.  The newly allowed ciphersuites are, currently, "All ECDHE-RSA
ciphers that openssl supports, except for ECDHE-RSA-RC4".

The code to detect the cipher list relies on on (ab)use of
SSL_set_session_secret_cb.
2012-12-25 20:14:07 -05:00
Nick Mathewson
63208aa1e5 Remove the address argument from client cipher classification fns 2012-12-25 20:14:07 -05:00
Nick Mathewson
047d9e57b0 Cache the type of client cipher list we have in the tor_tls_t
We already use this classification for deciding whether (as a server)
to do a v2/v3 handshake, and we're about to start using it for
deciding whether we can use good ciphersuites too.
2012-12-25 20:14:07 -05:00
Nick Mathewson
2a26e1d45f prop198: Detect the list of ciphersuites we used to lie about having
This is less easy than you might think; we can't just look at the
client ciphers list, since openssl doesn't remember client ciphers if
it doesn't know about them.  So we have to keep a list of the "v2"
ciphers, with the ones we don't know about removed.
2012-12-25 20:14:07 -05:00
Nick Mathewson
bbaf4d9643 Configure SSL context to know about using P-256 for ECDHE. 2012-12-25 20:14:03 -05:00
Nick Mathewson
864e15cd1c In comments and logs, say "UTC" not "GMT"
Fix for #6113.

Note that the RFC1123 times we generate still all say 'GMT'.  I'm
going to suggest this is not worth changing.
2012-11-23 10:05:16 -05:00
Nick Mathewson
81deddb08c Merge remote-tracking branch 'origin/maint-0.2.3'
Conflicts:
	src/common/crypto.c
	src/or/rendservice.c
2012-11-08 16:48:04 -05:00
Nick Mathewson
49dd5ef3a3 Add and use and unlikely-to-be-eliminated memwipe()
Apparently some compilers like to eliminate memset() operations on
data that's about to go out-of-scope.  I've gone with the safest
possible replacement, which might be a bit slow.  I don't think this
is critical path in any way that will affect performance, but if it
is, we can work on that in 0.2.4.

Fixes bug 7352.
2012-11-08 16:44:50 -05:00
Roger Dingledine
4fc866ce7f touch-ups 2012-10-26 00:39:06 -04:00
Nick Mathewson
a1c121e78e Change changes file and comment for 7189, for making it 0.2.4-only for now 2012-10-24 22:11:43 -04:00
Nick Mathewson
4a7962e439 Merge remote-tracking branch 'public/bug7189_tentative' 2012-10-24 22:07:10 -04:00
Nick Mathewson
62a49c0cc8 Only disable TLS tickets when being/acting as a server.
Fix for bug 7189.
2012-10-24 20:13:25 -04:00
Nick Mathewson
9f1b1ef4fb Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-19 01:01:26 -04:00
Nick Mathewson
a0e9dc9f55 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-10-19 00:58:33 -04:00
Nick Mathewson
8743080a28 Disable TLS Session Tickets, which we were apparently getting for free
OpenSSL 1.0.0 added an implementation of TLS session tickets, a
"feature" that let session resumption occur without server-side state
by giving clients an encrypted "ticket" that the client could present
later to get the session going again with the same keys as before.
OpenSSL was giving the keys to decrypt these tickets the lifetime of
the SSL contexts, which would have been terrible for PFS if we had
long-lived SSL contexts.  Fortunately, we don't.  Still, it's pretty
bad.  We should also drop these, since our use of the extension stands
out with our non-use of session cacheing.

Found by nextgens. Bugfix on all versions of Tor when built with
openssl 1.0.0 or later.  Fixes bug 7139.
2012-10-19 00:54:51 -04:00
Nick Mathewson
56c0baa523 Rename all reserved C identifiers we defined
For everything we declare that starts with _, make it end with _ instead.

This is a machine-generated patch.  To make it, start by getting the
list of reserved identifiers using:

     git ls-tree -r --name-only HEAD | grep  '\.[ch]$' | \
       xargs ctags --c-kinds=defglmpstuvx -o - | grep '^_' | \
       cut -f 1 | sort| uniq

You might need gnu ctags.

Then pipe the output through this script:
==============================

use strict;

BEGIN { print "#!/usr/bin/perl -w -i -p\n\n"; }

chomp;

next if (
     /^__attribute__/ or
     /^__func__/ or
     /^_FILE_OFFSET_BITS/ or
     /^_FORTIFY_SOURCE/ or
     /^_GNU_SOURCE/ or
     /^_WIN32/ or
     /^_DARWIN_UNLIMITED/ or
     /^_FILE_OFFSET_BITS/ or
     /^_LARGEFILE64_SOURCE/ or
     /^_LFS64_LARGEFILE/ or
     /^__cdecl/ or
     /^__attribute__/ or
     /^__func__/ or
    /^_WIN32_WINNT/);

my $ident = $_;

my $better = $ident;
$better =~ s/^_//;

$better = "${better}_";

print "s/(?<![A-Za-z0-9_])$ident(?![A-Za-z0-9_])/$better/g;\n";
==============================

Then run the resulting script on all the files you want to change.
(That is, all the C except that in src/ext.)  The resulting script was:

==============================

s/(?<![A-Za-z0-9_])_address(?![A-Za-z0-9_])/address_/g;
s/(?<![A-Za-z0-9_])_aes_fill_buf(?![A-Za-z0-9_])/aes_fill_buf_/g;
s/(?<![A-Za-z0-9_])_AllowInvalid(?![A-Za-z0-9_])/AllowInvalid_/g;
s/(?<![A-Za-z0-9_])_AP_CONN_STATE_MAX(?![A-Za-z0-9_])/AP_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_AP_CONN_STATE_MIN(?![A-Za-z0-9_])/AP_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_assert_cache_ok(?![A-Za-z0-9_])/assert_cache_ok_/g;
s/(?<![A-Za-z0-9_])_A_UNKNOWN(?![A-Za-z0-9_])/A_UNKNOWN_/g;
s/(?<![A-Za-z0-9_])_base(?![A-Za-z0-9_])/base_/g;
s/(?<![A-Za-z0-9_])_BridgePassword_AuthDigest(?![A-Za-z0-9_])/BridgePassword_AuthDigest_/g;
s/(?<![A-Za-z0-9_])_buffer_stats_compare_entries(?![A-Za-z0-9_])/buffer_stats_compare_entries_/g;
s/(?<![A-Za-z0-9_])_chan_circid_entries_eq(?![A-Za-z0-9_])/chan_circid_entries_eq_/g;
s/(?<![A-Za-z0-9_])_chan_circid_entry_hash(?![A-Za-z0-9_])/chan_circid_entry_hash_/g;
s/(?<![A-Za-z0-9_])_check_no_tls_errors(?![A-Za-z0-9_])/check_no_tls_errors_/g;
s/(?<![A-Za-z0-9_])_c_hist_compare(?![A-Za-z0-9_])/c_hist_compare_/g;
s/(?<![A-Za-z0-9_])_circ(?![A-Za-z0-9_])/circ_/g;
s/(?<![A-Za-z0-9_])_circuit_get_global_list(?![A-Za-z0-9_])/circuit_get_global_list_/g;
s/(?<![A-Za-z0-9_])_circuit_mark_for_close(?![A-Za-z0-9_])/circuit_mark_for_close_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_C_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_C_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_MIN(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_OR_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_OR_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_OR_MIN(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_OR_MIN_/g;
s/(?<![A-Za-z0-9_])_cmp_int_strings(?![A-Za-z0-9_])/cmp_int_strings_/g;
s/(?<![A-Za-z0-9_])_compare_cached_resolves_by_expiry(?![A-Za-z0-9_])/compare_cached_resolves_by_expiry_/g;
s/(?<![A-Za-z0-9_])_compare_digests(?![A-Za-z0-9_])/compare_digests_/g;
s/(?<![A-Za-z0-9_])_compare_digests256(?![A-Za-z0-9_])/compare_digests256_/g;
s/(?<![A-Za-z0-9_])_compare_dir_src_ents_by_authority_id(?![A-Za-z0-9_])/compare_dir_src_ents_by_authority_id_/g;
s/(?<![A-Za-z0-9_])_compare_duration_idx(?![A-Za-z0-9_])/compare_duration_idx_/g;
s/(?<![A-Za-z0-9_])_compare_int(?![A-Za-z0-9_])/compare_int_/g;
s/(?<![A-Za-z0-9_])_compare_networkstatus_v2_published_on(?![A-Za-z0-9_])/compare_networkstatus_v2_published_on_/g;
s/(?<![A-Za-z0-9_])_compare_old_routers_by_identity(?![A-Za-z0-9_])/compare_old_routers_by_identity_/g;
s/(?<![A-Za-z0-9_])_compare_orports(?![A-Za-z0-9_])/compare_orports_/g;
s/(?<![A-Za-z0-9_])_compare_pairs(?![A-Za-z0-9_])/compare_pairs_/g;
s/(?<![A-Za-z0-9_])_compare_routerinfo_by_id_digest(?![A-Za-z0-9_])/compare_routerinfo_by_id_digest_/g;
s/(?<![A-Za-z0-9_])_compare_routerinfo_by_ip_and_bw(?![A-Za-z0-9_])/compare_routerinfo_by_ip_and_bw_/g;
s/(?<![A-Za-z0-9_])_compare_signed_descriptors_by_age(?![A-Za-z0-9_])/compare_signed_descriptors_by_age_/g;
s/(?<![A-Za-z0-9_])_compare_string_ptrs(?![A-Za-z0-9_])/compare_string_ptrs_/g;
s/(?<![A-Za-z0-9_])_compare_strings_for_pqueue(?![A-Za-z0-9_])/compare_strings_for_pqueue_/g;
s/(?<![A-Za-z0-9_])_compare_strs(?![A-Za-z0-9_])/compare_strs_/g;
s/(?<![A-Za-z0-9_])_compare_tor_version_str_ptr(?![A-Za-z0-9_])/compare_tor_version_str_ptr_/g;
s/(?<![A-Za-z0-9_])_compare_vote_rs(?![A-Za-z0-9_])/compare_vote_rs_/g;
s/(?<![A-Za-z0-9_])_compare_votes_by_authority_id(?![A-Za-z0-9_])/compare_votes_by_authority_id_/g;
s/(?<![A-Za-z0-9_])_compare_without_first_ch(?![A-Za-z0-9_])/compare_without_first_ch_/g;
s/(?<![A-Za-z0-9_])_connection_free(?![A-Za-z0-9_])/connection_free_/g;
s/(?<![A-Za-z0-9_])_connection_mark_and_flush(?![A-Za-z0-9_])/connection_mark_and_flush_/g;
s/(?<![A-Za-z0-9_])_connection_mark_for_close(?![A-Za-z0-9_])/connection_mark_for_close_/g;
s/(?<![A-Za-z0-9_])_connection_mark_unattached_ap(?![A-Za-z0-9_])/connection_mark_unattached_ap_/g;
s/(?<![A-Za-z0-9_])_connection_write_to_buf_impl(?![A-Za-z0-9_])/connection_write_to_buf_impl_/g;
s/(?<![A-Za-z0-9_])_ConnLimit(?![A-Za-z0-9_])/ConnLimit_/g;
s/(?<![A-Za-z0-9_])_CONN_TYPE_MAX(?![A-Za-z0-9_])/CONN_TYPE_MAX_/g;
s/(?<![A-Za-z0-9_])_CONN_TYPE_MIN(?![A-Za-z0-9_])/CONN_TYPE_MIN_/g;
s/(?<![A-Za-z0-9_])_CONTROL_CONN_STATE_MAX(?![A-Za-z0-9_])/CONTROL_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_CONTROL_CONN_STATE_MIN(?![A-Za-z0-9_])/CONTROL_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_CPUWORKER_STATE_MAX(?![A-Za-z0-9_])/CPUWORKER_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_CPUWORKER_STATE_MIN(?![A-Za-z0-9_])/CPUWORKER_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_crypto_dh_get_dh(?![A-Za-z0-9_])/crypto_dh_get_dh_/g;
s/(?<![A-Za-z0-9_])_crypto_global_initialized(?![A-Za-z0-9_])/crypto_global_initialized_/g;
s/(?<![A-Za-z0-9_])_crypto_new_pk_from_rsa(?![A-Za-z0-9_])/crypto_new_pk_from_rsa_/g;
s/(?<![A-Za-z0-9_])_crypto_pk_get_evp_pkey(?![A-Za-z0-9_])/crypto_pk_get_evp_pkey_/g;
s/(?<![A-Za-z0-9_])_crypto_pk_get_rsa(?![A-Za-z0-9_])/crypto_pk_get_rsa_/g;
s/(?<![A-Za-z0-9_])_DIR_CONN_STATE_MAX(?![A-Za-z0-9_])/DIR_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_DIR_CONN_STATE_MIN(?![A-Za-z0-9_])/DIR_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_DIR_PURPOSE_MAX(?![A-Za-z0-9_])/DIR_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_DIR_PURPOSE_MIN(?![A-Za-z0-9_])/DIR_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_dirreq_map_get(?![A-Za-z0-9_])/dirreq_map_get_/g;
s/(?<![A-Za-z0-9_])_dirreq_map_put(?![A-Za-z0-9_])/dirreq_map_put_/g;
s/(?<![A-Za-z0-9_])_dns_randfn(?![A-Za-z0-9_])/dns_randfn_/g;
s/(?<![A-Za-z0-9_])_dummy(?![A-Za-z0-9_])/dummy_/g;
s/(?<![A-Za-z0-9_])_edge(?![A-Za-z0-9_])/edge_/g;
s/(?<![A-Za-z0-9_])_END_CIRC_REASON_MAX(?![A-Za-z0-9_])/END_CIRC_REASON_MAX_/g;
s/(?<![A-Za-z0-9_])_END_CIRC_REASON_MIN(?![A-Za-z0-9_])/END_CIRC_REASON_MIN_/g;
s/(?<![A-Za-z0-9_])_EOF(?![A-Za-z0-9_])/EOF_/g;
s/(?<![A-Za-z0-9_])_ERR(?![A-Za-z0-9_])/ERR_/g;
s/(?<![A-Za-z0-9_])_escaped_val(?![A-Za-z0-9_])/escaped_val_/g;
s/(?<![A-Za-z0-9_])_evdns_log(?![A-Za-z0-9_])/evdns_log_/g;
s/(?<![A-Za-z0-9_])_evdns_nameserver_add_impl(?![A-Za-z0-9_])/evdns_nameserver_add_impl_/g;
s/(?<![A-Za-z0-9_])_EVENT_MAX(?![A-Za-z0-9_])/EVENT_MAX_/g;
s/(?<![A-Za-z0-9_])_EVENT_MIN(?![A-Za-z0-9_])/EVENT_MIN_/g;
s/(?<![A-Za-z0-9_])_ExcludeExitNodesUnion(?![A-Za-z0-9_])/ExcludeExitNodesUnion_/g;
s/(?<![A-Za-z0-9_])_EXIT_CONN_STATE_MAX(?![A-Za-z0-9_])/EXIT_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_EXIT_CONN_STATE_MIN(?![A-Za-z0-9_])/EXIT_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_EXIT_PURPOSE_MAX(?![A-Za-z0-9_])/EXIT_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_EXIT_PURPOSE_MIN(?![A-Za-z0-9_])/EXIT_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_extrainfo_free(?![A-Za-z0-9_])/extrainfo_free_/g;
s/(?<![A-Za-z0-9_])_find_by_keyword(?![A-Za-z0-9_])/find_by_keyword_/g;
s/(?<![A-Za-z0-9_])_free_cached_dir(?![A-Za-z0-9_])/free_cached_dir_/g;
s/(?<![A-Za-z0-9_])_free_cached_resolve(?![A-Za-z0-9_])/free_cached_resolve_/g;
s/(?<![A-Za-z0-9_])_free_duplicate_routerstatus_entry(?![A-Za-z0-9_])/free_duplicate_routerstatus_entry_/g;
s/(?<![A-Za-z0-9_])_free_link_history(?![A-Za-z0-9_])/free_link_history_/g;
s/(?<![A-Za-z0-9_])_geoip_compare_entries(?![A-Za-z0-9_])/geoip_compare_entries_/g;
s/(?<![A-Za-z0-9_])_geoip_compare_key_to_entry(?![A-Za-z0-9_])/geoip_compare_key_to_entry_/g;
s/(?<![A-Za-z0-9_])_hex_decode_digit(?![A-Za-z0-9_])/hex_decode_digit_/g;
s/(?<![A-Za-z0-9_])_idxplus1(?![A-Za-z0-9_])/idxplus1_/g;
s/(?<![A-Za-z0-9_])__libc_enable_secure(?![A-Za-z0-9_])/_libc_enable_secure_/g;
s/(?<![A-Za-z0-9_])_log_debug(?![A-Za-z0-9_])/log_debug_/g;
s/(?<![A-Za-z0-9_])_log_err(?![A-Za-z0-9_])/log_err_/g;
s/(?<![A-Za-z0-9_])_log_fn(?![A-Za-z0-9_])/log_fn_/g;
s/(?<![A-Za-z0-9_])_log_fn_function_name(?![A-Za-z0-9_])/log_fn_function_name_/g;
s/(?<![A-Za-z0-9_])_log_global_min_severity(?![A-Za-z0-9_])/log_global_min_severity_/g;
s/(?<![A-Za-z0-9_])_log_info(?![A-Za-z0-9_])/log_info_/g;
s/(?<![A-Za-z0-9_])_log_notice(?![A-Za-z0-9_])/log_notice_/g;
s/(?<![A-Za-z0-9_])_log_prefix(?![A-Za-z0-9_])/log_prefix_/g;
s/(?<![A-Za-z0-9_])_log_warn(?![A-Za-z0-9_])/log_warn_/g;
s/(?<![A-Za-z0-9_])_magic(?![A-Za-z0-9_])/magic_/g;
s/(?<![A-Za-z0-9_])_MALLOC_LOCK(?![A-Za-z0-9_])/MALLOC_LOCK_/g;
s/(?<![A-Za-z0-9_])_MALLOC_LOCK_INIT(?![A-Za-z0-9_])/MALLOC_LOCK_INIT_/g;
s/(?<![A-Za-z0-9_])_MALLOC_UNLOCK(?![A-Za-z0-9_])/MALLOC_UNLOCK_/g;
s/(?<![A-Za-z0-9_])_microdesc_eq(?![A-Za-z0-9_])/microdesc_eq_/g;
s/(?<![A-Za-z0-9_])_microdesc_hash(?![A-Za-z0-9_])/microdesc_hash_/g;
s/(?<![A-Za-z0-9_])_MIN_TOR_TLS_ERROR_VAL(?![A-Za-z0-9_])/MIN_TOR_TLS_ERROR_VAL_/g;
s/(?<![A-Za-z0-9_])_mm_free(?![A-Za-z0-9_])/mm_free_/g;
s/(?<![A-Za-z0-9_])_NIL(?![A-Za-z0-9_])/NIL_/g;
s/(?<![A-Za-z0-9_])_n_openssl_mutexes(?![A-Za-z0-9_])/n_openssl_mutexes_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_create_cb(?![A-Za-z0-9_])/openssl_dynlock_create_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_destroy_cb(?![A-Za-z0-9_])/openssl_dynlock_destroy_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_lock_cb(?![A-Za-z0-9_])/openssl_dynlock_lock_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_locking_cb(?![A-Za-z0-9_])/openssl_locking_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_mutexes(?![A-Za-z0-9_])/openssl_mutexes_/g;
s/(?<![A-Za-z0-9_])_option_abbrevs(?![A-Za-z0-9_])/option_abbrevs_/g;
s/(?<![A-Za-z0-9_])_option_vars(?![A-Za-z0-9_])/option_vars_/g;
s/(?<![A-Za-z0-9_])_OR_CONN_STATE_MAX(?![A-Za-z0-9_])/OR_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_OR_CONN_STATE_MIN(?![A-Za-z0-9_])/OR_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_OutboundBindAddressIPv4(?![A-Za-z0-9_])/OutboundBindAddressIPv4_/g;
s/(?<![A-Za-z0-9_])_OutboundBindAddressIPv6(?![A-Za-z0-9_])/OutboundBindAddressIPv6_/g;
s/(?<![A-Za-z0-9_])_PDS_PREFER_TUNNELED_DIR_CONNS(?![A-Za-z0-9_])/PDS_PREFER_TUNNELED_DIR_CONNS_/g;
s/(?<![A-Za-z0-9_])_port(?![A-Za-z0-9_])/port_/g;
s/(?<![A-Za-z0-9_])__progname(?![A-Za-z0-9_])/_progname_/g;
s/(?<![A-Za-z0-9_])_PublishServerDescriptor(?![A-Za-z0-9_])/PublishServerDescriptor_/g;
s/(?<![A-Za-z0-9_])_remove_old_client_helper(?![A-Za-z0-9_])/remove_old_client_helper_/g;
s/(?<![A-Za-z0-9_])_rend_cache_entry_free(?![A-Za-z0-9_])/rend_cache_entry_free_/g;
s/(?<![A-Za-z0-9_])_routerlist_find_elt(?![A-Za-z0-9_])/routerlist_find_elt_/g;
s/(?<![A-Za-z0-9_])_SafeLogging(?![A-Za-z0-9_])/SafeLogging_/g;
s/(?<![A-Za-z0-9_])_SHORT_FILE_(?![A-Za-z0-9_])/SHORT_FILE__/g;
s/(?<![A-Za-z0-9_])_state_abbrevs(?![A-Za-z0-9_])/state_abbrevs_/g;
s/(?<![A-Za-z0-9_])_state_vars(?![A-Za-z0-9_])/state_vars_/g;
s/(?<![A-Za-z0-9_])_t(?![A-Za-z0-9_])/t_/g;
s/(?<![A-Za-z0-9_])_t32(?![A-Za-z0-9_])/t32_/g;
s/(?<![A-Za-z0-9_])_test_op_ip6(?![A-Za-z0-9_])/test_op_ip6_/g;
s/(?<![A-Za-z0-9_])_thread1_name(?![A-Za-z0-9_])/thread1_name_/g;
s/(?<![A-Za-z0-9_])_thread2_name(?![A-Za-z0-9_])/thread2_name_/g;
s/(?<![A-Za-z0-9_])_thread_test_func(?![A-Za-z0-9_])/thread_test_func_/g;
s/(?<![A-Za-z0-9_])_thread_test_mutex(?![A-Za-z0-9_])/thread_test_mutex_/g;
s/(?<![A-Za-z0-9_])_thread_test_start1(?![A-Za-z0-9_])/thread_test_start1_/g;
s/(?<![A-Za-z0-9_])_thread_test_start2(?![A-Za-z0-9_])/thread_test_start2_/g;
s/(?<![A-Za-z0-9_])_thread_test_strmap(?![A-Za-z0-9_])/thread_test_strmap_/g;
s/(?<![A-Za-z0-9_])_tor_calloc(?![A-Za-z0-9_])/tor_calloc_/g;
s/(?<![A-Za-z0-9_])_TOR_CHANNEL_INTERNAL(?![A-Za-z0-9_])/TOR_CHANNEL_INTERNAL_/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_EWMA_C(?![A-Za-z0-9_])/TOR_CIRCUITMUX_EWMA_C_/g;
s/(?<![A-Za-z0-9_])_tor_free(?![A-Za-z0-9_])/tor_free_/g;
s/(?<![A-Za-z0-9_])_tor_malloc(?![A-Za-z0-9_])/tor_malloc_/g;
s/(?<![A-Za-z0-9_])_tor_malloc_zero(?![A-Za-z0-9_])/tor_malloc_zero_/g;
s/(?<![A-Za-z0-9_])_tor_memdup(?![A-Za-z0-9_])/tor_memdup_/g;
s/(?<![A-Za-z0-9_])_tor_realloc(?![A-Za-z0-9_])/tor_realloc_/g;
s/(?<![A-Za-z0-9_])_tor_strdup(?![A-Za-z0-9_])/tor_strdup_/g;
s/(?<![A-Za-z0-9_])_tor_strndup(?![A-Za-z0-9_])/tor_strndup_/g;
s/(?<![A-Za-z0-9_])_TOR_TLS_SYSCALL(?![A-Za-z0-9_])/TOR_TLS_SYSCALL_/g;
s/(?<![A-Za-z0-9_])_TOR_TLS_ZERORETURN(?![A-Za-z0-9_])/TOR_TLS_ZERORETURN_/g;
s/(?<![A-Za-z0-9_])__USE_ISOC99(?![A-Za-z0-9_])/_USE_ISOC99_/g;
s/(?<![A-Za-z0-9_])_UsingTestNetworkDefaults(?![A-Za-z0-9_])/UsingTestNetworkDefaults_/g;
s/(?<![A-Za-z0-9_])_val(?![A-Za-z0-9_])/val_/g;
s/(?<![A-Za-z0-9_])_void_for_alignment(?![A-Za-z0-9_])/void_for_alignment_/g;

==============================
2012-10-12 12:22:13 -04:00
Nick Mathewson
feabf4148f Drop support for openssl 0.9.7
097 hasn't seen a new version since 2007; we can drop support too.

This lets us remove our built-in sha256 implementation, and some
checks for old bugs.
2012-09-12 19:25:58 -04:00
Nick Mathewson
e3a130a7eb Don't log about Libevent/OpenSSL initialization when all's well
OTOH, log the Libevent and OpenSSL versions on the first line when
we're starting Tor.
2012-09-06 11:31:22 -04:00
Nick Mathewson
37ef4f1689 Change smartlist_create->smartlist_new in bug4744 branch as merged to master 2012-06-13 12:16:02 -04:00
Nick Mathewson
aa1fc73e33 Merge branch 'bug4744_squashed' 2012-06-13 12:09:13 -04:00
Nick Mathewson
df6bd478ee Implement the client side of proposal 198
This is a feature removal: we no longer fake any ciphersuite other
than the not-really-standard SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
(0xfeff).  This change will let servers rely on our actually
supporting what we claim to support, and thereby let Tor migrate to
better TLS ciphersuites.

As a drawback, Tor instances that use old openssl versions and
openssl builds with ciphers disabled will no longer give the
"firefox" cipher list.
2012-06-13 12:06:28 -04:00
Nick Mathewson
667a12b471 Merge remote-tracking branch 'public/bug4592' 2012-06-11 10:34:48 -04:00
Nick Mathewson
913067f788 Resolve about 24 DOCDOCs 2012-06-05 00:17:54 -04:00
Nick Mathewson
0fa107a6aa Update copyright dates to 2012; add a few missing copyright statements 2012-06-04 20:58:17 -04:00
Nick Mathewson
173b18c79b Add about 60 more DOCDOC comments to 0.2.3
Also, try to resolve some doxygen issues.  First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
2012-06-04 19:59:08 -04:00
Nick Mathewson
361260ff8f Resolve some markup complaints from doxygen 2012-06-04 19:56:33 -04:00
Nick Mathewson
329e1c65d3 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-06-04 11:36:33 -04:00
Nick Mathewson
841a8d551a Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 support
It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it
decides to renegotiate, the client will send a record with version "1.0"
rather than with the current TLS version.  This would cause the
connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor
handshake was in use.

As a workaround, disable TLS 1.1 and TLS 1.2.  When a later version of
OpenSSL is released, we can make this conditional on running a fixed
version of OpenSSL.

Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client
side.  But doing it this way for now means that we not only fix TLS with
patched clients; we also fix TLS when the server has this patch and the
client does not.  That could be important to keep the network running
well.

Fixes bug 6033.
2012-06-02 20:09:05 -04:00
Nick Mathewson
e3243ad5f6 Treat SW_SERVER_HELLO_B as another sign of an SSL handshake
We've been only treating SW_SERVER_HELLO_A as meaning that an SSL
handshake was happening.  But that's not right: if the initial
attempt to write a ServerHello fails, we would get a callback in
state SW_SERVER_HELLO_B instead.

(That's "instead" and not "in addition": any failed attempt to write
the hello will fail and cause the info callback not to get written.)

Fix for bug 4592; bugfix on 0.2.0.13-alpha.
2012-05-15 11:15:43 -04:00
Nick Mathewson
21e3261914 Bump _WIN32_WINNT to 0x0501 throughout the code
This tells the windows headers to give us definitions that didn't
exist before XP -- like the ones that we need for IPv6 support.

See bug #5861.  We didn't run into this issue with mingw, since
mingw doesn't respect _WIN32_WINNT as well as it should for some of
its definitions.
2012-05-14 13:46:37 -04:00
Nick Mathewson
9ffccb3f49 Remove all instances of WIN32_WINNT (without leading _)
We started adding it in 59e2c77824 back in 2004, 8 years and 3
days ago.  It's time to deprogram ourselves from this cargo cult.
2012-05-14 13:36:52 -04:00
Nick Mathewson
62f8e3926d Merge remote-tracking branch 'public/bug4591' 2012-05-10 15:55:12 -04:00
Nick Mathewson
f0212197cc Only disable cert chaining on the first TLS handshake
If the client uses a v2 cipherlist on the renegotiation handshake,
it looks as if they could fail to get a good cert chain from the
server, since they server would re-disable certificate chaining.

This patch makes it so the code that make the server side of the
first v2 handshake special can get called only once.

Fix for 4591; bugfix on 0.2.0.20-rc.
2012-04-27 12:13:56 -04:00
Nick Mathewson
8855b2a90c Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/tortls.c

Conflict on comment near use of the new OPENSSL_V macro
2012-02-10 10:56:37 -05:00
Nick Mathewson
2da0efb547 Use correct CVE number for CVE-2011-4576. Found by fermenthor. bug 5066 2012-02-10 10:55:39 -05:00
Nick Mathewson
5cf9167f91 Use the standard _WIN32, not the Torism MS_WINDOWS or deprecated WIN32
This commit is completely mechanical; I used this perl script to make it:

 #!/usr/bin/perl -w -i.bak -p

 if (/^\s*\#/) {
     s/MS_WINDOWS/_WIN32/g;
     s/\bWIN32\b/_WIN32/g;
 }
2012-01-31 15:48:47 -05:00
Nick Mathewson
26e789fbfd Rename nonconformant identifiers.
Fixes bug 4893.

These changes are pure mechanical, and were generated with this
perl script:

  /usr/bin/perl -w -i.bak -p

  s/crypto_pk_env_t/crypto_pk_t/g;
  s/crypto_dh_env_t/crypto_dh_t/g;
  s/crypto_cipher_env_t/crypto_cipher_t/g;
  s/crypto_digest_env_t/crypto_digest_t/g;

  s/aes_free_cipher/aes_cipher_free/g;
  s/crypto_free_cipher_env/crypto_cipher_free/g;
  s/crypto_free_digest_env/crypto_digest_free/g;
  s/crypto_free_pk_env/crypto_pk_free/g;

  s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
  s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
  s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
  s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;

  s/crypto_new_cipher_env/crypto_cipher_new/g;
  s/crypto_new_digest_env/crypto_digest_new/g;
  s/crypto_new_digest256_env/crypto_digest256_new/g;
  s/crypto_new_pk_env/crypto_pk_new/g;

  s/crypto_create_crypto_env/crypto_cipher_new/g;

  s/connection_create_listener/connection_listener_new/g;
  s/smartlist_create/smartlist_new/g;
  s/transport_create/transport_new/g;
2012-01-18 15:53:30 -05:00
Nick Mathewson
411cf8f714 Make openssl 0.9.8l log message accurate
fixes 4837
2012-01-11 15:41:46 -05:00
Nick Mathewson
f371816209 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-11 11:07:37 -05:00
Nick Mathewson
0126150c2d Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2012-01-11 11:07:13 -05:00
Nick Mathewson
8d5c0e58ea Fix a compilation warning for our bug4822 fix on 64-bit linux 2012-01-11 11:06:31 -05:00
Nick Mathewson
85c7d7659e Add macros to construct openssl version numbers
It's a pain to convert 0x0090813f to and from 0.9.8s-release on the
fly, so these macros should help.
2012-01-10 10:40:30 -05:00
Nick Mathewson
1e5d66997b Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-09 16:40:42 -05:00
Nick Mathewson
c78a314e95 Fix comment about TLSv1_method() per comments by wanoskarnet 2012-01-09 16:40:21 -05:00
Roger Dingledine
ecdea4eeaf Merge branch 'maint-0.2.2' 2012-01-08 12:17:16 -05:00
Roger Dingledine
1416dd47a9 add a note from wanoskarnet
he disagrees about what the code that we decided not to use would do
2012-01-08 09:03:03 -05:00
Emile Snyder
d7eaa4b396 Change to use SSL_state_string_long() instead of homebrew ssl_state_to_string() function. 2012-01-06 05:31:34 -08:00
Nick Mathewson
ef69f2f2ab Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-05 14:17:44 -05:00
Nick Mathewson
ccd8289958 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2012-01-05 14:16:30 -05:00
Robert Ransom
4752b34879 Log at info level when disabling SSLv3 2012-01-05 12:28:56 -05:00