Nick Mathewson
6bfb31ff56
Generate certificates that enable v3 handshake
2011-10-10 23:14:29 -04:00
Nick Mathewson
7935c4bdfa
Allow "finished flushing" during v3 handshake
2011-10-10 23:14:29 -04:00
Nick Mathewson
83bb9742b5
Hook up all of the prop176 code; allow v3 negotiations to actually work
2011-10-10 23:14:18 -04:00
Nick Mathewson
445f947890
Remove a no-longer-relevant comment
2011-10-10 23:14:17 -04:00
Nick Mathewson
9a77ebc794
Make tor_tls_cert_is_valid check key lengths
2011-10-10 23:14:17 -04:00
Nick Mathewson
3f22ec179c
New functions to record digests of cells during v3 handshake
...
Also, free all of the new fields in or_handshake_state_t
2011-10-10 23:14:17 -04:00
Nick Mathewson
6c7f28454e
Implement cert/auth cell reading
2011-10-10 23:14:17 -04:00
Nick Mathewson
81024f43ec
Basic function to write authenticate cells
...
Also, tweak the cert cell code to send auth certs
2011-10-10 23:14:16 -04:00
Nick Mathewson
e48e47fa03
Function to return peer cert as tor_tls_cert
2011-10-10 23:14:16 -04:00
Nick Mathewson
a6fc5059cd
Add AUTH keys as specified in proposal 176
...
Our keys and x.509 certs are proliferating here. Previously we had:
An ID cert (using the main ID key), self-signed
A link cert (using a shorter-term link key), signed by the ID key
Once proposal 176 and 179 are done, we will also have:
Optionally, a presentation cert (using the link key),
signed by whomever.
An authentication cert (using a shorter-term ID key), signed by
the ID key.
These new keys are managed as part of the tls context infrastructure,
since you want to rotate them under exactly the same circumstances,
and since they need X509 certificates.
2011-10-10 23:14:16 -04:00
Nick Mathewson
0a4f562772
Functions to get a public RSA key from a cert
2011-10-10 23:14:16 -04:00
Nick Mathewson
92602345e0
Function to detect certificate types that signal v3 certificates
2011-10-10 23:14:10 -04:00
Nick Mathewson
8c9fdecfe9
Function to get digests of the certs and their keys
2011-10-10 23:14:10 -04:00
Nick Mathewson
f4c1fa2a04
More functions to manipulate certs received in cells
2011-10-10 23:14:10 -04:00
Nick Mathewson
c39688de6c
Function to extract the TLSSECRETS field for v3 handshakes
2011-10-10 23:14:10 -04:00
Nick Mathewson
df78daa5da
Functions to send cert and auth_challenge cells.
2011-10-10 23:14:10 -04:00
Nick Mathewson
1b0645acba
Cell types and states for new OR handshake
...
Also, define all commands > 128 as variable-length when using
v3 or later link protocol. Running into a var cell with an
unrecognized type is no longer a bug.
2011-10-10 23:14:09 -04:00
Nick Mathewson
fdbb9cdf74
Add a sha256 hmac function, with tests
2011-10-10 23:14:09 -04:00
Nick Mathewson
c0bbcf138f
Turn X509 certificates into a first-class type and add some functions
2011-10-10 23:14:02 -04:00
Nick Mathewson
dcf69a9e12
New function to get all digests of a public key
2011-10-10 23:14:02 -04:00
Nick Mathewson
bc2d9357f5
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-10-10 22:50:52 -04:00
Nick Mathewson
b5edc838f2
Merge remote-tracking branch 'sebastian/osxcompile'
2011-10-10 22:03:20 -04:00
Sebastian Hahn
b4bd836f46
Consider hibernation before dropping privs
...
Without this patch, Tor wasn't sure whether it would be hibernating or
not, so it postponed opening listeners until after the privs had been
dropped. This doesn't work so well for low ports. Bug was introduced in
the fix for bug 2003. Fixes bug 4217, reported by Zax and katmagic.
Thanks!
2011-10-11 02:42:12 +02:00
Sebastian Hahn
cce85c819b
Fix a compile warning on OS X 10.6 and up
2011-10-11 02:25:00 +02:00
Nick Mathewson
6a673ad313
Add a missing comma in tor_check_port_forwarding
...
My fault; fix for bug 4213.
2011-10-10 11:42:05 -04:00
Robert Ransom
9648f034c0
Update documentation comment for rend_client_reextend_intro_circuit
...
One of its callers assumes a non-zero result indicates a permanent failure
(i.e. the current attempt to connect to this HS either has failed or is
doomed). The other caller only requires that this function's result
never equal -2.
Bug reported by Sebastian Hahn.
2011-10-10 05:33:53 -07:00
Robert Ransom
274b25de12
Don't launch a useless circuit in rend_client_reextend_intro_circuit
...
Fixes bug 4212. Bug reported by katmagic and found by Sebastian.
2011-10-10 03:05:19 -07:00
Nick Mathewson
19f1d3e331
Merge remote-tracking branch 'origin/maint-0.2.2'
...
This merge is here to take a commit (feature 3951) that we already
have in master, so use "merge -s ours"
2011-10-07 16:49:59 -04:00
Nick Mathewson
f37d24c550
Note ticket and source version for feature3951 in changes file
2011-10-07 16:47:43 -04:00
Nick Mathewson
ca597efb22
Merge remote-tracking branch 'karsten/feature3951' into maint-0.2.2
2011-10-07 16:46:50 -04:00
Nick Mathewson
1ec22eac4b
Merge remote-tracking branch 'public/bug2003_nm'
2011-10-07 16:43:45 -04:00
Nick Mathewson
8b0ee60fe7
reinstate a notice for the non-loopback socksport case
...
Thanks to prop171, it's no longer a crazy thing to do, but you should
make sure that you really meant it!
2011-10-07 16:34:21 -04:00
Nick Mathewson
b49fcc6cf2
Merge remote-tracking branch 'rransom-tor/bug4018'
2011-10-07 16:32:04 -04:00
Nick Mathewson
e8ed465776
Merge remote-tracking branch 'public/bug2430'
2011-10-07 16:28:32 -04:00
Nick Mathewson
ed39621a9d
Merge remote-tracking branch 'asn2/bug3656'
...
Conflicts:
src/common/util.c
src/common/util.h
src/or/config.h
src/or/main.c
src/test/test_util.c
2011-10-07 16:05:13 -04:00
Nick Mathewson
98e5c63eb2
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-10-07 12:20:08 -04:00
warms0x
6d027a3823
Avoid running DNS self-tests if we're operating as a bridge
2011-10-07 12:18:26 -04:00
George Kadianakis
1174bb95ce
Revive our beautiful unit tests.
...
They broke when the PT_PROTO_INFANT proxy state was added.
2011-10-07 15:44:58 +02:00
George Kadianakis
3be9d76fa2
Make it compile on Windows™.
2011-10-07 15:44:44 +02:00
George Kadianakis
105cc42e96
Support multiple transports in a single transport line.
...
Support multiple comma-separated transpotrs in a single
{Client,Server}TransportPlugin line.
2011-10-07 14:13:41 +02:00
Nick Mathewson
246afc1b1b
Make internal error check for unrecognized digest algorithm more robust
...
Fixes Coverity CID 479.
2011-10-06 14:13:09 -04:00
Nick Mathewson
2412e0e402
Check return of init_keys() ip_address_changed: fix Coverity CID 484
2011-10-06 14:13:09 -04:00
Karsten Loesing
9dfb884522
Turn on directory request statistics by default.
...
Change the default values for collecting directory request statistics and
inlcuding them in extra-info descriptors to 1.
Don't break if we are configured to collect directory request or entry
statistics and don't have a GeoIP database. Instead, print out a notice
and skip initializing the affected statistics code.
This is the cherry-picked 499661524b
.
2011-10-05 08:03:31 +02:00
Nick Mathewson
2725a88d5e
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-10-03 15:19:00 -04:00
Nick Mathewson
05f672c8c2
Fix compilation of 3335 and 3825 fixes
...
In master, they ran into problems with the edge_conn/entry_conn split.
2011-10-03 15:13:38 -04:00
Nick Mathewson
4aa4bce474
Merge remote-tracking branch 'rransom-tor/bug3335-v2'
...
Conflicts:
src/or/connection_edge.c
src/or/rendclient.c
2011-10-03 15:06:07 -04:00
Nick Mathewson
a7f93b509c
Add changes file for bug 4094
2011-10-03 12:58:07 -04:00
Fabian Keil
13f0d22df0
Rephrase the log messages emitted if the TestSocks check is positive
...
Previously Tor would always claim to have been given a hostname
by the client, while actually only verifying that the client
is using SOCKS4A or SOCKS5 with hostnames. Both protocol versions
allow IP addresses, too, in which case the log messages were wrong.
Fixes #4094 .
2011-10-03 12:56:46 -04:00
Robert Ransom
c5226bfe1c
Remove an HS's last_hid_serv_requests entries when a conn. attempt ends
2011-10-02 16:19:36 -07:00
Robert Ransom
bcfc383dc9
Record the HS's address in last_hid_serv_request keys
2011-10-02 16:19:35 -07:00