Nick Mathewson
9ffccb3f49
Remove all instances of WIN32_WINNT (without leading _)
...
We started adding it in 59e2c77824
2012-05-14 13:36:52 -04:00
Nick Mathewson
62f8e3926d
Merge remote-tracking branch 'public/bug4591'
2012-05-10 15:55:12 -04:00
Nick Mathewson
f0212197cc
Only disable cert chaining on the first TLS handshake
...
If the client uses a v2 cipherlist on the renegotiation handshake,
it looks as if they could fail to get a good cert chain from the
server, since they server would re-disable certificate chaining.
This patch makes it so the code that make the server side of the
first v2 handshake special can get called only once.
Fix for 4591; bugfix on 0.2.0.20-rc.
2012-04-27 12:13:56 -04:00
Nick Mathewson
8855b2a90c
Merge remote-tracking branch 'origin/maint-0.2.2'
...
Conflicts:
src/common/tortls.c
Conflict on comment near use of the new OPENSSL_V macro
2012-02-10 10:56:37 -05:00
Nick Mathewson
2da0efb547
Use correct CVE number for CVE-2011-4576. Found by fermenthor. bug 5066
2012-02-10 10:55:39 -05:00
Nick Mathewson
5cf9167f91
Use the standard _WIN32, not the Torism MS_WINDOWS or deprecated WIN32
...
This commit is completely mechanical; I used this perl script to make it:
#!/usr/bin/perl -w -i.bak -p
if (/^\s*\#/) {
s/MS_WINDOWS/_WIN32/g;
s/\bWIN32\b/_WIN32/g;
}
2012-01-31 15:48:47 -05:00
Nick Mathewson
26e789fbfd
Rename nonconformant identifiers.
...
Fixes bug 4893.
These changes are pure mechanical, and were generated with this
perl script:
/usr/bin/perl -w -i.bak -p
s/crypto_pk_env_t/crypto_pk_t/g;
s/crypto_dh_env_t/crypto_dh_t/g;
s/crypto_cipher_env_t/crypto_cipher_t/g;
s/crypto_digest_env_t/crypto_digest_t/g;
s/aes_free_cipher/aes_cipher_free/g;
s/crypto_free_cipher_env/crypto_cipher_free/g;
s/crypto_free_digest_env/crypto_digest_free/g;
s/crypto_free_pk_env/crypto_pk_free/g;
s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;
s/crypto_new_cipher_env/crypto_cipher_new/g;
s/crypto_new_digest_env/crypto_digest_new/g;
s/crypto_new_digest256_env/crypto_digest256_new/g;
s/crypto_new_pk_env/crypto_pk_new/g;
s/crypto_create_crypto_env/crypto_cipher_new/g;
s/connection_create_listener/connection_listener_new/g;
s/smartlist_create/smartlist_new/g;
s/transport_create/transport_new/g;
2012-01-18 15:53:30 -05:00
Nick Mathewson
411cf8f714
Make openssl 0.9.8l log message accurate
...
fixes 4837
2012-01-11 15:41:46 -05:00
Nick Mathewson
f371816209
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-01-11 11:07:37 -05:00
Nick Mathewson
0126150c2d
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
2012-01-11 11:07:13 -05:00
Nick Mathewson
8d5c0e58ea
Fix a compilation warning for our bug4822 fix on 64-bit linux
2012-01-11 11:06:31 -05:00
Nick Mathewson
85c7d7659e
Add macros to construct openssl version numbers
...
It's a pain to convert 0x0090813f to and from 0.9.8s-release on the
fly, so these macros should help.
2012-01-10 10:40:30 -05:00
Nick Mathewson
1e5d66997b
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-01-09 16:40:42 -05:00
Nick Mathewson
c78a314e95
Fix comment about TLSv1_method() per comments by wanoskarnet
2012-01-09 16:40:21 -05:00
Roger Dingledine
ecdea4eeaf
Merge branch 'maint-0.2.2'
2012-01-08 12:17:16 -05:00
Roger Dingledine
1416dd47a9
add a note from wanoskarnet
...
he disagrees about what the code that we decided not to use would do
2012-01-08 09:03:03 -05:00
Emile Snyder
d7eaa4b396
Change to use SSL_state_string_long() instead of homebrew ssl_state_to_string() function.
2012-01-06 05:31:34 -08:00
Nick Mathewson
ef69f2f2ab
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-01-05 14:17:44 -05:00
Nick Mathewson
ccd8289958
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
2012-01-05 14:16:30 -05:00
Robert Ransom
4752b34879
Log at info level when disabling SSLv3
2012-01-05 12:28:56 -05:00
Nick Mathewson
db78fe4589
Disable SSLv3 when using a not-up-to-date openssl
...
This is to address bug 4822, and CVE-2011-4576.
2012-01-05 12:28:55 -05:00
Roger Dingledine
ff03347579
note some dead code. if i'm right, should this be removed?
2012-01-05 05:37:06 -05:00
Nick Mathewson
71ecfaa52f
indent; add comment
...
This re-applies 40a87c4c0875134c6c86
2011-12-08 08:45:24 +01:00
Nick Mathewson
0ebcf345ce
Revert "Refactor the SSL_set_info_callback() callbacks."
...
This reverts commit 69a821ea1c
2011-12-06 19:49:21 -05:00
Nick Mathewson
9727d21f68
Revert "Detect renegotiation when it actually happens."
...
This reverts commit 4fd79f9def
2011-12-06 19:49:21 -05:00
Nick Mathewson
e09dd43ab3
Revert "Detect and deny excess renegotiations attempts."
...
This reverts commit ecd239e3b5
2011-12-06 19:49:21 -05:00
Nick Mathewson
021ff31ba6
Revert "Get rid of tor_tls_block_renegotiation()."
...
This reverts commit 340809dd22
2011-12-06 19:49:21 -05:00
Nick Mathewson
fa74af0cfa
Revert "Also handle needless renegotiations in SSL_write()."
...
This reverts commit e2b3527106
2011-12-06 19:49:20 -05:00
Nick Mathewson
45c46129ed
Revert "Fix issues pointed out by nickm."
...
This reverts commit e097bffaed
2011-12-06 19:49:20 -05:00
Nick Mathewson
616b60cef3
Revert "Use callback-driven approach to block renegotiations."
...
This reverts commit 406ae1ba5a
2011-12-06 19:49:20 -05:00
Nick Mathewson
df1f72329a
Revert "Refactor tor_event_base_once to do what we actually want"
...
This reverts commit 7920ea55b8
2011-12-06 19:49:20 -05:00
Nick Mathewson
17880e4c0a
Revert "Fix some wide lines in tortls.c"
...
This reverts commit e8dde3aabd
2011-12-06 19:49:20 -05:00
Nick Mathewson
acc1806eb8
Revert "Don't schedule excess_renegotiations_callback unless it's set"
...
This reverts commit 617617e21a
2011-12-06 19:49:20 -05:00
Nick Mathewson
75134c6c86
Revert "indent; add comment"
...
This reverts commit 40a87c4c08
2011-12-06 19:49:20 -05:00
Nick Mathewson
135a5102a3
Revert "Make pending libevent actions cancelable"
...
This reverts commit aba25a6939
2011-12-06 19:49:20 -05:00
Nick Mathewson
50fd99d7ef
Revert "Set renegotiation callbacks immediately on tls inititation"
...
This reverts commit e27a26d568
2011-12-06 19:49:19 -05:00
Nick Mathewson
8bb23c7def
Merge branch 'bug4587_v2'
2011-11-29 19:15:40 -05:00
Nick Mathewson
e27a26d568
Set renegotiation callbacks immediately on tls inititation
...
This way, we can't miss a renegotiation attempt in a v2 handshake,
or miss excess renegotiation attempts. Partial fix for bug 4587.
2011-11-29 19:10:19 -05:00
Nick Mathewson
aba25a6939
Make pending libevent actions cancelable
...
This avoids a dangling pointer issue in the 3412 code, and should
fix bug 4599.
2011-11-29 17:08:29 -05:00
Nick Mathewson
40a87c4c08
indent; add comment
2011-11-27 09:24:41 -05:00
Nick Mathewson
e665ec6409
Merge remote-tracking branch 'asn/bug4584'
2011-11-27 09:18:55 -05:00
Nick Mathewson
617617e21a
Don't schedule excess_renegotiations_callback unless it's set
...
Partial fix for bug 4587; reported by "frosty_un".
2011-11-27 08:21:59 -05:00
George Kadianakis
b42ff6545a
Use random bytes as our certificate serial numbers.
...
Instead of using time(NULL) in our certificate serial numbers, use
eight random bytes as suggested in proposal 179.
2011-11-27 08:20:17 +01:00
Nick Mathewson
e8dde3aabd
Fix some wide lines in tortls.c
2011-11-25 17:22:46 -05:00
Nick Mathewson
7920ea55b8
Refactor tor_event_base_once to do what we actually want
...
This version avoids the timeout system entirely, gives a nicer
interface, and lets us manage allocation explicitly.
2011-11-25 17:18:54 -05:00
Nick Mathewson
e5f2f10844
Merge remote-tracking branch 'asn/bug4312'
2011-11-25 17:00:47 -05:00
Sebastian Hahn
8200a85323
Fix a check-spaces complaint
2011-11-16 16:40:56 +01:00
Nick Mathewson
69dd993a92
Make certificate skew into a protocol warning
2011-11-15 15:57:46 -05:00
Nick Mathewson
87622e4c7e
Allow up to a 30 days future skew, 48 hours past skew in certs.
2011-11-15 15:57:41 -05:00
George Kadianakis
406ae1ba5a
Use callback-driven approach to block renegotiations.
...
Also use this new approach in the bufferevents-enabled case.
2011-11-13 14:47:11 +01:00
