Previously, tor-gencert would call RSA_generate_key() directly.
This won't work on Android, which removes the (deprecated since
OpenSSL 0.9.8) function. We can't call RSA_generate_key_ex()
unconditionally either, since that didn't exist before 0.9.8.
Instead, we must call our own crypto_pk_generate_key_with_bits,
which knows how to call RSA_generate_key or RSA_generate_key_ex as
appropriate.
[Based on patch by Nathan Freitas]
Apparently the Android developers dumped OpenSSL's support for hardware
acceleration in order to save some memory, so you can't build programs using
engines on Android.
[Patch revised by nickm]
This shouldn't be necessary, but apparently the Android cross-compiler
doesn't respect -I as well as it should. (-I is supposed to add to the
*front* of the search path. Android's gcc wrapper apparently likes to add to
the end. This is broken, but we need to work around it.)
Found by coverity
test_mem_op_hex was leaking memory, which showed up in a few
tests.
Also, the dir_param test had a memleak of its own.
Found by Coverity
- Avoid memmoving 0 bytes which might lead to compiler warnings.
- Don't require relays to be entry node AND bridge at the same to time to
record clients.
- Fix a memory leak when writing dirreq-stats.
- Don't say in the stats files that measurement intervals are twice as long
as they really are.
- Reduce minimum observation time for requests to 12 hours, or we might
never record usage.
- Clear exit stats correctly after writing them, or we accumulate old stats
over time.
- Reset interval start for buffer stats, too.
The big change is to add a function to display the current SSL handshake
state, and to log it everywhere reasonable. (A failure in
SSL23_ST_CR_SRVR_HELLO_A is different from one in
SSL3_ST_CR_SESSION_TICKET_A.)
This patch also adds a new log domain for OR handshaking, so you can pull out
all the handshake log messages without having to run at debug for everything.
For example, you'd just say "log notice-err [handshake]debug-err file
tor.log".
This was the only log notice that happened during other
tor invocations, like --verify-config and --list-fingerprint.
Plus, now we think it works, so no need to hear about it.
* debian-merge:
New upstream version
finishing touches on the changelog
bump to 0.2.2.3-alpha, plus add a changelog for bug 1103
Be more robust to bad circwindow values
Fix Bug 1103.
Bump version to 0.2.2.2-alpha-dev
* commit 'tor-0.2.2.3-alpha':
finishing touches on the changelog
bump to 0.2.2.3-alpha, plus add a changelog for bug 1103
Be more robust to bad circwindow values
Fix Bug 1103.
Bump version to 0.2.2.2-alpha-dev
"Tinytest" is a minimalist C unit testing framework I wrote for
Libevent. It supports some generally useful features, like being able
to run separate unit tests in their own processes.
I tried to do the refactoring to change test.c as little as possible.
Thus, we mostly don't call the tinytest macros directly. Instead, the
test.h header is now a wrapper on tinytest.h to make our existing
test_foo() macros work.
The next step(s) here will be:
- To break test.c into separate files, each with its own test group.
- To look into which things we can test
- To refactor the more fiddly tests to use the tinytest macros
directly and/or run forked.
- To see about writing unit tests for things we couldn't previously
test without forking.
If the networkstatus consensus tells us that we should use a
negative circuit package window, ignore it. Otherwise we'll
believe it and then trigger an assert.
Also, change the interface for networkstatus_get_param() so we
don't have to lookup the consensus beforehand.
If we have a debian/micro-revision.i, replace the one in src/or
with our copy so that this will be the revision that ends up in
the binary. This is an informational only version string, but
it'd be kinda nice if it was (more) accurate nonetheless.
Of course this won't help if people manually patch around but
it's still preferable to claiming we are exactly upstream's source.
If we are building directly out of a git tree, update
debian/micro-revision.i in the clean target.
The files src/common/common_sha1.i src/or/or_sha1.i get changed during
the build - they contain the checksums of the individual files that end
up in the binary. Of couse changes only end up in the debian diff.gz
after building a second time in the same directory. So, remove those
files in clean to get both a cleaner diff.gz and idempotent builds.
* debian-merge: (95 commits)
New upstream version: 0.2.2.2-alpha
downgrade a log severity, since this event has been known
Update to the "September 4 2009" ip-to-country file.
bump to 0.2.2.2-alpha
Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
fix grammar / add changelog for the torify commit
Fix compile on Snow Leopard
Fix build warnings on OSX 10.5.8
Change the condition on the nonlive timeout counting.
Add a couple of time helper functions.
Fix typos and comments, plus two bugs
Implement and document new network liveness algorithm.
Fix some precision-related asserts in unit tests.
replace contrib/auto-naming with a readme saying where it went
clarify our rules for assigning the Named flag
disable the end of circuitbuildtimeout units tests
draw in a lot of 0.2.1.20 changelog items into 0.2.2.2-alpha
Fix compile on freebsd
Let our config abbreviations rewrite more than once
a mish-mash of stuff in my sandbox
...
