Nick Mathewson
021ff31ba6
Revert "Get rid of tor_tls_block_renegotiation()."
...
This reverts commit 340809dd22
2011-12-06 19:49:21 -05:00
Nick Mathewson
616b60cef3
Revert "Use callback-driven approach to block renegotiations."
...
This reverts commit 406ae1ba5a
2011-12-06 19:49:20 -05:00
Nick Mathewson
df1f72329a
Revert "Refactor tor_event_base_once to do what we actually want"
...
This reverts commit 7920ea55b8
2011-12-06 19:49:20 -05:00
Nick Mathewson
3a17a1a62f
Revert "Avoid a double-mark in connection_or_close_connection_cb"
...
This reverts commit 633071eb3b
2011-12-06 19:49:20 -05:00
Nick Mathewson
135a5102a3
Revert "Make pending libevent actions cancelable"
...
This reverts commit aba25a6939
2011-12-06 19:49:20 -05:00
Nick Mathewson
50fd99d7ef
Revert "Set renegotiation callbacks immediately on tls inititation"
...
This reverts commit e27a26d568
2011-12-06 19:49:19 -05:00
Nick Mathewson
682a85ff7c
Don't just tell the controller "foo" on id mismatch
...
Fixes bug 4169; bugfix on 0.2.1.1-alpha.
2011-12-02 16:27:33 -05:00
Linus Nordberg
2376a6ade4
Merge node_get_{prim,pref,pref_ipv6}_addr with their _orport counterparts.
...
This keeps the IP address and TCP for a given OR port together,
reducing the risk of using an address for one address family with a
port of another.
Make node_get_addr() a wrapper function for compatibility.
2011-11-30 11:55:46 -05:00
Linus Nordberg
529820f8ba
Use correct address family where necessary for bridges on IPv6.
2011-11-30 11:55:46 -05:00
Linus Nordberg
f89c619679
Use the preferred address and port when initiating a connection.
...
This is not as conservative as we could do it, f.ex. by looking at the
connection and only do this for connections to bridges. A non-bridge
should never have anything else than its primary IPv4 address set
though, so I think this is safe.
2011-11-30 11:55:46 -05:00
Linus Nordberg
7b02d1a73e
Clarify function documentation.
2011-11-30 11:55:45 -05:00
Nick Mathewson
8bb23c7def
Merge branch 'bug4587_v2'
2011-11-29 19:15:40 -05:00
Nick Mathewson
e27a26d568
Set renegotiation callbacks immediately on tls inititation
...
This way, we can't miss a renegotiation attempt in a v2 handshake,
or miss excess renegotiation attempts. Partial fix for bug 4587.
2011-11-29 19:10:19 -05:00
Nick Mathewson
aba25a6939
Make pending libevent actions cancelable
...
This avoids a dangling pointer issue in the 3412 code, and should
fix bug 4599.
2011-11-29 17:08:29 -05:00
Nick Mathewson
633071eb3b
Avoid a double-mark in connection_or_close_connection_cb
2011-11-25 17:21:11 -05:00
Nick Mathewson
7920ea55b8
Refactor tor_event_base_once to do what we actually want
...
This version avoids the timeout system entirely, gives a nicer
interface, and lets us manage allocation explicitly.
2011-11-25 17:18:54 -05:00
Nick Mathewson
e5f2f10844
Merge remote-tracking branch 'asn/bug4312'
2011-11-25 17:00:47 -05:00
Nick Mathewson
0539c34c35
Merge branch 'bug4360'
2011-11-21 10:48:02 -05:00
Sebastian Hahn
688b53059e
Don't fail to send netinfo if real_addr is unset
...
If we haven't set real_addr on a connection, we also now that _base.addr
hasn't been tampered with. So we can use that.
2011-11-16 16:05:46 +01:00
Nick Mathewson
3ef40f6993
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-11-15 11:42:38 -05:00
Nick Mathewson
5bea660f8e
Use real_addr in send_netinfo
...
Reported by "troll_un"; bugfix on 0.2.0.10-alpha; fixes bug 4349.
2011-11-14 22:43:40 -05:00
George Kadianakis
406ae1ba5a
Use callback-driven approach to block renegotiations.
...
Also use this new approach in the bufferevents-enabled case.
2011-11-13 14:47:11 +01:00
Roger Dingledine
be1f3a5eb5
normalize the name of the CERTS cell
2011-10-31 04:33:38 -04:00
Roger Dingledine
eeb6588389
bridges send netinfo cells like clients on outgoing conns
...
fixes bug 4348
2011-10-29 21:43:23 -04:00
Sebastian Hahn
2dec6597af
Merge branch 'maint-0.2.2_secfix' into master_secfix
...
Conflicts:
src/common/tortls.c
src/or/connection_or.c
src/or/dirserv.c
src/or/or.h
2011-10-27 00:38:45 +02:00
Sebastian Hahn
df05e5ef4d
Merge branch 'maint-0.2.1_secfix' into maint-0.2.2_secfix
...
Conflicts:
src/or/connection_or.c
2011-10-26 23:30:27 +02:00
Robert Ransom
c05bb53508
Mark which OR connections are outgoing
2011-10-26 23:21:11 +02:00
Robert Ransom
af12c39d6d
Don't use any OR connection which sent us a CREATE_FAST cell for an EXTEND
...
Fix suggested by Nick Mathewson.
2011-10-26 23:20:56 +02:00
Nick Mathewson
2a2301e411
Rename get_client_identity_key to get_tlsclient_identity_key
2011-10-26 14:16:34 +02:00
Robert Ransom
59e565e2a2
Maintain separate server and client identity keys when appropriate.
...
Fixes a bug described in ticket #988 .
Conflicts:
src/or/main.c
src/or/router.c
2011-10-26 14:16:20 +02:00
George Kadianakis
340809dd22
Get rid of tor_tls_block_renegotiation().
...
Since we check for naughty renegotiations using
tor_tls_t.server_handshake_count we don't need that semi-broken
function (at least till there is a way to disable rfc5746
renegotiations too).
2011-10-26 13:16:14 +02:00
Nick Mathewson
69921837a7
Fix a bunch of whitespace errors
2011-10-11 11:30:01 -04:00
Sebastian Hahn
35fe4825fc
Quiet two notices, and spelling mistake cleanup
2011-10-10 23:14:31 -04:00
Sebastian Hahn
66200320ff
Fix a few 64bit compiler warnings
2011-10-10 23:14:31 -04:00
Nick Mathewson
1bd65680bd
Add more log statements for protocol/internal failures
2011-10-10 23:14:31 -04:00
Nick Mathewson
e56d7a3809
Give tor_cert_get_id_digests() fail-fast behavior
...
Right now we can take the digests only of an RSA key, and only expect to
take the digests of an RSA key. The old tor_cert_get_id_digests() would
return a good set of digests for an RSA key, and an all-zero one for a
non-RSA key. This behavior is too error-prone: it carries the risk that
we will someday check two non-RSA keys for equality and conclude that
they must be equal because they both have the same (zero) "digest".
Instead, let's have tor_cert_get_id_digests() return NULL for keys we
can't handle, and make its callers explicitly test for NULL.
2011-10-10 23:14:31 -04:00
Nick Mathewson
7aadae606b
Make sure we stop putting cells into our hash at the right time.
2011-10-10 23:14:30 -04:00
Nick Mathewson
41b250d7ea
Bugfixes for authenticate handling and generation
2011-10-10 23:14:30 -04:00
Nick Mathewson
f726c67dd4
more verbose log for recording an odd cell
2011-10-10 23:14:30 -04:00
Nick Mathewson
40f343e176
Actually accept cells in SERVER_RENEGOTIATING
2011-10-10 23:14:29 -04:00
Nick Mathewson
7935c4bdfa
Allow "finished flushing" during v3 handshake
2011-10-10 23:14:29 -04:00
Nick Mathewson
83bb9742b5
Hook up all of the prop176 code; allow v3 negotiations to actually work
2011-10-10 23:14:18 -04:00
Nick Mathewson
3f22ec179c
New functions to record digests of cells during v3 handshake
...
Also, free all of the new fields in or_handshake_state_t
2011-10-10 23:14:17 -04:00
Nick Mathewson
6c7f28454e
Implement cert/auth cell reading
2011-10-10 23:14:17 -04:00
Nick Mathewson
81024f43ec
Basic function to write authenticate cells
...
Also, tweak the cert cell code to send auth certs
2011-10-10 23:14:16 -04:00
Nick Mathewson
df78daa5da
Functions to send cert and auth_challenge cells.
2011-10-10 23:14:10 -04:00
Nick Mathewson
1b0645acba
Cell types and states for new OR handshake
...
Also, define all commands > 128 as variable-length when using
v3 or later link protocol. Running into a var cell with an
unrecognized type is no longer a bug.
2011-10-10 23:14:09 -04:00
Nick Mathewson
41dfc4c19c
Make bufferevents work with TokenBucketRefillInterval
2011-09-22 15:07:34 -04:00
Nick Mathewson
59d0f750c9
Apply rate-limiting to the lowest bufferevent in the stack.
...
When we're doing filtering ssl bufferevents, we want the rate-limits
to apply to the lowest level of the bufferevent stack, so that we're
actually limiting bytes sent on the network. Otherwise, we'll read
from the network aggressively, and only limit stuff as we process it.
2011-08-24 17:31:32 -04:00
Sebastian Hahn
2d0b56a505
Fix a compile warning on OS X 10.6
2011-07-15 23:12:43 +02:00
