Nick Mathewson
bc62f8e983
Replace sprintf with snprintf
...
svn:r2602
2004-10-27 05:53:07 +00:00
Nick Mathewson
62094ebd32
Tolerate NULL nicknames better
...
svn:r2567
2004-10-19 18:17:12 +00:00
Roger Dingledine
6d873e5743
don't assert multiple things in the same tor_assert()
...
svn:r2545
2004-10-16 22:28:11 +00:00
Nick Mathewson
1c9426d6e0
Build without warnings on mac gcc 3.3
...
svn:r2487
2004-10-14 03:18:14 +00:00
Roger Dingledine
5f4a390b33
oh, and some more in common/
...
svn:r2483
2004-10-14 02:48:57 +00:00
Roger Dingledine
f91c552af7
fix a seg fault on solaris
...
svn:r2313
2004-08-25 17:37:00 +00:00
Roger Dingledine
3aaba3b16e
tell the user what time _they_ are too, when a cert is expired
...
svn:r2114
2004-07-22 23:06:28 +00:00
Nick Mathewson
38d8e36919
Make tor_tls_new variant use alternative (certless) context
...
svn:r2096
2004-07-22 04:53:34 +00:00
Roger Dingledine
cdb98cf04a
fix our tls handshake chain cert bug
...
svn:r2086
2004-07-21 22:11:11 +00:00
Nick Mathewson
c83f0e948f
Log certificate lifetime on failure.
...
svn:r2083
2004-07-21 17:59:24 +00:00
Nick Mathewson
2d514037b7
Log number of certs in wrong-length chains
...
svn:r2078
2004-07-21 03:32:56 +00:00
Nick Mathewson
334de84cbe
Misc small code cleanups; remove exit_server_mode(); change tor_tls_verify behavior
...
svn:r2073
2004-07-21 00:44:04 +00:00
Roger Dingledine
19deb93c29
more useful warning messages
...
(fixed because the old ones confused a user)
svn:r2055
2004-07-19 19:49:03 +00:00
Nick Mathewson
7511fbf993
Resolve some XXXs
...
svn:r1889
2004-05-18 15:35:21 +00:00
Roger Dingledine
3cdf2d67da
it's amazing what a bit of punctuation can do for appearances
...
svn:r1843
2004-05-10 10:27:54 +00:00
Nick Mathewson
c0ea93337d
Doxygenate common.
...
svn:r1829
2004-05-10 03:53:24 +00:00
Nick Mathewson
af08c4f878
Working strerror for windows socket errors, plus some snide comments.
...
svn:r1775
2004-05-02 20:18:21 +00:00
Roger Dingledine
1558fb7650
some patches on the patches
...
svn:r1761
2004-05-01 23:29:20 +00:00
Nick Mathewson
908ccb9dcd
Handle windows socket errors correctly; comment most of common.
...
svn:r1756
2004-05-01 20:46:28 +00:00
Nick Mathewson
873564ea9c
Some versions of openssl have an SSL_pending function that erroneously
...
returns bytes when there is a non-application record pending.
I have no idea when/why this would even happen, but let's catch it and
make sure tor_tls_get_pending_bytes stays correct.
svn:r1727
2004-04-26 23:19:21 +00:00
Nick Mathewson
ad07c62938
Add a macro to catch unhandled openssl errors.
...
svn:r1723
2004-04-26 23:00:07 +00:00
Roger Dingledine
719bb5c0f3
log debug so nick can see it too
...
svn:r1721
2004-04-26 22:22:11 +00:00
Nick Mathewson
337f7a981f
Include strerror(errno) with tls syscall errors
...
svn:r1718
2004-04-26 18:11:58 +00:00
Nick Mathewson
b410dff6c0
Log pending TLS errors in a couple more places, in case they are possible.
...
svn:r1716
2004-04-26 16:52:47 +00:00
Nick Mathewson
0355d29e12
Call tls_log_errors at a more appropriate location; we can remove the other calls in tor_tls_verify once we are sure they never happen.
...
svn:r1709
2004-04-26 03:09:17 +00:00
Nick Mathewson
cb465160da
Very blunt debugging code: log pending errors at start and end of tor_tls_verify
...
svn:r1707
2004-04-26 02:33:12 +00:00
Roger Dingledine
37192bd25e
use tor_assert and PUBLIC_KEY_OK
...
but don't use tor_assert inside log.c, to avoid loops
svn:r1696
2004-04-25 19:59:38 +00:00
Nick Mathewson
c44016e86e
Merge flagday into main branch.
...
svn:r1683
2004-04-24 22:17:50 +00:00
Roger Dingledine
4d380ea902
quiet a -l info that should be -l debug
...
svn:r1634
2004-04-15 22:08:37 +00:00
Roger Dingledine
47488fa525
allow 90 minutes of clock skew, not 30
...
svn:r1544
2004-04-08 01:08:56 +00:00
Nick Mathewson
257d509b91
Document stuff, reduce magic numbers, add emacs magic
...
svn:r1502
2004-04-06 03:44:36 +00:00
Nick Mathewson
b3c2b62a14
Make "common" no longer depend on or.h
...
svn:r1466
2004-04-03 04:05:12 +00:00
Nick Mathewson
137b577bbd
Refactor the heck out of crypto interface: admit that we will stick with one ciphersuite at a time, make const things const, and stop putting openssl in the headers.
...
svn:r1458
2004-04-03 02:40:30 +00:00
Nick Mathewson
2da54de968
Make tor build on windows again. More work still needed
...
svn:r1247
2004-03-09 22:01:17 +00:00
Roger Dingledine
5cf0b6224b
bugfix: stop trying to write to a stderr that may not be there
...
also, tell start_daemon our desired cwd
svn:r1170
2004-02-28 23:21:29 +00:00
Roger Dingledine
c12a6f58b5
fix typo
...
svn:r1007
2004-01-20 02:14:12 +00:00
Nick Mathewson
793c65e60f
Note discrepency between N bytes transmitted over TLS and actual bandwidth use; add 2 functions to help resolve.
...
svn:r986
2004-01-13 01:19:02 +00:00
Roger Dingledine
eb730c41c8
clean tabs, trailing whitespace
...
svn:r952
2003-12-17 21:14:13 +00:00
Nick Mathewson
dd16a9abcb
Stop leaking X509 certs; those things are _nasty_ on the carpet
...
svn:r833
2003-11-18 06:52:25 +00:00
Roger Dingledine
3d19a9b514
fix a bug in handling clock skew
...
svn:r785
2003-11-11 04:08:30 +00:00
Nick Mathewson
71e5ad714b
resolve warning
...
svn:r664
2003-10-23 14:27:53 +00:00
Nick Mathewson
6b79d8a7e9
Two-pronged attack at my overzealous skew fixes.
...
The problem was that the fixes had us generating TLS certs with a
2-day lifetime on the assumption that we'd rotate fairly often. In
fact, we never rotate our TLS keys.
This patch fixes the situation in 2 ways:
1. It bumps the default lifetime back up to one year until we get
rotation in place.
2. It changes tor_tls_context_new() so that it doesn't leak memory
when you call it more than once.
svn:r663
2003-10-23 14:20:51 +00:00
Nick Mathewson
7604cfe61b
Clock skew fixes.
...
Allow some slop (currently 3 minutes) when checking certificate validity.
Change certificate lifetime from 1 year to 2 days. Since we
regenerate regularly (we regenerate regularly, right??), this
shouldn't be a problem.
Have directories reject descriptors published too far in the future
(currently 30 minutes). If dirservs don't do this:
0) Today is January 1, 2000.
1) A very skewed server publishes descriptor X with a declared
publication time of August 1, 2000.
2) The directory includes X.
3) Because of certificate lifetime issues, nobody can use the
skewed server.
4) The server fixes its skew, and goes to republish a new descriptor Y
with publication time of January 1, 2000.
5) But because the directory already has a "more recent" descriptor X,
it rejects descriptor "Y" as superseded!
This patch should make step 2 go away.
svn:r658
2003-10-22 16:41:35 +00:00
Roger Dingledine
069227db5b
introduce new tor_free() macro
...
svn:r643
2003-10-21 09:48:58 +00:00
Roger Dingledine
dc85b7af3c
warn, not err
...
svn:r630
2003-10-19 01:15:36 +00:00
Nick Mathewson
0ec2a34a1d
Code to get nicknames from peer certs
...
svn:r627
2003-10-19 00:46:51 +00:00
Roger Dingledine
ec96419109
let tls tolerate reallocing the buf
...
and also remember the params for ssl_write if it returns wantread.
svn:r626
2003-10-19 00:39:48 +00:00
Roger Dingledine
c627ba2632
first steps toward a WANTWRITE SSL_write tls bug fix
...
how exactly the same do the arguments need to be? :(
svn:r625
2003-10-18 08:00:19 +00:00
Roger Dingledine
61e180ceb1
start to track down the 'peer has invalid cert' bug
...
svn:r623
2003-10-18 06:48:46 +00:00
Nick Mathewson
f32c1c3127
Log TLS errors even harder
...
svn:r604
2003-10-15 23:50:25 +00:00