Commit Graph

30329 Commits

Author SHA1 Message Date
Nick Mathewson
14be9cba4e Update the protocol versions recommendations to remove LinkAuth=1
LinkAuth method 1 is the one where we pull the TLS master secrets
out of the OpenSSL data structures and authenticate them with
RSA. Right now we list method 1 as required for clients and relays.
That's a problem, since we can't reasonably support it with NSS. So
let's remove it as a requirement and a recommendation.

As for method 3: I'd like to recommend it it, but that would make
0.2.9 start warning.  Let's not do that till at least some time
after 0.3.5 (the next LTS) is stable.

Closes ticket 27286
2018-08-24 12:31:01 -04:00
Nick Mathewson
08a1619e7f Merge branch 'maint-0.3.4' 2018-08-24 12:05:39 -04:00
teor
dd27e17ccc Bootstrap: add some extra logging
Diagnostics for 27236.
2018-08-24 12:05:36 -04:00
teor
3ebbc1c84d Bootstrap: allow internal-only onion service networks to bootstrap
This fix requires chutney's 27230 fix to bridge client bootstrap.

Part of 27236.
2018-08-24 12:05:29 -04:00
Nick Mathewson
49fe7f24d6 Remove changes entries for stuff that is already in maint-0.3.4 2018-08-24 09:15:34 -04:00
Nick Mathewson
4c939f89ae Merge branch 'maint-0.3.4'
"ours" merge to avoid version bump.
2018-08-24 09:13:37 -04:00
Nick Mathewson
4748fd23da Bump to 0.3.4.7-rc 2018-08-24 09:13:20 -04:00
Nick Mathewson
f36b3faa75 Merge branch 'maint-0.3.4' 2018-08-24 08:32:33 -04:00
teor
7a5896d5d4
Bootstrap: try harder to get descriptors in non-exit test networks
Use the mid weight for the third hop when there are no exits.

Fixes bug 27237; bugfix on 0.2.6.2-alpha.
2018-08-24 12:49:05 +10:00
teor
4217dc0558
Add scripts/test/chutney-git-bisect.sh, for bisecting using chutney
Supports bisection on 0.3.4 and earlier.
Recommend that users copy the script before bisecting.

Implements ticket 27211.
2018-08-24 12:46:04 +10:00
teor
588c77677a
Bootstrap: stop requiring descriptors to count exits as usable
Instead, count exits as usable if they have the exit flag, and
present if they also have a non-reject exit policy.

Requiring a threshold of usable descriptors avoids directories trickling
exit descriptors to clients to discover their ExitNodes settings.

Part of 27236.
2018-08-24 12:08:11 +10:00
Nick Mathewson
677048fe9f Merge branch 'maint-0.3.4' 2018-08-23 20:44:16 -04:00
Nick Mathewson
d0007db1f0 Merge remote-tracking branch 'teor/bug26979-034' into maint-0.3.4 2018-08-23 20:44:06 -04:00
teor
78049afaa5
Appveyor CI: always use HEAD for the short commit
Part of 26979.
2018-08-24 10:11:24 +10:00
teor
8425091718
Appveyor CI: Changes file for 26979
Closes 26979.
2018-08-24 10:11:20 +10:00
teor
3ecb7125b4
Appveyor CI: sort environmental variables
To avoid future duplicates.
2018-08-24 10:11:17 +10:00
teor
32fb4403e3
Appveyor CI: fix some typos 2018-08-24 10:11:13 +10:00
teor
965a910abf
Appveyor CI: Generate correct tag names
Part of 26979.
2018-08-24 10:11:10 +10:00
teor
4157015700
Appveyor CI: Switch to one URL per line
Part of 26979.
2018-08-24 10:11:07 +10:00
teor
6a870c69bb
Appveyor CI: Generate correct branches and URLs for pull requests
Part of 26979.
2018-08-24 10:11:03 +10:00
teor
d8ce84aae4
Appveyor CI: Make short commits 10 hexdigits long
That's what git does for tor.

Part of 26979.
2018-08-24 10:11:00 +10:00
teor
73d46b76fd
Appveyor CI: Fix GitHub provider detection
Part of 26979.
2018-08-24 10:10:55 +10:00
Nick Mathewson
9323f5d1d4 Merge branch 'maint-0.3.4' 2018-08-23 20:07:47 -04:00
Nick Mathewson
90f6c590af Merge remote-tracking branch 'teor/ticket27275-034' into maint-0.3.4 2018-08-23 20:07:39 -04:00
teor
08ad1f1e46
CI: Only post Appveyor IRC notifications when the build fails
Implements 27275.
2018-08-24 10:06:06 +10:00
Nick Mathewson
d50f90bfc4 Merge branch 'maint-0.3.4' 2018-08-23 19:37:32 -04:00
Nick Mathewson
e01ea64f0a Merge branch 'maint-0.3.2' into maint-0.3.3 2018-08-23 19:36:45 -04:00
Nick Mathewson
36bb11a650 Merge branch 'maint-0.2.9' into maint-0.3.2 2018-08-23 19:36:45 -04:00
Nick Mathewson
6e0872e867 Merge branch 'maint-0.3.3' into maint-0.3.4 2018-08-23 19:36:45 -04:00
teor
cc4ea34a26
Silence a compilation warning on MSVC 2017 and clang-cl
test.c no longer uses lround(), so we don't need to declare it,
and we can use math.h for fabs().

Fixes bug 27185; bugfix on 0.2.2.2-alpha.
2018-08-24 09:15:04 +10:00
Nick Mathewson
2ae92ab973 Merge branch 'maint-0.3.4' 2018-08-23 14:26:04 -04:00
Nick Mathewson
ced350882d Merge remote-tracking branch 'teor/bug27236-034' into maint-0.3.4 2018-08-23 14:22:30 -04:00
teor
fadcab920b
Bootstrap: check the exit policy and flag on descriptors
Previously, Tor would only check the exit flag. In small networks, Tor
could bootstrap once it received a consensus with exits, without fetching
the new descriptors for those exits.

After bootstrap, Tor delays descriptor fetches, leading to failures in
fast networks like chutney.

Fixes 27236; bugfix on 0.2.6.3-alpha.
2018-08-24 01:13:53 +10:00
teor
692efdad09
Update the message logged on relays when DirCache is disabled
Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the Guard
flag.

Fixes bug 24312; bugfix on 0.3.3.5-rc.
2018-08-23 19:13:25 +10:00
Dominique Ingoglia
8747afc5e0
Change the wording of the DirCache warning 2018-08-23 19:13:15 +10:00
teor
da17875ea5
Travis: Don't do a distcheck with --disable-module-dirauth
Part of 27252.
2018-08-23 18:20:39 +10:00
teor
e8dd83aecb
Merge branch 'ticket27252-033' into ticket27252-034
Semantic merge:
- Rust offline and online were swapped in ticket27252-032
2018-08-23 18:20:17 +10:00
teor
ae2085dd7b
Merge branch 'ticket27252-032' into ticket27252-033
Semantic merge:
- Rust offline and online were swapped in ticket27252-032
- TOR_RUST_DEPENDENCIES is spelt RUST_DEPENDENCIES in 0.3.2
2018-08-23 18:19:42 +10:00
teor
92f1a8af83
Travis: Skip offline rust builds for Linux gcc
We already do an online rust build for Linux gcc.

Part of 27252.
2018-08-23 18:18:14 +10:00
teor
b61d40c8a2
Travis: Only run one online rust build, to reduce network errors
Part of 27252.
2018-08-23 18:17:03 +10:00
teor
99a2ecc795
Merge branch 'ticket27252-029' into ticket27252-032
This commit is already implemented in 0.3.2 and later:
- Travis: Skip a duplicate hardening-off build in Tor 0.2.9
2018-08-23 18:15:55 +10:00
teor
7cea5a287f
Travis: Skip gcc on Linux with default settings
It's redundant, because all the non-default builds use gcc on Linux.

Part of 27252.
2018-08-23 18:13:53 +10:00
teor
9f81e03262
Travis: make the exclude descriptions shorter
Part of 27252.
2018-08-23 18:12:36 +10:00
teor
7ec84cc094
Travis: Skip a duplicate hardening-off build in Tor 0.2.9
Part of 27252.
2018-08-23 17:08:28 +10:00
teor
8f89fb8f39
Travis: skip gcc on OSX, because the default compiler is clang
Part of #27252.
2018-08-23 17:02:32 +10:00
Nick Mathewson
c567b8fcb4 NSS support for x509 certs
7 unit tests are failing at this point, but they're all TLS-related.
2018-08-22 16:11:45 -04:00
Nick Mathewson
7c5339677f Log error strings in crypto_nss_log_errors().
I'll need this for debugging.
2018-08-22 12:36:25 -04:00
David Goulet
e8557ba00d hs: Change default version from 2 to 3
Closes #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:42:23 -04:00
David Goulet
61ad81c36e hs: Learn service version by trying to load the keys
In order to switch the default HS version from 2 to 3, we need tor to be smart
and be able to decide on the version by trying to load the service keys during
configuration validation.

Part of #27215

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:38:28 -04:00
David Goulet
cb466ee7d6 key: Make ed_key_init_from_file() take an or_options_t
Part of #27215, we need to call the ed_key_init_from_file function during
option_validate() which is before the global_options variable is set.

This commit make ed_key_init_from_file() stop using get_options() and instead
now has a or_options_t parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-08-22 11:32:57 -04:00