aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2010-04-13 14:58:30 -0400
committerNick Mathewson <nickm@torproject.org>2010-04-13 15:05:03 -0400
commit6ad09cc6afa4d620978b6b18f7f134d15903dcc1 (patch)
tree7845e5b13859e18996ff032084ca56c773372d31
parent5e679acc72a2648c38a3ee3a2b05cd5b75906568 (diff)
downloadtor-6ad09cc6afa4d620978b6b18f7f134d15903dcc1.tar
tor-6ad09cc6afa4d620978b6b18f7f134d15903dcc1.tar.gz
Fix renegotiation on OpenSSL versions that backport RFC5746.
Our code assumed that any version of OpenSSL before 0.9.8l could not possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION. This is so... except that many vendors have backported the flag from later versions of openssl when they backported the RFC5476 renegotiation feature. The new behavior is particularly annoying to detect. Previously, leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that clients would fail to renegotiate. People noticed that one fast! Now, OpenSSL's RFC5476 support means that clients will happily talk to any servers there are, but servers won't accept renegotiation requests from unpatched clients unless SSL_OP_ALLOW_etc is set. More fun: servers send back a "no renegotiation for you!" error, which unpatched clients respond to by stalling, and generally producing no useful error message. This might not be _the_ cause of bug 1346, but it is quite likely _a_ cause for bug 1346.
-rw-r--r--changes/use_ssl_option_everywhere5
-rw-r--r--src/common/tortls.c10
2 files changed, 11 insertions, 4 deletions
diff --git a/changes/use_ssl_option_everywhere b/changes/use_ssl_option_everywhere
new file mode 100644
index 000000000..02adb3c8b
--- /dev/null
+++ b/changes/use_ssl_option_everywhere
@@ -0,0 +1,5 @@
+ o Major bugfixes:
+ - Fix SSL renegotiation behavior on OpenSSL versions that claim to
+ be earlier than 0.9.8m, but which have in reality backported huge
+ swaths of 0.9.8m or 0.9.8n renegotiation behavior. Possibly fix
+ for some cases of bug 1346.
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 066b42960..25f21a989 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -345,8 +345,8 @@ tor_tls_init(void)
* OpenSSL 0.9.8l.
*
* No, we can't just set flag 0x0010 everywhere. It breaks Tor with
- * OpenSSL 1.0.0beta3 and later. No, we can't just set option
- * 0x00040000L everywhere: before 0.9.8m, it meant something else.
+ * OpenSSL 1.0.0beta3 and later. On the other hand, we might be able to
+ * set option 0x00040000L everywhere.
*
* No, we can't simply detect whether the flag or the option is present
* in the headers at build-time: some vendors (notably Apple) like to
@@ -370,10 +370,12 @@ tor_tls_init(void)
} else if (version < 0x009080c0L) {
log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
"0.9.8l, but some vendors have backported 0.9.8l's "
- "renegotiation code to earlier versions. I'll set "
- "SSL3_FLAGS just to be safe.",
+ "renegotiation code to earlier versions, and some have "
+ "backported the code from 0.9.8m or 0.9.8n. I'll set both "
+ "SSL3_FLAGS and SSL_OP just to be safe.",
SSLeay_version(SSLEAY_VERSION), version);
use_unsafe_renegotiation_flag = 1;
+ use_unsafe_renegotiation_op = 1;
} else {
log_info(LD_GENERAL, "OpenSSL %s has version %lx",
SSLeay_version(SSLEAY_VERSION), version);