aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2011-11-27 08:29:51 -0500
committerNick Mathewson <nickm@torproject.org>2011-11-29 19:10:19 -0500
commite27a26d568a257cf350814a9abfa47d3b41ad9f3 (patch)
tree1e4880f1256ca4e30d499f9727310304e5ae3424
parent617617e21a2d30a86cea9c8f7043333078f2e8f8 (diff)
downloadtor-e27a26d568a257cf350814a9abfa47d3b41ad9f3.tar
tor-e27a26d568a257cf350814a9abfa47d3b41ad9f3.tar.gz
Set renegotiation callbacks immediately on tls inititation
This way, we can't miss a renegotiation attempt in a v2 handshake, or miss excess renegotiation attempts. Partial fix for bug 4587.
-rw-r--r--src/common/tortls.c2
-rw-r--r--src/or/connection_or.c17
2 files changed, 7 insertions, 12 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index e052c85eb..aeb090bbf 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1563,7 +1563,6 @@ tor_tls_set_renegotiate_callbacks(tor_tls_t *tls,
tls->excess_renegotiations_callback = cb2;
tls->callback_arg = arg;
tls->got_renegotiate = 0;
- SSL_set_info_callback(tls->ssl, tor_tls_state_changed_callback);
}
/** If this version of openssl requires it, turn on renegotiation on
@@ -1767,7 +1766,6 @@ tor_tls_finish_handshake(tor_tls_t *tls)
{
int r = TOR_TLS_DONE;
if (tls->isServer) {
- SSL_set_info_callback(tls->ssl, NULL);
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
/* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index e868b7b78..0f68feb60 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -42,6 +42,7 @@ static int connection_or_check_valid_tls_handshake(or_connection_t *conn,
char *digest_rcvd_out);
static void connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn);
+static void connection_or_close_connection_cb(void *_conn);
#ifdef USE_BUFFEREVENTS
static void connection_or_handle_event_cb(struct bufferevent *bufev,
@@ -1096,12 +1097,16 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving)
conn->_base.state = OR_CONN_STATE_TLS_HANDSHAKING;
tor_assert(!conn->tls);
conn->tls = tor_tls_new(conn->_base.s, receiving);
- tor_tls_set_logged_address(conn->tls, // XXX client and relay?
- escaped_safe_str(conn->_base.address));
if (!conn->tls) {
log_warn(LD_BUG,"tor_tls_new failed. Closing.");
return -1;
}
+ tor_tls_set_logged_address(conn->tls, // XXX client and relay?
+ escaped_safe_str(conn->_base.address));
+ tor_tls_set_renegotiate_callbacks(conn->tls,
+ connection_or_tls_renegotiated_cb,
+ connection_or_close_connection_cb,
+ conn);
#ifdef USE_BUFFEREVENTS
if (connection_type_uses_bufferevent(TO_CONN(conn))) {
const int filtering = get_options()->_UseFilteringSSLBufferevents;
@@ -1213,10 +1218,6 @@ connection_tls_continue_handshake(or_connection_t *conn)
/* v2/v3 handshake, but not a client. */
log_debug(LD_OR, "Done with initial SSL handshake (server-side). "
"Expecting renegotiation or VERSIONS cell");
- tor_tls_set_renegotiate_callbacks(conn->tls,
- connection_or_tls_renegotiated_cb,
- connection_or_close_connection_cb,
- conn);
conn->_base.state = OR_CONN_STATE_TLS_SERVER_RENEGOTIATING;
connection_stop_writing(TO_CONN(conn));
connection_start_reading(TO_CONN(conn));
@@ -1277,10 +1278,6 @@ connection_or_handle_event_cb(struct bufferevent *bufev, short event,
} else if (tor_tls_get_num_server_handshakes(conn->tls) == 1) {
/* v2 or v3 handshake, as a server. Only got one handshake, so
* wait for the next one. */
- tor_tls_set_renegotiate_callbacks(conn->tls,
- connection_or_tls_renegotiated_cb,
- connection_or_close_connection_cb,
- conn);
conn->_base.state = OR_CONN_STATE_TLS_SERVER_RENEGOTIATING;
/* return 0; */
return; /* ???? */