Don't extend circuits over noncanonical connections with mismatched addresses.

Also, refactor the logic to check whether we will use a connection or launch a new one into a new function. svn:r17628
author: Nick Mathewson <nickm@torproject.org> 2008-12-15 21:17:53 +0000
committer: Nick Mathewson <nickm@torproject.org> 2008-12-15 21:17:53 +0000
commit: e53ffaa4e495200a8ec200c8ac212337bdecb68a (patch)
tree: 232ae401bef454953c5433f882df754f49abdd5a /ChangeLog
parent: 51c29e1e24c87ccf3666e28075e8dfa93cb5240c (diff)
download: tor-e53ffaa4e495200a8ec200c8ac212337bdecb68a.tar
tor-e53ffaa4e495200a8ec200c8ac212337bdecb68a.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 5ed6859f4..5be5dd39a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,10 @@
 Changes in version 0.2.1.9-alpha - 200?-??-??
+  o Major features:
+    - Never use a connection with a mismatched address to extend a
+      circuit, unless that connections is canonical.  A canonical
+      connection is one whose address is authenticated by the router's
+      identity key, either in a NETINFO cell or in a router descriptor.
+
   o Major bugfixes:
     - Fix a logic error that would automatically reject all but the first
       configured DNS server.  Bugfix on 0.2.1.5-alpha.  Possible fix for part
author	Nick Mathewson <nickm@torproject.org>	2008-12-15 21:17:53 +0000
committer	Nick Mathewson <nickm@torproject.org>	2008-12-15 21:17:53 +0000
commit	e53ffaa4e495200a8ec200c8ac212337bdecb68a (patch)
tree	232ae401bef454953c5433f882df754f49abdd5a /ChangeLog
parent	51c29e1e24c87ccf3666e28075e8dfa93cb5240c (diff)
download	tor-e53ffaa4e495200a8ec200c8ac212337bdecb68a.tar tor-e53ffaa4e495200a8ec200c8ac212337bdecb68a.tar.gz