r15087@tombo: nickm | 2007-11-30 22:32:26 -0500

 Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation.  None of this is enabled unless you define V2_HANDSHAKE_SERVER.


svn:r12622

3 files changed, 14 insertions, 12 deletions

diff --git a/src/or/command.c b/src/or/command.c
index b882878ee..41c0c1112 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -38,8 +38,10 @@ static void command_process_destroy_cell(cell_t *cell, or_connection_t *conn);
 static void command_process_versions_cell(var_cell_t *cell,
                                           or_connection_t *conn);
 static void command_process_netinfo_cell(cell_t *cell, or_connection_t *conn);
+#if 0
 static void command_process_cert_cell(var_cell_t *cell, or_connection_t *conn);
 static void command_process_link_auth_cell(cell_t *cell,or_connection_t *conn);
+#endif
 
 #ifdef KEEP_TIMING_STATS
 /** This is a wrapper function around the actual function that processes the
@@ -151,13 +153,6 @@ command_process_cell(cell_t *cell, or_connection_t *conn)
       ++stats_n_netinfo_cells_processed;
       PROCESS_CELL(netinfo, cell, conn);
       break;
-    case CELL_CERT:
-      tor_fragile_assert();
-      break;
-    case CELL_LINK_AUTH:
-      ++stats_n_link_auth_cells_processed;
-      PROCESS_CELL(link_auth, cell, conn);
-      break;
     default:
       log_fn(LOG_INFO, LD_PROTOCOL,
              "Cell of unknown type (%d) received. Dropping.", cell->command);
@@ -201,10 +196,6 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn)
       ++stats_n_versions_cells_processed;
       PROCESS_CELL(versions, cell, conn);
       break;
-    case CELL_CERT:
-      ++stats_n_cert_cells_processed;
-      PROCESS_CELL(cert, cell, conn);
-      break;
     default:
       log_warn(LD_BUG,
                "Variable-length cell of unknown type (%d) received.",
@@ -484,6 +475,8 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
   conn->link_proto = highest_supported_version;
   conn->handshake_state->received_versions = 1;
 
+#if 0
+  /*XXXX020 not right; references dead functions */
   if (highest_supported_version >= 2) {
     if (connection_or_send_netinfo(conn) < 0 ||
         connection_or_send_cert(conn) < 0) {
@@ -495,6 +488,7 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
   } else {
     /* XXXX020 finish v1 verification. */
   }
+#endif
 }
 
 /** Process a 'netinfo' cell. DOCDOC say more. */
@@ -612,6 +606,7 @@ connection_or_act_on_netinfo(or_connection_t *conn)
   return 0;
 }
 
+#if 0
 /*DOCDOC*/
 static void
 command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
@@ -780,4 +775,4 @@ command_process_link_auth_cell(cell_t *cell, or_connection_t *conn)
   tor_free(checked);
   connection_mark_for_close(TO_CONN(conn));
 }
-
+#endif
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index c3f2774b4..d7fa2dbb3 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1057,6 +1057,7 @@ connection_or_send_netinfo(or_connection_t *conn)
   return 0;
 }
 
+#if 0
 #define LINK_AUTH_STRING "Tor initiator certificate verification"
 /** DOCDOC */
 int
@@ -1166,4 +1167,5 @@ connection_or_send_link_auth(or_connection_t *conn)
 
   return 0;
 }
+#endif
 
diff --git a/src/or/or.h b/src/or/or.h
index 261c582d7..edaeaf9f7 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -656,12 +656,17 @@ typedef enum {
 #define CELL_CREATED_FAST 6
 #define CELL_VERSIONS 7
 #define CELL_NETINFO 8
+#if 0
 #define CELL_CERT 9
 #define CELL_LINK_AUTH 10
+#endif
 #define CELL_RELAY_EARLY 11 /*DOCDOC*/
 
+#if 0
 #define CELL_COMMAND_IS_VAR_LENGTH(x) \
   ((x) == CELL_CERT || (x) == CELL_VERSIONS)
+#endif
+#define CELL_COMMAND_IS_VAR_LENGTH(x) ((x) == CELL_VERSIONS)
 
 /** How long to test reachability before complaining to the user. */
 #define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60)