aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 supportNick Mathewson2012-06-02
| | | | | | | | | | | | | | | | | | | | It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it decides to renegotiate, the client will send a record with version "1.0" rather than with the current TLS version. This would cause the connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor handshake was in use. As a workaround, disable TLS 1.1 and TLS 1.2. When a later version of OpenSSL is released, we can make this conditional on running a fixed version of OpenSSL. Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client side. But doing it this way for now means that we not only fix TLS with patched clients; we also fix TLS when the server has this patch and the client does not. That could be important to keep the network running well. Fixes bug 6033.
* Make the succeeding parse_http_time tests more obviously rightNick Mathewson2012-05-16
| | | | | | (When the correct answer is given in terms of seconds since the epoch, it's hard to be sure that it really is the right answer just by reading the code.)
* Merge branch 'bug5346_squashed' into maint-0.2.2Nick Mathewson2012-05-16
|\
| * Fix month check in parse_http_time, add testSebastian Hahn2012-05-16
| |
| * Remove more dubiosity in struct tm handling. related to bug5346Nick Mathewson2012-05-16
| |
| * changes file for branch bug5346Nick Mathewson2012-05-16
| |
| * Reject an additional type of bad date in parse_http_timeNick Mathewson2012-05-16
| |
| * Fix parse_http_time and add testsEsteban Manchado Velázquez2012-05-16
|/ | | | | | | | * It seems parse_http_time wasn't parsing correctly any date with commas (RFCs 1123 and 850). Fix that. * It seems parse_http_time was reporting the wrong month (they start at 0, not 1). Fix that. * Add some tests for parse_http_time, covering all three formats.
* Correct the bulletproofing of routerlist_insert()Nick Mathewson2012-05-16
| | | | | | | The original code updated some variables, but forgot to remove a replaced old-routerdesc from rl->old_routers. Related to bug 1776.
* Clarify MaxCircuitDirtiness behavior with hidden services. Bug 5259.Nick Mathewson2012-05-15
|
* Merge branch 'bug5796_022_squashed' into maint-0.2.2Nick Mathewson2012-05-15
|\
| * Fix a crash bug on SETCIRCUITPURPOSE.Nick Mathewson2012-05-15
| |
* | Merge remote-tracking branch 'karsten/geoip-may2012' into maint-0.2.2Nick Mathewson2012-05-15
|\ \
| * | Update to the May 2012 GeoIP database.Karsten Loesing2012-05-07
| |/
* | fix over-wide line from f661747370Roger Dingledine2012-05-10
| |
* | Merge branch 'bug5786_range_022' into maint-0.2.2Nick Mathewson2012-05-10
|\ \
| * | Handle out-of-range values in tor_parse_* integer functionsNick Mathewson2012-05-07
| |/ | | | | | | | | | | | | | | | | | | | | The underlying strtoX functions handle overflow by saturating and setting errno to ERANGE. If the min/max arguments to the tor_parse_* functions are equal to the minimum/maximum of the underlying type, then with the old approach, we wouldn't treat a too-large value as genuinely broken. Found this while looking at bug 5786; bugfix on 19da1f36 (in Tor 0.0.9), which introduced these functions.
* | Add changes/bug5760Ravi Chandra Padmala2012-05-10
| |
* | Add missing CRLFs to AUTHCHALLENGE failure repliesRavi Chandra Padmala2012-05-10
|/ | | | Fix #5760
* Fix a log-uninitialized-buffer bug.Nick Mathewson2012-04-18
| | | | Fix for 5647; bugfix on 0.2.1.5-alpha.
* rend_service_introduce(): do protocol violation check before anything else.George Kadianakis2012-04-18
| | | | (Cherry-picked from 6ba13e4 by nickm)
* Merge branch 'bug5593' into maint-0.2.2Nick Mathewson2012-04-11
|\
| * Include a Host: header with any HTTP/1.1 proxy requestNick Mathewson2012-04-10
| | | | | | | | | | Bugfix on 0.2.2.1-alpha, which added the orginal HTTP proxy authentication code. Fix for bug 5593.
* | Update to the April 2012 GeoIP database.Karsten Loesing2012-04-11
|/
* Wrap long line; strlen("ides")<strlen("turtles").Nick Mathewson2012-04-04
|
* ides has become turtles, and gotten a new IP addressSebastian Hahn2012-04-05
| | | | As per ticket 5569
* put a _ before or_options_t elements that aren't configurableRoger Dingledine2012-04-01
| | | | | it's fine with me if we change the current convention, but we should actually decide to change it if we want to.
* BridgePassword was never for debuggingRoger Dingledine2012-04-01
| | | | It is for the not-yet-implemented bridge community design.
* Do not use strcmp() to compare an http authenticator to its expected valueNick Mathewson2012-04-01
| | | | | | This fixes a side-channel attack on the (fortunately unused!) BridgePassword option for bridge authorities. Fix for bug 5543; bugfix on 0.2.0.14-alpha.
* Safe cookie authentication gets a changes fileNick Mathewson2012-03-26
|
* Merge remote-tracking branch 'rransom-tor/safecookie-022-v3' into maint-0.2.2Nick Mathewson2012-03-26
|\
| * Implement 'safe cookie authentication'Robert Ransom2012-02-22
| |
* | Merge commit 'a5704b1c624c9a808f52f3a125339f00e2b9a378' into maint-0.2.2Nick Mathewson2012-03-26
|\|
| * Add a sha256 hmac function, with testsNick Mathewson2012-02-22
| | | | | | | | (cherry picked from commit fdbb9cdf746bbf0c39c34188baa8872471183ff7)
* | Use a given name in the bug5090 message, at its holder's request.Nick Mathewson2012-03-09
| |
* | Never choose a bridge as an exit. Bug 5342.Nick Mathewson2012-03-09
| |
* | Revise "sufficient exit nodes" check to work with restrictive ExitNodesNick Mathewson2012-03-09
| | | | | | | | | | If you set ExitNodes so that only 1 exit node is accepted, the previous patch would have made you unable to build circuits.
* | Merge branch 'bug5343' into maint-0.2.2Nick Mathewson2012-03-09
|\ \
| * | Require a threshold of exit nodes before building circuitsNick Mathewson2012-03-08
| | | | | | | | | | | | | | | | | | This mitigates an attack proposed by wanoskarnet, in which all of a client's bridges collude to restrict the exit nodes that the client knows about. Fixes bug 5343.
* | | Oops; credit bug5090 patch to flupzor. estebanm only found the bug.Nick Mathewson2012-03-09
| | |
* | | Correctly handle broken escape sequences in torrc valuesNick Mathewson2012-03-09
|/ / | | | | | | | | | | Previously, malformatted torrc values could crash us. Patch by Esteban Manchado. Fixes bug 5090; fix on 0.2.0.16-alpha.
* | Fix compile warnings in openbsd mallocSebastian Hahn2012-03-08
| |
* | Merge remote-tracking branch 'karsten/geoip-march2012' into maint-0.2.2Nick Mathewson2012-03-08
|\ \
| * | Update to the March 2012 GeoIP database.Karsten Loesing2012-03-08
| | |
* | | new ip address for maatuskaRoger Dingledine2012-02-29
| |/ |/|
* | Properly protect paths to sed, sha1sum, opensslSebastian Hahn2012-02-10
| | | | | | | | | | | | in Makefile.am, we used it without quoting it, causing build failure if your openssl/sed/sha1sum happened to live in a directory with a space in it (very common on windows)
* | Downgrade "missing a certificate" from notice to infoNick Mathewson2012-02-10
| | | | | | | | | | | | | | It was apparently getting mistaken for a problem, even though it was at notice. Fixes 5067; fix on 0.2.0.10-alpha.
* | Use correct CVE number for CVE-2011-4576. Found by fermenthor. bug 5066Nick Mathewson2012-02-10
| |
* | Merge branch 'maint-0.2.1' into maint-0.2.2Roger Dingledine2012-02-09
|\|
| * Update to the February 2012 GeoIP database.Karsten Loesing2012-02-09
| |
generated by cgit v1.2.3 (git 2.45.0) at 2025-02-17 11:01:51 +0000