| Commit message (Expand) | Author | Age |
|---|
| * | r15087@tombo: nickm | 2007-11-30 22:32:26 -0500••• Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation. None of this is enabled unless you define V2_HANDSHAKE_SERVER.
svn:r12622
| Nick Mathewson | 2007-12-01 |
| * | r16669@catbus: nickm | 2007-11-14 14:50:03 -0500••• When we complete an OR handshake, set up all the internal fields and mark the connection as open.
svn:r12495
| Nick Mathewson | 2007-11-14 |
| * | r16523@catbus: nickm | 2007-11-07 11:35:49 -0500••• Improve "tls error. breaking" message a little.
svn:r12411
| Nick Mathewson | 2007-11-07 |
| * | a note from steven about how to set up a private test network•••without link encryption.
svn:r12410
| Roger Dingledine | 2007-11-07 |
| * | r16455@catbus: nickm | 2007-11-06 12:48:00 -0500••• Parse CERT cells and act correctly when we get them.
svn:r12396
| Nick Mathewson | 2007-11-06 |
| * | r16432@catbus: nickm | 2007-11-05 14:18:57 -0500••• Send and parse link_auth cells properly.
svn:r12386
| Nick Mathewson | 2007-11-05 |
| * | r16413@catbus: nickm | 2007-11-05 13:14:18 -0500••• Add functions to encode certificates
svn:r12384
| Nick Mathewson | 2007-11-05 |
| * | r16412@catbus: nickm | 2007-11-05 11:45:17 -0500••• Make TLS contexts reference-counted, and add a reference from TLS objects to their corresponding context. This lets us reliably get the certificates for a given TLS connection, even if we have rotated TLS contexts.
svn:r12383
| Nick Mathewson | 2007-11-05 |
| * | r16411@catbus: nickm | 2007-11-05 11:27:37 -0500••• Remember X509 certificates in the context. Store peer/self certificate digests in handshake state.
svn:r12382
| Nick Mathewson | 2007-11-05 |
| * | r16410@catbus: nickm | 2007-11-05 10:54:29 -0500••• Code to remember client_random and server_random values, and to compute hmac using TLS master secret.
svn:r12381
| Nick Mathewson | 2007-11-05 |
| * | r16302@catbus: nickm | 2007-10-31 16:45:16 -0400••• Clean spaces.
svn:r12301
| Nick Mathewson | 2007-10-31 |
| * | r16285@catbus: nickm | 2007-10-30 17:43:25 -0400••• Implement (but do not enable) link connection version negotiation
svn:r12286
| Nick Mathewson | 2007-10-30 |
| * | r16159@catbus: nickm | 2007-10-25 12:53:38 -0400••• Drop support for OpenSSL 0.9.6.
svn:r12191
| Nick Mathewson | 2007-10-25 |
| * | r15997@catbus: nickm | 2007-10-21 20:25:40 -0400••• New code (disabled for now) to use the SSL context's cert store instead of using its "extra chain cert" list to get our identity certificate sent. This is a little close to what OpenSSL expects people to do, and it has the advantage that we should be able to keep the id cert from being sent by setting the NO_CHAIN_CERT bit. I have tried turning new code on, and it seemed to work fine.
svn:r12086
| Nick Mathewson | 2007-10-22 |
| * | r13988@catbus: nickm | 2007-07-29 16:32:36 -0400••• Cheesy attempt to break some censorware. Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them.
svn:r10975
| Nick Mathewson | 2007-07-29 |
| * | r12936@catbus: nickm | 2007-05-24 14:12:34 -0400••• Review XXXX comments without a version; upgrade some to XXXX020.
svn:r10315
| Nick Mathewson | 2007-05-24 |
| * | fix some code comments, a wrapper, and add a todo item•••svn:r10111
| Roger Dingledine | 2007-05-04 |
| * | r12595@catbus: nickm | 2007-04-30 18:32:34 -0400••• Move private function declarations from crypto.c into a new #ifdef CRYPTO_PRIVATE block in crypto.h
svn:r10074
| Nick Mathewson | 2007-04-30 |
| * | r11832@catbus: nickm | 2007-02-16 15:31:59 -0500••• Fix 35 remaining DOCDOC comments. Yowza.
svn:r9596
| Nick Mathewson | 2007-02-16 |
| * | r11775@catbus: nickm | 2007-02-12 16:39:09 -0500••• Update copyright dates.
svn:r9570
| Nick Mathewson | 2007-02-12 |
| * | r11773@catbus: nickm | 2007-02-12 15:18:48 -0500••• Implement proposal 106: stop requiring clients to have certificates, and stop checking for nicknames in certificates. [See proposal 106 for rationale.] Also improve messages when checking TLS handshake, to re-resolve bug 382.
svn:r9568
| Nick Mathewson | 2007-02-12 |
| * | r11629@catbus: nickm | 2007-02-02 15:06:17 -0500••• Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were. Oops. Hey, kids! Fixing some of these could be your first Tor patch!
svn:r9477
| Nick Mathewson | 2007-02-02 |
| * | r11607@catbus: nickm | 2007-01-30 17:19:27 -0500••• Audit non-const char arguments; make a lot more of them const.
svn:r9466
| Nick Mathewson | 2007-01-30 |
| * | r11966@Kushana: nickm | 2007-01-15 16:12:17 -0500••• Tidy up ORCONN reason patch from Mike Perry. Changes: make some of the handling of TLS error codes less error prone. Enforce house style wrt spaces. Make it compile with --enable-gcc-warnings. Only set or_conn->tls_error in the case of an actual error. Add a changelog entry.
svn:r9355
| Nick Mathewson | 2007-01-15 |
| * | r11957@Kushana: nickm | 2007-01-15 15:25:57 -0500••• Patch from Mike Perry: Track reasons for OR connection failure; display them in control events. Needs review and revision.
svn:r9354
| Nick Mathewson | 2007-01-15 |
| * | apparently i think of comments with no whitespace around them as•••"read this if you don't understand the code and want some help."
which is not the same as "hey, you think you understand this code,
but you don't."
svn:r9307
| Roger Dingledine | 2007-01-09 |
| * | Fix an assert error introduced in 0.1.2.5-alpha: if a single TLS•••connection handles more than 4 gigs in either direction, we assert.
svn:r9306
| Roger Dingledine | 2007-01-09 |
| * | more progress and cleanups•••svn:r9269
| Roger Dingledine | 2007-01-05 |
| * | r11741@Kushana: nickm | 2006-12-28 22:41:29 -0500••• Count TLS bytes accurately: previously, we counted only the number of bytes read or transmitted via tls, not the number of extra bytes used to do so. This has been a lonstanding wart. The fix "Works for me".
svn:r9207
| Nick Mathewson | 2006-12-29 |
| * | r11566@Kushana: nickm | 2006-12-13 17:46:24 -0500••• Try to fix an assert failure in new write limiting code: make buffers.c aware of previous "forced" write sizes from tortls.
svn:r9105
| Nick Mathewson | 2006-12-13 |
| * | r8923@totoro: nickm | 2006-10-07 11:44:33 -0400••• More doxygen comments
svn:r8637
| Nick Mathewson | 2006-10-07 |
| * | Merge in some bsockets calls, all wrapped inside #if defined(USE_BSOCKETS)•••svn:r8427
| Nick Mathewson | 2006-09-19 |
| * | r8696@Kushana: nickm | 2006-08-31 14:43:44 -0400••• Try to appease some warnings with newer gccs that believe that ignoring a return value is okay, but casting a return value and then ignoring it is a sign of madness.
svn:r8312
| Nick Mathewson | 2006-08-31 |
| * | ok, i'm not allowed to say that there. oh well.•••svn:r6720
| Roger Dingledine | 2006-07-04 |
| * | fix a misleading function comment•••svn:r6717
| Roger Dingledine | 2006-07-04 |
| * | if we're the server-side of the tls and there are problems,•••don't yell as loudly.
svn:r6716
| Roger Dingledine | 2006-07-04 |
| * | and now the exciting part: there is now no such thing as doing•••a client-only tls, that is, one with no certs.
svn:r6558
| Roger Dingledine | 2006-06-07 |
| * | simplify the tortls api: we only support being a "server", that•••is, even tor clients do the same sort of handshake.
this has been true for years, so it's best to get rid of the
stale code.
svn:r6557
| Roger Dingledine | 2006-06-07 |
| * | looks like we missed a piece of the 0.1.1.9 paranoia code.•••hopefully this change is a no-op.
svn:r6556
| Roger Dingledine | 2006-06-07 |
| * | if we're a server and some peer has a broken tls certificate, don't•••shout about it unless we want to hear about protocol violations.
svn:r6507
| Roger Dingledine | 2006-05-26 |
| * | Claim a commonname of Tor, rather than TOR, in tls handshakes.•••Maybe this will help us win the war of names.
svn:r6489
| Roger Dingledine | 2006-05-24 |
| * | Add some functions to escape values from the network before sending them to t...•••svn:r6087
| Nick Mathewson | 2006-03-05 |
| * | Start the process of converting warn to log_warn and so on.•••This is needed because Windows already has an err() that we
can't clobber. And we need to be able to make the log functions
a macro so we can print the function's name in the log entry.
svn:r6000
| Roger Dingledine | 2006-02-13 |
| * | Happy new year!•••svn:r5949
| Roger Dingledine | 2006-02-09 |
| * | Split 0119_PARANOIA into 0119_PARANOIA_[ABC]. A is "this is suspicious, and ...•••svn:r5840
| Nick Mathewson | 2006-01-17 |
| * | Add a (diabled by default) option in crypto.h to disable most of the interest...•••svn:r5777
| Nick Mathewson | 2006-01-10 |
| * | Bite the bullet and limit all our source lines to 80 characters, the way IBM ...•••svn:r5582
| Nick Mathewson | 2005-12-14 |
| * | Hm; looks like the callback business was unnecessary, since DHparams_dup() co...•••svn:r5372
| Nick Mathewson | 2005-11-14 |
| * | Use a callback to set our DH parameters; set SSL_OP_SINGLE_DH_USE.•••svn:r5371
| Nick Mathewson | 2005-11-14 |
| * | Efficiency hack: call tor_fix_source_file late, not early. Add "BUG" domain....•••svn:r5309
| Nick Mathewson | 2005-10-25 |