| Commit message (Expand) | Author | Age |
|---|
| ... | |
| * | | | Change to use SSL_state_string_long() instead of homebrew ssl_state_to_string... | Emile Snyder | 2012-01-06 |
| * | | | Merge remote-tracking branch 'origin/maint-0.2.2' | Nick Mathewson | 2012-01-05 |
| |\| | |
|
| | * | | Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 | Nick Mathewson | 2012-01-05 |
| | |\| |
|
| | | * | Log at info level when disabling SSLv3 | Robert Ransom | 2012-01-05 |
| | | * | Disable SSLv3 when using a not-up-to-date openssl•••This is to address bug 4822, and CVE-2011-4576.
| Nick Mathewson | 2012-01-05 |
| * | | | note some dead code. if i'm right, should this be removed? | Roger Dingledine | 2012-01-05 |
| * | | | indent; add comment•••This re-applies 40a87c4c08be0cdd87a3df283f285b3c2a0c8445 which got
accidentally reverted in 75134c6c86e54c10fd9e11c4345aadcdabc0f8fb.
Thanks asn for spotting this.
| Nick Mathewson | 2011-12-08 |
| * | | | Revert "Refactor the SSL_set_info_callback() callbacks."•••This reverts commit 69a821ea1c9357acdd5aa1c9e23fd030b01cb5a9.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "Detect renegotiation when it actually happens."•••This reverts commit 4fd79f9def28996552b5739792f428c2514de1f6.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "Detect and deny excess renegotiations attempts."•••This reverts commit ecd239e3b577705e0669d47293a2e755cf93cec0.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "Get rid of tor_tls_block_renegotiation()."•••This reverts commit 340809dd224b244675496e301d3ba154a6fe68d0.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "Also handle needless renegotiations in SSL_write()."•••This reverts commit e2b3527106e0747f652e2f28fa087d9874e0e2ce.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "Fix issues pointed out by nickm."•••This reverts commit e097bffaed72af6b19f7293722021196bb94de1e.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "Use callback-driven approach to block renegotiations."•••This reverts commit 406ae1ba5ad529a4d0e710229dab6ed645d42b50.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "Refactor tor_event_base_once to do what we actually want"•••This reverts commit 7920ea55b8d994268d2b07f27316b0f34d8f27e5.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "Fix some wide lines in tortls.c"•••This reverts commit e8dde3aabd3e1292d381eb4269c6457548dca6b9.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "Don't schedule excess_renegotiations_callback unless it's set"•••This reverts commit 617617e21a2d30a86cea9c8f7043333078f2e8f8.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "indent; add comment"•••This reverts commit 40a87c4c08be0cdd87a3df283f285b3c2a0c8445.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "Make pending libevent actions cancelable"•••This reverts commit aba25a6939a5907d40dbcff7433a8c130ffd12ad.
| Nick Mathewson | 2011-12-06 |
| * | | | Revert "Set renegotiation callbacks immediately on tls inititation"•••This reverts commit e27a26d568a257cf350814a9abfa47d3b41ad9f3.
| Nick Mathewson | 2011-12-06 |
| * | | | Merge branch 'bug4587_v2' | Nick Mathewson | 2011-11-29 |
| |\ \ \ |
|
| | * | | | Set renegotiation callbacks immediately on tls inititation•••This way, we can't miss a renegotiation attempt in a v2 handshake,
or miss excess renegotiation attempts. Partial fix for bug 4587.
| Nick Mathewson | 2011-11-29 |
| * | | | | Make pending libevent actions cancelable•••This avoids a dangling pointer issue in the 3412 code, and should
fix bug 4599.
| Nick Mathewson | 2011-11-29 |
| * | | | | indent; add comment | Nick Mathewson | 2011-11-27 |
| * | | | | Merge remote-tracking branch 'asn/bug4584' | Nick Mathewson | 2011-11-27 |
| |\ \ \ \
| |/ / /
|/| | | |
|
| | * | | | Use random bytes as our certificate serial numbers.•••Instead of using time(NULL) in our certificate serial numbers, use
eight random bytes as suggested in proposal 179.
| George Kadianakis | 2011-11-27 |
| * | | | | Don't schedule excess_renegotiations_callback unless it's set•••Partial fix for bug 4587; reported by "frosty_un".
| Nick Mathewson | 2011-11-27 |
| |/ / / |
|
| * | | | Fix some wide lines in tortls.c | Nick Mathewson | 2011-11-25 |
| * | | | Refactor tor_event_base_once to do what we actually want•••This version avoids the timeout system entirely, gives a nicer
interface, and lets us manage allocation explicitly.
| Nick Mathewson | 2011-11-25 |
| * | | | Merge remote-tracking branch 'asn/bug4312' | Nick Mathewson | 2011-11-25 |
| |\ \ \ |
|
| | * | | | Use callback-driven approach to block renegotiations.•••Also use this new approach in the bufferevents-enabled case.
| George Kadianakis | 2011-11-13 |
| | * | | | Fix issues pointed out by nickm.•••- Rename tor_tls_got_server_hello() to tor_tls_got_client_hello().
- Replaced some aggressive asserts with LD_BUG logging.
They were the innocent "I believe I understand how these callbacks
work, and this assert proves it" type of callbacks, and not the "If
this statement is not true, computer is exploding." type of
callbacks.
- Added a changes file.
| George Kadianakis | 2011-11-03 |
| | * | | | Also handle needless renegotiations in SSL_write().•••SSL_read(), SSL_write() and SSL_do_handshake() can always progress the
SSL protocol instead of their normal operation, this means that we
must be checking for needless renegotiations after they return.
Introduce tor_tls_got_excess_renegotiations() which makes the
tls->server_handshake_count > 2
check for us, and use it in tor_tls_read() and tor_tls_write().
Cases that should not be handled:
* SSL_do_handshake() is only called by tor_tls_renegotiate() which is a
client-only function.
* The SSL_read() in tor_tls_shutdown() does not need to be handled,
since SSL_shutdown() will be called if SSL_read() returns an error.
| George Kadianakis | 2011-10-26 |
| | * | | | Get rid of tor_tls_block_renegotiation().•••Since we check for naughty renegotiations using
tor_tls_t.server_handshake_count we don't need that semi-broken
function (at least till there is a way to disable rfc5746
renegotiations too).
| George Kadianakis | 2011-10-26 |
| | * | | | Detect and deny excess renegotiations attempts.•••Switch 'server_handshake_count' from a uint8_t to 2 unsigned int bits.
Since we won't ever be doing more than 3 handshakes, we don't need the
extra space.
Toggle tor_tls_t.got_renegotiate based on the server_handshake_count.
Also assert that when we've done two handshakes as a server (the initial
SSL handshake, and the renegotiation handshake) we've just
renegotiated.
Finally, in tor_tls_read() return an error if we see more than 2
handshakes.
| George Kadianakis | 2011-10-26 |
| | * | | | Detect renegotiation when it actually happens.•••The renegotiation callback was called only when the first Application
Data arrived, instead of when the renegotiation took place.
This happened because SSL_read() returns -1 and sets the error to
SSL_ERROR_WANT_READ when a renegotiation happens instead of reading
data [0].
I also added a commented out aggressive assert that I won't enable yet
because I don't feel I understand SSL_ERROR_WANT_READ enough.
[0]: Look at documentation of SSL_read(), SSL_get_error() and
SSL_CTX_set_mode() (SSL_MODE_AUTO_RETRY section).
| George Kadianakis | 2011-10-26 |
| | * | | | Refactor the SSL_set_info_callback() callbacks.•••Introduce tor_tls_state_changed_callback(), which handles every SSL
state change.
The new function tor_tls_got_server_hello() is called every time we
send a ServerHello during a v2 handshake, and plays the role of the
previous tor_tls_server_info_callback() function.
| George Kadianakis | 2011-10-26 |
| * | | | | Fix a check-spaces complaint | Sebastian Hahn | 2011-11-16 |
| * | | | | Make certificate skew into a protocol warning | Nick Mathewson | 2011-11-15 |
| * | | | | Allow up to a 30 days future skew, 48 hours past skew in certs. | Nick Mathewson | 2011-11-15 |
| * | | | | Fix a memory-poisoning memset in tortls.c | Nick Mathewson | 2011-10-28 |
| * | | | | Merge branch 'maint-0.2.2_secfix' into master_secfix•••Conflicts:
src/common/tortls.c
src/or/connection_or.c
src/or/dirserv.c
src/or/or.h
| Sebastian Hahn | 2011-10-27 |
| |\ \ \ \
| | |/ /
| |/| | |
|
| | * | | | Merge branch 'maint-0.2.1_secfix' into maint-0.2.2_secfix•••Conflicts:
src/or/connection_or.c
| Sebastian Hahn | 2011-10-26 |
| | |\ \ \
| | | |/
| | |/| |
|
| | | * | | Don't send a certificate chain on outgoing TLS connections from non-relays | Nick Mathewson | 2011-10-26 |
| | | * | | Maintain separate server and client TLS contexts.•••Fixes bug #988.
Conflicts:
src/or/main.c
src/or/router.c
| Robert Ransom | 2011-10-26 |
| | | * | | Refactor tor_tls_context_new:•••* Make tor_tls_context_new internal to tortls.c, and return the new
tor_tls_context_t from it.
* Add a public tor_tls_context_init wrapper function to replace it.
Conflicts:
src/or/main.c
src/or/router.c
| Robert Ransom | 2011-10-26 |
| | | * | | Make the DH parameter we use for TLS match the one from Apache's mod_ssl•••Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
(Backport from 0.2.2's 5ed73e3807d90dd0a3)
| Nick Mathewson | 2011-02-10 |
| * | | | | Fix a reference-leak in tor_tls_received_v3_certificate•••We were calling SSL_get_peer_certificate but not X509_free.
This is a major part of bug4252; the bug has been in no released version.
| Nick Mathewson | 2011-10-23 |
| * | | | | Fix memory leak in prop176 code•••This fixes part of bug4252. Bug not in any released version.
| Nick Mathewson | 2011-10-23 |
| | |_|/
|/| | |
|
| * | | | Add some points to make it easy to turn off v3 support | Nick Mathewson | 2011-10-10 |