aboutsummaryrefslogtreecommitdiff
path: root/src/common/tortls.c
Commit message (Collapse)AuthorAge
* Working strerror for windows socket errors, plus some snide comments.Nick Mathewson2004-05-02
| | | | svn:r1775
* some patches on the patchesRoger Dingledine2004-05-01
| | | | svn:r1761
* Handle windows socket errors correctly; comment most of common.Nick Mathewson2004-05-01
| | | | svn:r1756
* Some versions of openssl have an SSL_pending function that erroneouslyNick Mathewson2004-04-26
| | | | | | | | | | returns bytes when there is a non-application record pending. I have no idea when/why this would even happen, but let's catch it and make sure tor_tls_get_pending_bytes stays correct. svn:r1727
* Add a macro to catch unhandled openssl errors.Nick Mathewson2004-04-26
| | | | svn:r1723
* log debug so nick can see it tooRoger Dingledine2004-04-26
| | | | svn:r1721
* Include strerror(errno) with tls syscall errorsNick Mathewson2004-04-26
| | | | svn:r1718
* Log pending TLS errors in a couple more places, in case they are possible.Nick Mathewson2004-04-26
| | | | svn:r1716
* Call tls_log_errors at a more appropriate location; we can remove the other ↵Nick Mathewson2004-04-26
| | | | | | calls in tor_tls_verify once we are sure they never happen. svn:r1709
* Very blunt debugging code: log pending errors at start and end of tor_tls_verifyNick Mathewson2004-04-26
| | | | svn:r1707
* use tor_assert and PUBLIC_KEY_OKRoger Dingledine2004-04-25
| | | | | | | but don't use tor_assert inside log.c, to avoid loops svn:r1696
* Merge flagday into main branch.Nick Mathewson2004-04-24
| | | | svn:r1683
* quiet a -l info that should be -l debugRoger Dingledine2004-04-15
| | | | svn:r1634
* allow 90 minutes of clock skew, not 30Roger Dingledine2004-04-08
| | | | svn:r1544
* Document stuff, reduce magic numbers, add emacs magicNick Mathewson2004-04-06
| | | | svn:r1502
* Make "common" no longer depend on or.hNick Mathewson2004-04-03
| | | | svn:r1466
* Refactor the heck out of crypto interface: admit that we will stick with one ↵Nick Mathewson2004-04-03
| | | | | | ciphersuite at a time, make const things const, and stop putting openssl in the headers. svn:r1458
* Make tor build on windows again. More work still neededNick Mathewson2004-03-09
| | | | svn:r1247
* bugfix: stop trying to write to a stderr that may not be thereRoger Dingledine2004-02-28
| | | | | | | also, tell start_daemon our desired cwd svn:r1170
* fix typoRoger Dingledine2004-01-20
| | | | svn:r1007
* Note discrepency between N bytes transmitted over TLS and actual bandwidth ↵Nick Mathewson2004-01-13
| | | | | | use; add 2 functions to help resolve. svn:r986
* clean tabs, trailing whitespaceRoger Dingledine2003-12-17
| | | | svn:r952
* Stop leaking X509 certs; those things are _nasty_ on the carpetNick Mathewson2003-11-18
| | | | svn:r833
* fix a bug in handling clock skewRoger Dingledine2003-11-11
| | | | svn:r785
* resolve warningNick Mathewson2003-10-23
| | | | svn:r664
* Two-pronged attack at my overzealous skew fixes.Nick Mathewson2003-10-23
| | | | | | | | | | | | | | | The problem was that the fixes had us generating TLS certs with a 2-day lifetime on the assumption that we'd rotate fairly often. In fact, we never rotate our TLS keys. This patch fixes the situation in 2 ways: 1. It bumps the default lifetime back up to one year until we get rotation in place. 2. It changes tor_tls_context_new() so that it doesn't leak memory when you call it more than once. svn:r663
* Clock skew fixes.Nick Mathewson2003-10-22
| | | | | | | | | | | | | | | | | | | | | | | | | | Allow some slop (currently 3 minutes) when checking certificate validity. Change certificate lifetime from 1 year to 2 days. Since we regenerate regularly (we regenerate regularly, right??), this shouldn't be a problem. Have directories reject descriptors published too far in the future (currently 30 minutes). If dirservs don't do this: 0) Today is January 1, 2000. 1) A very skewed server publishes descriptor X with a declared publication time of August 1, 2000. 2) The directory includes X. 3) Because of certificate lifetime issues, nobody can use the skewed server. 4) The server fixes its skew, and goes to republish a new descriptor Y with publication time of January 1, 2000. 5) But because the directory already has a "more recent" descriptor X, it rejects descriptor "Y" as superseded! This patch should make step 2 go away. svn:r658
* introduce new tor_free() macroRoger Dingledine2003-10-21
| | | | svn:r643
* warn, not errRoger Dingledine2003-10-19
| | | | svn:r630
* Code to get nicknames from peer certsNick Mathewson2003-10-19
| | | | svn:r627
* let tls tolerate reallocing the bufRoger Dingledine2003-10-19
| | | | | | | and also remember the params for ssl_write if it returns wantread. svn:r626
* first steps toward a WANTWRITE SSL_write tls bug fixRoger Dingledine2003-10-18
| | | | | | | how exactly the same do the arguments need to be? :( svn:r625
* start to track down the 'peer has invalid cert' bugRoger Dingledine2003-10-18
| | | | svn:r623
* Log TLS errors even harderNick Mathewson2003-10-15
| | | | svn:r604
* Add more logging on some ssl errors.Nick Mathewson2003-10-15
| | | | svn:r603
* change WARNING to WARNRoger Dingledine2003-10-10
| | | | svn:r570
* shift read_file_to_str() into util.cRoger Dingledine2003-09-28
| | | | svn:r504
* Add function to wrap SSL_pendingNick Mathewson2003-09-27
| | | | svn:r501
* finish enforcing the log conventionRoger Dingledine2003-09-26
| | | | svn:r494
* various bugfixes and updatesRoger Dingledine2003-09-25
| | | | | | | | | | | | | | | | | | | | redo all the config files for the new format (we'll redo them again soon) fix (another! yuck) segfault in log_fn when input is too large tor_tls_context_new() returns -1 for error, not NULL fix segfault in check_conn_marked() on conn's that die during tls handshake make ORs also initialize conn from router when we're the receiving node make non-dirserver ORs upload descriptor to every dirserver on startup add our local address to the descriptor add Content-Length field to POST command revert the Content-Length search in fetch_from_buf_http() to previous code fix segfault in memmove in fetch_from_buf_http() raise maximum allowed headers/body size in directory.c svn:r484
* Refactor buffers; implement descriptors.Nick Mathewson2003-09-25
| | | | | | | | | | | | | | | | | 'buf_t' is now an opaque type defined in buffers.c . Router descriptors now include all keys; routers generate keys as needed on startup (in a newly defined "data directory"), and generate their own descriptors. Descriptors are now self-signed. Implementation is not complete: descriptors are never published; and upon receiving a descriptor, the directory doesn't do anything with it. At least "routers.or" and orkeygen are now obsolete, BTW. svn:r483
* More fine-grained logging messages on ZeroReturn/Syscall error casesNick Mathewson2003-09-16
| | | | svn:r467
* Cipher lists need to be colon separated. Also make initialization more ↵Nick Mathewson2003-09-15
| | | | | | bulletproof svn:r459
* Fix TLS error loggingNick Mathewson2003-09-15
| | | | svn:r458
* Log protocol errorsNick Mathewson2003-09-15
| | | | svn:r457
* fix the cpuworker circ-had-vanished bug (maybe)Roger Dingledine2003-09-14
| | | | | | | still several (many) tls-related bugs outstanding. svn:r454
* Fix bugs in certificate generation and SSL context creation. Both seem to ↵Nick Mathewson2003-09-11
| | | | | | work now. svn:r447
* Resolve XXXXs in tortls.cNick Mathewson2003-09-11
| | | | svn:r443
* Simplify some code paths in TLS; cut down on memory leaks; useNick Mathewson2003-09-11
| | | | | | | reasonable ciphers if not everyone has OpenSSL 0.9.7. svn:r442
* fix typo that's been bugging meRoger Dingledine2003-09-11
| | | | svn:r440
generated by cgit v1.2.3 (git 2.45.0) at 2024-12-21 18:24:16 +0000