| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
Whoo. People diagnosed and fixed bug 616. See changelog for details. Bugfix on 0.2.0.20-rc.
svn:r13793
|
| |
|
|
| |
svn:r13706
|
| |
|
|
|
|
|
|
|
|
| |
<weasel> tortls.c:634: warning: passing arg 1 of `SSL_get_session' discards
qualifiers from pointer target type
Nick, see if you like this patch.
svn:r13690
|
| |
|
|
|
|
|
| |
Enable v2 handshakes.
svn:r13666
|
| |
|
|
|
|
|
| |
Fix all remaining shorten-64-to-32 errors in src/common. Some were genuine problems. Many were compatibility errors with libraries (openssl, zlib) that like predate size_t. Partial backport candidate.
svn:r13665
|
| |
|
|
|
|
|
| |
Change some of our log messages related to closed TLS connections in order to better reflect reality.
svn:r13657
|
| |
|
|
| |
svn:r13649
|
| |
|
|
| |
svn:r13644
|
| |
|
|
|
|
|
| |
Answer one xxx020 item; move 7 other ones to a new "XXX020rc" category: they should get fixed before we cut a release candidate. arma: please review these to see whether you have fixes/answers for any. Please check out the other 14 XXX020s to see if any look critical for the release candidate.
svn:r13640
|
| |
|
|
|
|
|
| |
When SafeLogging is off, have TLS errors and messages logged with their associated addresses.
svn:r13591
|
| |
|
|
|
|
|
| |
Defer, downgrade, or address more XXX020s. The remaining ones are all ones we should deal with before release.
svn:r13530
|
| |
|
|
|
|
|
| |
Re-tune mempool parametes based on testing on peacetime: use smaller chuncks, free them a little more aggressively, and try very hard to concentrate allocations on fuller chunks. Also, lots of new documentation.
svn:r13484
|
| |
|
|
| |
svn:r13480
|
| |
|
|
|
|
|
| |
oops. Not *quite* ready, just yet, maybe. Do not turn the TLS client handshake on by mistake _again_.
svn:r13479
|
| |
|
|
|
|
|
| |
Make version negotiation and handshaking messages more useful and accurate.
svn:r13477
|
| |
|
|
|
|
|
| |
Make a couple of messages less noisy
svn:r13476
|
| |
|
|
| |
svn:r13440
|
| |
|
|
|
|
|
| |
Remove spurious log stmt
svn:r13432
|
| |
|
|
|
|
|
| |
Change DNs in x509 certificates to be harder to fingerprint. Raise common code. Refactor random hostname generation into crypto.c
svn:r13429
|
| |
|
|
| |
svn:r13412
|
| |
|
|
|
|
|
| |
The SSL portion of the revised handshake now seems to work: I just finally got a client and a server to negotiate versions. Now to make sure certificate verification is really happening, connections are getting opened, etc.
svn:r13409
|
| |
|
|
|
|
|
| |
Implement a better means for testing for renegotiation.
svn:r13408
|
| |
|
|
|
|
|
| |
Fix a bunch of DOCDOC items; document the --quiet flag; refactor a couple of XXXX020 items.
svn:r13405
|
| |
|
|
|
|
|
| |
Remove some dead code; fix some XXX020s; turn some XXX020s into XXXX_IP6s (i.e., "needs to be fixed when we add ipv6 support").
svn:r13382
|
| |
|
|
|
|
|
|
| |
code, which is causing log entries like "TLS error while
renegotiating handshake". Disable it again. Resolves bug 590.
svn:r13219
|
| |
|
|
|
|
|
| |
Fix certificate leak.
svn:r13218
|
| |
|
|
|
|
|
| |
Fix some hard to trigger but nonetheless real memory leaks spotted by an anonymous contributor. Needs review. Partial backport candidate.
svn:r13147
|
| |
|
|
| |
svn:r13095
|
| |
|
|
|
|
|
| |
Fix bug 582: decref the idcert when we add it to the store.
svn:r13052
|
| |
|
|
|
|
|
| |
Add a reverse mapping from SSL to tor_tls_t*: we need this in order to do a couple of things the sensible way from inside callbacks. Also, add a couple of missing cases in connection_or.c
svn:r13040
|
| |
|
|
|
|
|
| |
Note an unfreed cert
svn:r13008
|
| |
|
|
| |
svn:r12786
|
| |
|
|
|
|
|
| |
Aaand, do the code to enable the client side of the new TLS handshake. There are some loose ends that need tying up in connection_or, and a lot of half-baked code to remove, and some special cases to test for, and lots and lots of testing to do, but that is what weekends are for.
svn:r12721
|
| |
|
|
|
|
|
| |
Add DHE-RSA-AES256-SHA to the list of ciphers encountered from v1 connections.
svn:r12652
|
| |
|
|
|
|
|
| |
Add support to get a callback invoked when the client renegotiate a connection. Also, make clients renegotiate. (not enabled yet, until they detect that the server acted like a v2 server)
svn:r12623
|
| |
|
|
|
|
|
| |
Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation. None of this is enabled unless you define V2_HANDSHAKE_SERVER.
svn:r12622
|
| |
|
|
|
|
|
| |
When we complete an OR handshake, set up all the internal fields and mark the connection as open.
svn:r12495
|
| |
|
|
|
|
|
| |
Improve "tls error. breaking" message a little.
svn:r12411
|
| |
|
|
|
|
|
| |
without link encryption.
svn:r12410
|
| |
|
|
|
|
|
| |
Parse CERT cells and act correctly when we get them.
svn:r12396
|
| |
|
|
|
|
|
| |
Send and parse link_auth cells properly.
svn:r12386
|
| |
|
|
|
|
|
| |
Add functions to encode certificates
svn:r12384
|
| |
|
|
|
|
|
| |
Make TLS contexts reference-counted, and add a reference from TLS objects to their corresponding context. This lets us reliably get the certificates for a given TLS connection, even if we have rotated TLS contexts.
svn:r12383
|
| |
|
|
|
|
|
| |
Remember X509 certificates in the context. Store peer/self certificate digests in handshake state.
svn:r12382
|
| |
|
|
|
|
|
| |
Code to remember client_random and server_random values, and to compute hmac using TLS master secret.
svn:r12381
|
| |
|
|
|
|
|
| |
Clean spaces.
svn:r12301
|
| |
|
|
|
|
|
| |
Implement (but do not enable) link connection version negotiation
svn:r12286
|
| |
|
|
|
|
|
| |
Drop support for OpenSSL 0.9.6.
svn:r12191
|
| |
|
|
|
|
|
| |
New code (disabled for now) to use the SSL context's cert store instead of using its "extra chain cert" list to get our identity certificate sent. This is a little close to what OpenSSL expects people to do, and it has the advantage that we should be able to keep the id cert from being sent by setting the NO_CHAIN_CERT bit. I have tried turning new code on, and it seemed to work fine.
svn:r12086
|
| |
|
|
|
|
|
| |
Cheesy attempt to break some censorware. Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them.
svn:r10975
|