| Commit message (Expand) | Author | Age |
|---|
| ... | |
| * | r16215@tombo: nickm | 2008-06-12 18:39:03 -0400••• Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, *even if* we do not know all those ciphers. This is a bit of a kludge, but it is at least decently well commented.
svn:r15173
| Nick Mathewson | 2008-06-12 |
| * | Ouch. We were sometimes getting openssl compression by default. This is poi...•••svn:r14830
| Nick Mathewson | 2008-05-29 |
| * | If the user has an openssl that supports my "release buffer ram" patch, use it.•••svn:r14671
| Nick Mathewson | 2008-05-19 |
| * | r19613@catbus: nickm | 2008-05-05 19:57:06 -0400••• Log correct openssl buf capacity when using my sooper sekrit buffer hack. This will help test the aforementioned ssbh.
svn:r14567
| Nick Mathewson | 2008-05-05 |
| * | make check-spaces wants a newline at the end of tortls•••svn:r14508
| Roger Dingledine | 2008-04-29 |
| * | r15161@31-33-107: nickm | 2008-04-10 11:11:58 -0400••• Make dumpstats() log the size and fullness of openssl-internal buffers, so I can test my hypothesis that many of them are empty, and my alternative hypothesis that many of them are mostly empty, against the null hypothesis that we really need to be burning 32K per open OR connection on this.
svn:r14350
| Nick Mathewson | 2008-04-10 |
| * | r19089@catbus: nickm | 2008-03-27 11:05:23 -0400••• Free some static hashtables and the log mutex on exit. Backport candidate.
svn:r14212
| Nick Mathewson | 2008-03-27 |
| * | correct a confusing log message•••svn:r14165
| Roger Dingledine | 2008-03-24 |
| * | r18919@catbus: nickm | 2008-03-18 10:53:38 -0400••• Forward-port bug 622 fix as diagnosed by lodger.
svn:r14096
| Nick Mathewson | 2008-03-18 |
| * | r18852@catbus: nickm | 2008-03-16 22:47:19 -0400••• Downgrade "sslv3 alert handshake failure" message to info.
svn:r14057
| Nick Mathewson | 2008-03-17 |
| * | r18751@catbus: nickm | 2008-03-11 14:22:43 -0400••• Fix for bug 614: always look at the network BIO for the SSL object, not at the buffering BIO (if one exists because we are renegotiating or something). Bugfix on 0.1.2.x, oddly enough, though it should be impossible to trigger the problem there. Backport candidate. See comments in tortls.c for detailed implementation note.
svn:r13975
| Nick Mathewson | 2008-03-11 |
| * | r18747@catbus: nickm | 2008-03-11 13:21:25 -0400••• Request client certs when renegotiating on server-side. Spotted by lodger. Bugfix on 0.2.0.x.
svn:r13973
| Nick Mathewson | 2008-03-11 |
| * | r18638@catbus: nickm | 2008-03-07 20:11:15 -0500••• Fix typo in tortls.c comment.
svn:r13887
| Nick Mathewson | 2008-03-08 |
| * | r18535@catbus: nickm | 2008-03-01 09:58:33 -0500••• Whoo. People diagnosed and fixed bug 616. See changelog for details. Bugfix on 0.2.0.20-rc.
svn:r13793
| Nick Mathewson | 2008-03-01 |
| * | fix most of pnx's warnings on irix64•••svn:r13706
| Roger Dingledine | 2008-02-24 |
| * | <weasel> tortls.c: In function `tor_tls_client_is_using_v2_ciphers':•••<weasel> tortls.c:634: warning: passing arg 1 of `SSL_get_session' discards
qualifiers from pointer target type
Nick, see if you like this patch.
svn:r13690
| Roger Dingledine | 2008-02-24 |
| * | r14379@tombo: nickm | 2008-02-21 17:14:24 -0500••• Enable v2 handshakes.
svn:r13666
| Nick Mathewson | 2008-02-21 |
| * | r14374@tombo: nickm | 2008-02-21 16:57:39 -0500••• Fix all remaining shorten-64-to-32 errors in src/common. Some were genuine problems. Many were compatibility errors with libraries (openssl, zlib) that like predate size_t. Partial backport candidate.
svn:r13665
| Nick Mathewson | 2008-02-21 |
| * | r14362@31-33-219: nickm | 2008-02-21 11:01:10 -0500••• Change some of our log messages related to closed TLS connections in order to better reflect reality.
svn:r13657
| Nick Mathewson | 2008-02-21 |
| * | other cleanups that have been sitting in my sandbox•••svn:r13649
| Roger Dingledine | 2008-02-21 |
| * | resolve one more, and leave two for nick.•••svn:r13644
| Roger Dingledine | 2008-02-21 |
| * | r18296@catbus: nickm | 2008-02-20 23:30:11 -0500••• Answer one xxx020 item; move 7 other ones to a new "XXX020rc" category: they should get fixed before we cut a release candidate. arma: please review these to see whether you have fixes/answers for any. Please check out the other 14 XXX020s to see if any look critical for the release candidate.
svn:r13640
| Nick Mathewson | 2008-02-21 |
| * | r18218@catbus: nickm | 2008-02-19 17:27:40 -0500••• When SafeLogging is off, have TLS errors and messages logged with their associated addresses.
svn:r13591
| Nick Mathewson | 2008-02-19 |
| * | r14182@tombo: nickm | 2008-02-15 17:20:51 -0500••• Defer, downgrade, or address more XXX020s. The remaining ones are all ones we should deal with before release.
svn:r13530
| Nick Mathewson | 2008-02-15 |
| * | r18051@catbus: nickm | 2008-02-12 15:20:43 -0500••• Re-tune mempool parametes based on testing on peacetime: use smaller chuncks, free them a little more aggressively, and try very hard to concentrate allocations on fuller chunks. Also, lots of new documentation.
svn:r13484
| Nick Mathewson | 2008-02-12 |
| * | fix the compile•••svn:r13480
| Roger Dingledine | 2008-02-12 |
| * | r18045@catbus: nickm | 2008-02-11 23:48:54 -0500••• oops. Not *quite* ready, just yet, maybe. Do not turn the TLS client handshake on by mistake _again_.
svn:r13479
| Nick Mathewson | 2008-02-12 |
| * | r18041@catbus: nickm | 2008-02-11 23:43:18 -0500••• Make version negotiation and handshaking messages more useful and accurate.
svn:r13477
| Nick Mathewson | 2008-02-12 |
| * | r18036@catbus: nickm | 2008-02-11 23:36:38 -0500••• Make a couple of messages less noisy
svn:r13476
| Nick Mathewson | 2008-02-12 |
| * | doxygen and other cleanups•••svn:r13440
| Roger Dingledine | 2008-02-09 |
| * | r17987@catbus: nickm | 2008-02-08 17:01:56 -0500••• Remove spurious log stmt
svn:r13432
| Nick Mathewson | 2008-02-08 |
| * | r14062@tombo: nickm | 2008-02-08 15:17:07 -0500••• Change DNs in x509 certificates to be harder to fingerprint. Raise common code. Refactor random hostname generation into crypto.c
svn:r13429
| Nick Mathewson | 2008-02-08 |
| * | Update some copyright notices: it is now 2008.•••svn:r13412
| Nick Mathewson | 2008-02-07 |
| * | r17955@catbus: nickm | 2008-02-06 16:53:07 -0500••• The SSL portion of the revised handshake now seems to work: I just finally got a client and a server to negotiate versions. Now to make sure certificate verification is really happening, connections are getting opened, etc.
svn:r13409
| Nick Mathewson | 2008-02-06 |
| * | r17953@catbus: nickm | 2008-02-06 15:00:44 -0500••• Implement a better means for testing for renegotiation.
svn:r13408
| Nick Mathewson | 2008-02-06 |
| * | r17947@catbus: nickm | 2008-02-06 11:57:53 -0500••• Fix a bunch of DOCDOC items; document the --quiet flag; refactor a couple of XXXX020 items.
svn:r13405
| Nick Mathewson | 2008-02-06 |
| * | r17903@catbus: nickm | 2008-02-05 14:40:03 -0500••• Remove some dead code; fix some XXX020s; turn some XXX020s into XXXX_IP6s (i.e., "needs to be fixed when we add ipv6 support").
svn:r13382
| Nick Mathewson | 2008-02-05 |
| * | We accidentally enabled the under-development v2 TLS handshake•••code, which is causing log entries like "TLS error while
renegotiating handshake". Disable it again. Resolves bug 590.
svn:r13219
| Roger Dingledine | 2008-01-21 |
| * | r17717@catbus: nickm | 2008-01-21 17:09:23 -0500••• Fix certificate leak.
svn:r13218
| Nick Mathewson | 2008-01-21 |
| * | r17639@catbus: nickm | 2008-01-15 19:09:21 -0500••• Fix some hard to trigger but nonetheless real memory leaks spotted by an anonymous contributor. Needs review. Partial backport candidate.
svn:r13147
| Nick Mathewson | 2008-01-16 |
| * | minor cleanups•••svn:r13095
| Roger Dingledine | 2008-01-10 |
| * | r17490@catbus: nickm | 2008-01-07 11:48:02 -0500••• Fix bug 582: decref the idcert when we add it to the store.
svn:r13052
| Nick Mathewson | 2008-01-07 |
| * | r17473@catbus: nickm | 2008-01-05 22:15:05 -0500••• Add a reverse mapping from SSL to tor_tls_t*: we need this in order to do a couple of things the sensible way from inside callbacks. Also, add a couple of missing cases in connection_or.c
svn:r13040
| Nick Mathewson | 2008-01-06 |
| * | r15767@tombo: nickm | 2007-12-31 16:06:27 -0500••• Note an unfreed cert
svn:r13008
| Nick Mathewson | 2007-12-31 |
| * | clean up copyrights, and assign 2007 copyrights to The Tor Project, Inc•••svn:r12786
| Roger Dingledine | 2007-12-12 |
| * | r15223@tombo: nickm | 2007-12-07 23:41:21 -0500••• Aaand, do the code to enable the client side of the new TLS handshake. There are some loose ends that need tying up in connection_or, and a lot of half-baked code to remove, and some special cases to test for, and lots and lots of testing to do, but that is what weekends are for.
svn:r12721
| Nick Mathewson | 2007-12-08 |
| * | r16919@catbus: nickm | 2007-12-03 12:59:02 -0500••• Add DHE-RSA-AES256-SHA to the list of ciphers encountered from v1 connections.
svn:r12652
| Nick Mathewson | 2007-12-03 |
| * | r15088@tombo: nickm | 2007-11-30 23:47:29 -0500••• Add support to get a callback invoked when the client renegotiate a connection. Also, make clients renegotiate. (not enabled yet, until they detect that the server acted like a v2 server)
svn:r12623
| Nick Mathewson | 2007-12-01 |
| * | r15087@tombo: nickm | 2007-11-30 22:32:26 -0500••• Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation. None of this is enabled unless you define V2_HANDSHAKE_SERVER.
svn:r12622
| Nick Mathewson | 2007-12-01 |
| * | r16669@catbus: nickm | 2007-11-14 14:50:03 -0500••• When we complete an OR handshake, set up all the internal fields and mark the connection as open.
svn:r12495
| Nick Mathewson | 2007-11-14 |