| Commit message (Expand) | Author | Age |
|---|
| * | Fix a check-spaces complaint | Sebastian Hahn | 2011-11-16 |
| * | Make certificate skew into a protocol warning | Nick Mathewson | 2011-11-15 |
| * | Allow up to a 30 days future skew, 48 hours past skew in certs. | Nick Mathewson | 2011-11-15 |
| * | Fix a memory-poisoning memset in tortls.c | Nick Mathewson | 2011-10-28 |
| * | Merge branch 'maint-0.2.2_secfix' into master_secfix•••Conflicts:
src/common/tortls.c
src/or/connection_or.c
src/or/dirserv.c
src/or/or.h
| Sebastian Hahn | 2011-10-27 |
| |\ |
|
| | * | Merge branch 'maint-0.2.1_secfix' into maint-0.2.2_secfix•••Conflicts:
src/or/connection_or.c
| Sebastian Hahn | 2011-10-26 |
| | |\ |
|
| | | * | Don't send a certificate chain on outgoing TLS connections from non-relays | Nick Mathewson | 2011-10-26 |
| | | * | Maintain separate server and client TLS contexts.•••Fixes bug #988.
Conflicts:
src/or/main.c
src/or/router.c
| Robert Ransom | 2011-10-26 |
| | | * | Refactor tor_tls_context_new:•••* Make tor_tls_context_new internal to tortls.c, and return the new
tor_tls_context_t from it.
* Add a public tor_tls_context_init wrapper function to replace it.
Conflicts:
src/or/main.c
src/or/router.c
| Robert Ransom | 2011-10-26 |
| | | * | Make the DH parameter we use for TLS match the one from Apache's mod_ssl•••Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
(Backport from 0.2.2's 5ed73e3807d90dd0a3)
| Nick Mathewson | 2011-02-10 |
| * | | | Fix a reference-leak in tor_tls_received_v3_certificate•••We were calling SSL_get_peer_certificate but not X509_free.
This is a major part of bug4252; the bug has been in no released version.
| Nick Mathewson | 2011-10-23 |
| * | | | Fix memory leak in prop176 code•••This fixes part of bug4252. Bug not in any released version.
| Nick Mathewson | 2011-10-23 |
| * | | | Add some points to make it easy to turn off v3 support | Nick Mathewson | 2011-10-10 |
| * | | | Quiet two notices, and spelling mistake cleanup | Sebastian Hahn | 2011-10-10 |
| * | | | Give tor_cert_get_id_digests() fail-fast behavior•••Right now we can take the digests only of an RSA key, and only expect to
take the digests of an RSA key. The old tor_cert_get_id_digests() would
return a good set of digests for an RSA key, and an all-zero one for a
non-RSA key. This behavior is too error-prone: it carries the risk that
we will someday check two non-RSA keys for equality and conclude that
they must be equal because they both have the same (zero) "digest".
Instead, let's have tor_cert_get_id_digests() return NULL for keys we
can't handle, and make its callers explicitly test for NULL.
| Nick Mathewson | 2011-10-10 |
| * | | | Fix some more issues wrt tor_cert_new found by asn | Nick Mathewson | 2011-10-10 |
| * | | | Generate certificates that enable v3 handshake | Nick Mathewson | 2011-10-10 |
| * | | | Make tor_tls_cert_is_valid check key lengths | Nick Mathewson | 2011-10-10 |
| * | | | Function to return peer cert as tor_tls_cert | Nick Mathewson | 2011-10-10 |
| * | | | Add AUTH keys as specified in proposal 176•••Our keys and x.509 certs are proliferating here. Previously we had:
An ID cert (using the main ID key), self-signed
A link cert (using a shorter-term link key), signed by the ID key
Once proposal 176 and 179 are done, we will also have:
Optionally, a presentation cert (using the link key),
signed by whomever.
An authentication cert (using a shorter-term ID key), signed by
the ID key.
These new keys are managed as part of the tls context infrastructure,
since you want to rotate them under exactly the same circumstances,
and since they need X509 certificates.
| Nick Mathewson | 2011-10-10 |
| * | | | Functions to get a public RSA key from a cert | Nick Mathewson | 2011-10-10 |
| * | | | Function to detect certificate types that signal v3 certificates | Nick Mathewson | 2011-10-10 |
| * | | | Function to get digests of the certs and their keys | Nick Mathewson | 2011-10-10 |
| * | | | More functions to manipulate certs received in cells | Nick Mathewson | 2011-10-10 |
| * | | | Function to extract the TLSSECRETS field for v3 handshakes | Nick Mathewson | 2011-10-10 |
| * | | | Turn X509 certificates into a first-class type and add some functions | Nick Mathewson | 2011-10-10 |
| * | | | Add write watermarks to filtered bufferevents. | Nick Mathewson | 2011-08-24 |
| * | | | Automatically use filtering bufferevents with IOCP. | Nick Mathewson | 2011-08-18 |
| * | | | Don't warn on http connection to my orport•••Also remove a few other related warnings that could occur during the ssl
handshake. We do this because the relay operator can't do anything about
them, and they aren't their fault.
| Sebastian Hahn | 2011-08-11 |
| * | | | Make WIN32_WINNT defines conditional•••Requested by Gisle Vanem on tor-dev. I'm not quite sure this is the
right solution, but it's probably harmless.
| Nick Mathewson | 2011-07-15 |
| * | | | Document feature3116 fns and improve output•••- We were reporting the _bottom_ N failing states, not the top N.
- With bufferevents enabled, we logged all TLS states as being "in
bufferevent", which isn't actually informative.
- When we had nothing to report, we reported nothing too loudly.
- Also, we needed documentation.
| Nick Mathewson | 2011-07-11 |
| * | | | Record the states of failing OR connections•••This code lets us record the state of any outgoing OR connection
that fails before it becomes open, so we can notice if they're all
dying in the same SSL state or the same OR handshake state.
More work is still needed:
- We need documentation
- We need to actually call the code that reports the failure when
we realize that we're having a hard time connecting out or
making circuits.
- We need to periodically clear out all this data -- perhaps,
whenever we build a circuit successfully?
- We'll eventually want to expose it to controllers, perhaps.
Partial implementation of feature 3116.
| Nick Mathewson | 2011-07-11 |
| * | | | Log SSL state changes at LOG_DEBUG, LD_HANDSHAKE.•••This can be slightly useful for debugging blocking events.
Addresses ticket 3116; based on loud_ssl_states branch.
| Nick Mathewson | 2011-06-20 |
| * | | | C style fix: a no-args function is void fn(void), not void fn(). | Nick Mathewson | 2011-03-03 |
| * | | | Add a magic field to tor_tls_t to catch exdata corruption bugs, if any appear. | Nick Mathewson | 2011-03-03 |
| * | | | Check the result of SSL_set_ex_data•••Reported by piebeer.
| Robert Ransom | 2011-03-03 |
| * | | | Use SSL_*_ex_data instead of SSL_*_app_data•••SSL_*_app_data uses ex_data index 0, which will be the first one allocated
by SSL_get_ex_new_index. Thus, if we ever started using the ex_data feature
for some other purpose, or a library linked to Tor ever started using
OpenSSL's ex_data feature, Tor would break in spectacular and mysterious
ways. Using the SSL_*_ex_data functions directly now may save us from
that particular form of breakage in the future.
But I would not be surprised if using OpenSSL's ex_data functions at all
(directly or not) comes back to bite us on our backends quite hard. The
specified behaviour of dup_func in the man page is stupid, and
crypto/ex_data.c is a horrific mess.
| Robert Ransom | 2011-03-03 |
| * | | | Remove now-unused helper functions•••These functions were needed only by code removed in the preceding commit.
Reported by mobmix.
| Robert Ransom | 2011-03-03 |
| * | | | remove tls related hash table code | Gladys Shufflebottom | 2011-03-01 |
| * | | | Merge remote branch 'origin/maint-0.2.2' | Nick Mathewson | 2011-02-03 |
| |\| | |
|
| | * | | Handle failing cases of DH allocation | Nick Mathewson | 2011-01-25 |
| * | | | Merge remote branch 'origin/maint-0.2.2' | Nick Mathewson | 2011-01-24 |
| |\| | |
|
| | * | | Make the DH parameter we use for TLS match the one from Apache's mod_ssl•••Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged. This is yet another small step on the path of
protocol fingerprinting resistance.
| Nick Mathewson | 2011-01-24 |
| * | | | Merge remote branch 'origin/maint-0.2.2' | Nick Mathewson | 2011-01-03 |
| |\| | |
|
| | * | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts:
src/common/test.h
src/or/test.c
| Nick Mathewson | 2011-01-03 |
| | |\| |
|
| | | * | Bump copyright statements to 2011 | Nick Mathewson | 2011-01-03 |
| | | * | Fix compilation with mingw and OpenSSL 0.9.8m+ | mingw-san | 2010-11-23 |
| * | | | Merge remote branch 'origin/maint-0.2.2' | Nick Mathewson | 2010-11-21 |
| |\| | |
|
| | * | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 | Nick Mathewson | 2010-11-21 |
| | |\| |
|
| | | * | Do not set the hostname TLS extension server-side; only client-side•••This may fix bug 2204, and resolve the incompatibility with openssl
0.9.8p/1.0.0b.
| Nick Mathewson | 2010-11-20 |