aboutsummaryrefslogtreecommitdiff
path: root/src/common/tortls.c
Commit message (Expand)AuthorAge
* fix a seg fault on solaris•••svn:r2313 Roger Dingledine2004-08-25
* tell the user what time _they_ are too, when a cert is expired•••svn:r2114 Roger Dingledine2004-07-22
* Make tor_tls_new variant use alternative (certless) context•••svn:r2096 Nick Mathewson2004-07-22
* fix our tls handshake chain cert bug•••svn:r2086 Roger Dingledine2004-07-21
* Log certificate lifetime on failure.•••svn:r2083 Nick Mathewson2004-07-21
* Log number of certs in wrong-length chains•••svn:r2078 Nick Mathewson2004-07-21
* Misc small code cleanups; remove exit_server_mode(); change tor_tls_verify be...•••svn:r2073 Nick Mathewson2004-07-21
* more useful warning messages•••(fixed because the old ones confused a user) svn:r2055 Roger Dingledine2004-07-19
* Resolve some XXXs•••svn:r1889 Nick Mathewson2004-05-18
* it's amazing what a bit of punctuation can do for appearances•••svn:r1843 Roger Dingledine2004-05-10
* Doxygenate common.•••svn:r1829 Nick Mathewson2004-05-10
* Working strerror for windows socket errors, plus some snide comments.•••svn:r1775 Nick Mathewson2004-05-02
* some patches on the patches•••svn:r1761 Roger Dingledine2004-05-01
* Handle windows socket errors correctly; comment most of common.•••svn:r1756 Nick Mathewson2004-05-01
* Some versions of openssl have an SSL_pending function that erroneously•••returns bytes when there is a non-application record pending. I have no idea when/why this would even happen, but let's catch it and make sure tor_tls_get_pending_bytes stays correct. svn:r1727 Nick Mathewson2004-04-26
* Add a macro to catch unhandled openssl errors.•••svn:r1723 Nick Mathewson2004-04-26
* log debug so nick can see it too•••svn:r1721 Roger Dingledine2004-04-26
* Include strerror(errno) with tls syscall errors•••svn:r1718 Nick Mathewson2004-04-26
* Log pending TLS errors in a couple more places, in case they are possible.•••svn:r1716 Nick Mathewson2004-04-26
* Call tls_log_errors at a more appropriate location; we can remove the other c...•••svn:r1709 Nick Mathewson2004-04-26
* Very blunt debugging code: log pending errors at start and end of tor_tls_verify•••svn:r1707 Nick Mathewson2004-04-26
* use tor_assert and PUBLIC_KEY_OK•••but don't use tor_assert inside log.c, to avoid loops svn:r1696 Roger Dingledine2004-04-25
* Merge flagday into main branch.•••svn:r1683 Nick Mathewson2004-04-24
* quiet a -l info that should be -l debug•••svn:r1634 Roger Dingledine2004-04-15
* allow 90 minutes of clock skew, not 30•••svn:r1544 Roger Dingledine2004-04-08
* Document stuff, reduce magic numbers, add emacs magic•••svn:r1502 Nick Mathewson2004-04-06
* Make "common" no longer depend on or.h•••svn:r1466 Nick Mathewson2004-04-03
* Refactor the heck out of crypto interface: admit that we will stick with one ...•••svn:r1458 Nick Mathewson2004-04-03
* Make tor build on windows again. More work still needed•••svn:r1247 Nick Mathewson2004-03-09
* bugfix: stop trying to write to a stderr that may not be there•••also, tell start_daemon our desired cwd svn:r1170 Roger Dingledine2004-02-28
* fix typo•••svn:r1007 Roger Dingledine2004-01-20
* Note discrepency between N bytes transmitted over TLS and actual bandwidth us...•••svn:r986 Nick Mathewson2004-01-13
* clean tabs, trailing whitespace•••svn:r952 Roger Dingledine2003-12-17
* Stop leaking X509 certs; those things are _nasty_ on the carpet•••svn:r833 Nick Mathewson2003-11-18
* fix a bug in handling clock skew•••svn:r785 Roger Dingledine2003-11-11
* resolve warning•••svn:r664 Nick Mathewson2003-10-23
* Two-pronged attack at my overzealous skew fixes.•••The problem was that the fixes had us generating TLS certs with a 2-day lifetime on the assumption that we'd rotate fairly often. In fact, we never rotate our TLS keys. This patch fixes the situation in 2 ways: 1. It bumps the default lifetime back up to one year until we get rotation in place. 2. It changes tor_tls_context_new() so that it doesn't leak memory when you call it more than once. svn:r663 Nick Mathewson2003-10-23
* Clock skew fixes.•••Allow some slop (currently 3 minutes) when checking certificate validity. Change certificate lifetime from 1 year to 2 days. Since we regenerate regularly (we regenerate regularly, right??), this shouldn't be a problem. Have directories reject descriptors published too far in the future (currently 30 minutes). If dirservs don't do this: 0) Today is January 1, 2000. 1) A very skewed server publishes descriptor X with a declared publication time of August 1, 2000. 2) The directory includes X. 3) Because of certificate lifetime issues, nobody can use the skewed server. 4) The server fixes its skew, and goes to republish a new descriptor Y with publication time of January 1, 2000. 5) But because the directory already has a "more recent" descriptor X, it rejects descriptor "Y" as superseded! This patch should make step 2 go away. svn:r658 Nick Mathewson2003-10-22
* introduce new tor_free() macro•••svn:r643 Roger Dingledine2003-10-21
* warn, not err•••svn:r630 Roger Dingledine2003-10-19
* Code to get nicknames from peer certs•••svn:r627 Nick Mathewson2003-10-19
* let tls tolerate reallocing the buf•••and also remember the params for ssl_write if it returns wantread. svn:r626 Roger Dingledine2003-10-19
* first steps toward a WANTWRITE SSL_write tls bug fix•••how exactly the same do the arguments need to be? :( svn:r625 Roger Dingledine2003-10-18
* start to track down the 'peer has invalid cert' bug•••svn:r623 Roger Dingledine2003-10-18
* Log TLS errors even harder•••svn:r604 Nick Mathewson2003-10-15
* Add more logging on some ssl errors.•••svn:r603 Nick Mathewson2003-10-15
* change WARNING to WARN•••svn:r570 Roger Dingledine2003-10-10
* shift read_file_to_str() into util.c•••svn:r504 Roger Dingledine2003-09-28
* Add function to wrap SSL_pending•••svn:r501 Nick Mathewson2003-09-27
* finish enforcing the log convention•••svn:r494 Roger Dingledine2003-09-26
generated by cgit v1.2.3 (git 2.48.1) at 2025-04-02 00:24:43 +0000