| Commit message (Expand) | Author | Age |
|---|
| * | Make the bufferevent code use the renegotiation-reenabling hack | Nick Mathewson | 2010-09-27 |
| * | Document and/or fix stuff found by Sebastian in code review•••Thanks to Sebastian for his code-review of the bufferevents patch series.x
| Nick Mathewson | 2010-09-27 |
| * | Get SSL connections and linked connections working with bufferevents.•••Clients are now verified to work and build circuits correctly. There
are still a few warnings given here and there that I need to look into.
| Nick Mathewson | 2010-09-27 |
| * | Update Tor Project copyright years | Nick Mathewson | 2010-02-27 |
| * | Make Tor work with OpenSSL 0.9.8l•••To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default. We are not affected by this security problem, however,
since we do renegotiation right. (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.
Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.
For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done. There's no way to exploit a second handshake
either, but we might as well not allow it.
| Nick Mathewson | 2009-11-05 |
| * | Fix compile warnings on Snow Leopard•••Big thanks to nickm and arma for helping me with this!
| Sebastian Hahn | 2009-09-01 |
| * | Update copyright to 2009. | Karsten Loesing | 2009-05-04 |
| * | Remove svn $Id$s from our source, and remove tor --version --version.•••The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed. They were not actually useful for
telling the version of Tor files in the wild.
svn:r17867
| Nick Mathewson | 2009-01-04 |
| * | Use a consistent naming standard for header file guard macros, taking care no...•••svn:r17805
| Nick Mathewson | 2008-12-29 |
| * | Downlgrade tweak, and answer lots of XXX021s. No actual code fixes in this p...•••svn:r17686
| Nick Mathewson | 2008-12-18 |
| * | Resolve many DOCDOCs.•••svn:r17662
| Nick Mathewson | 2008-12-17 |
| * | r15161@31-33-107: nickm | 2008-04-10 11:11:58 -0400••• Make dumpstats() log the size and fullness of openssl-internal buffers, so I can test my hypothesis that many of them are empty, and my alternative hypothesis that many of them are mostly empty, against the null hypothesis that we really need to be burning 32K per open OR connection on this.
svn:r14350
| Nick Mathewson | 2008-04-10 |
| * | r14362@31-33-219: nickm | 2008-02-21 11:01:10 -0500••• Change some of our log messages related to closed TLS connections in order to better reflect reality.
svn:r13657
| Nick Mathewson | 2008-02-21 |
| * | r18218@catbus: nickm | 2008-02-19 17:27:40 -0500••• When SafeLogging is off, have TLS errors and messages logged with their associated addresses.
svn:r13591
| Nick Mathewson | 2008-02-19 |
| * | r18051@catbus: nickm | 2008-02-12 15:20:43 -0500••• Re-tune mempool parametes based on testing on peacetime: use smaller chuncks, free them a little more aggressively, and try very hard to concentrate allocations on fuller chunks. Also, lots of new documentation.
svn:r13484
| Nick Mathewson | 2008-02-12 |
| * | r14062@tombo: nickm | 2008-02-08 15:17:07 -0500••• Change DNs in x509 certificates to be harder to fingerprint. Raise common code. Refactor random hostname generation into crypto.c
svn:r13429
| Nick Mathewson | 2008-02-08 |
| * | Update some copyright notices: it is now 2008.•••svn:r13412
| Nick Mathewson | 2008-02-07 |
| * | r17955@catbus: nickm | 2008-02-06 16:53:07 -0500••• The SSL portion of the revised handshake now seems to work: I just finally got a client and a server to negotiate versions. Now to make sure certificate verification is really happening, connections are getting opened, etc.
svn:r13409
| Nick Mathewson | 2008-02-06 |
| * | r17947@catbus: nickm | 2008-02-06 11:57:53 -0500••• Fix a bunch of DOCDOC items; document the --quiet flag; refactor a couple of XXXX020 items.
svn:r13405
| Nick Mathewson | 2008-02-06 |
| * | r17918@catbus: nickm | 2008-02-05 16:39:17 -0500••• Remove a few #if-0d items.
svn:r13392
| Nick Mathewson | 2008-02-05 |
| * | r17903@catbus: nickm | 2008-02-05 14:40:03 -0500••• Remove some dead code; fix some XXX020s; turn some XXX020s into XXXX_IP6s (i.e., "needs to be fixed when we add ipv6 support").
svn:r13382
| Nick Mathewson | 2008-02-05 |
| * | clean up copyrights, and assign 2007 copyrights to The Tor Project, Inc•••svn:r12786
| Roger Dingledine | 2007-12-12 |
| * | r15088@tombo: nickm | 2007-11-30 23:47:29 -0500••• Add support to get a callback invoked when the client renegotiate a connection. Also, make clients renegotiate. (not enabled yet, until they detect that the server acted like a v2 server)
svn:r12623
| Nick Mathewson | 2007-12-01 |
| * | r15087@tombo: nickm | 2007-11-30 22:32:26 -0500••• Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation. None of this is enabled unless you define V2_HANDSHAKE_SERVER.
svn:r12622
| Nick Mathewson | 2007-12-01 |
| * | r16669@catbus: nickm | 2007-11-14 14:50:03 -0500••• When we complete an OR handshake, set up all the internal fields and mark the connection as open.
svn:r12495
| Nick Mathewson | 2007-11-14 |
| * | r16523@catbus: nickm | 2007-11-07 11:35:49 -0500••• Improve "tls error. breaking" message a little.
svn:r12411
| Nick Mathewson | 2007-11-07 |
| * | r16455@catbus: nickm | 2007-11-06 12:48:00 -0500••• Parse CERT cells and act correctly when we get them.
svn:r12396
| Nick Mathewson | 2007-11-06 |
| * | r16432@catbus: nickm | 2007-11-05 14:18:57 -0500••• Send and parse link_auth cells properly.
svn:r12386
| Nick Mathewson | 2007-11-05 |
| * | r16413@catbus: nickm | 2007-11-05 13:14:18 -0500••• Add functions to encode certificates
svn:r12384
| Nick Mathewson | 2007-11-05 |
| * | r16411@catbus: nickm | 2007-11-05 11:27:37 -0500••• Remember X509 certificates in the context. Store peer/self certificate digests in handshake state.
svn:r12382
| Nick Mathewson | 2007-11-05 |
| * | r16410@catbus: nickm | 2007-11-05 10:54:29 -0500••• Code to remember client_random and server_random values, and to compute hmac using TLS master secret.
svn:r12381
| Nick Mathewson | 2007-11-05 |
| * | r16285@catbus: nickm | 2007-10-30 17:43:25 -0400••• Implement (but do not enable) link connection version negotiation
svn:r12286
| Nick Mathewson | 2007-10-30 |
| * | r14093@catbus: nickm | 2007-08-08 01:49:54 -0400••• Include fewer redundant headers; use the compiler search paths better.
svn:r11060
| Nick Mathewson | 2007-08-08 |
| * | r11775@catbus: nickm | 2007-02-12 16:39:09 -0500••• Update copyright dates.
svn:r9570
| Nick Mathewson | 2007-02-12 |
| * | r11629@catbus: nickm | 2007-02-02 15:06:17 -0500••• Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were. Oops. Hey, kids! Fixing some of these could be your first Tor patch!
svn:r9477
| Nick Mathewson | 2007-02-02 |
| * | r11607@catbus: nickm | 2007-01-30 17:19:27 -0500••• Audit non-const char arguments; make a lot more of them const.
svn:r9466
| Nick Mathewson | 2007-01-30 |
| * | r11966@Kushana: nickm | 2007-01-15 16:12:17 -0500••• Tidy up ORCONN reason patch from Mike Perry. Changes: make some of the handling of TLS error codes less error prone. Enforce house style wrt spaces. Make it compile with --enable-gcc-warnings. Only set or_conn->tls_error in the case of an actual error. Add a changelog entry.
svn:r9355
| Nick Mathewson | 2007-01-15 |
| * | r11957@Kushana: nickm | 2007-01-15 15:25:57 -0500••• Patch from Mike Perry: Track reasons for OR connection failure; display them in control events. Needs review and revision.
svn:r9354
| Nick Mathewson | 2007-01-15 |
| * | r11741@Kushana: nickm | 2006-12-28 22:41:29 -0500••• Count TLS bytes accurately: previously, we counted only the number of bytes read or transmitted via tls, not the number of extra bytes used to do so. This has been a lonstanding wart. The fix "Works for me".
svn:r9207
| Nick Mathewson | 2006-12-29 |
| * | r11566@Kushana: nickm | 2006-12-13 17:46:24 -0500••• Try to fix an assert failure in new write limiting code: make buffers.c aware of previous "forced" write sizes from tortls.
svn:r9105
| Nick Mathewson | 2006-12-13 |
| * | and now the exciting part: there is now no such thing as doing•••a client-only tls, that is, one with no certs.
svn:r6558
| Roger Dingledine | 2006-06-07 |
| * | simplify the tortls api: we only support being a "server", that•••is, even tor clients do the same sort of handshake.
this has been true for years, so it's best to get rid of the
stale code.
svn:r6557
| Roger Dingledine | 2006-06-07 |
| * | if we're a server and some peer has a broken tls certificate, don't•••shout about it unless we want to hear about protocol violations.
svn:r6507
| Roger Dingledine | 2006-05-26 |
| * | Happy new year!•••svn:r5949
| Roger Dingledine | 2006-02-09 |
| * | Efficiency hack: call tor_fix_source_file late, not early. Add "BUG" domain....•••svn:r5309
| Nick Mathewson | 2005-10-25 |
| * | start the process of reducing clutter in server logs•••svn:r5253
| Roger Dingledine | 2005-10-17 |
| * | Make doxygen marginally happier•••svn:r5208
| Nick Mathewson | 2005-10-06 |
| * | Change end-of-file NLNL convention. It turns out arma I and I agree.•••svn:r4382
| Nick Mathewson | 2005-06-09 |
| * | New whitespace normalization rule: no blank line at EOF.•••svn:r4378
| Nick Mathewson | 2005-06-09 |
| * | Fix "JAP-client" hideous ASN1 bug, twice. (Fix1: check more thoroughly for TL...•••svn:r4085
| Nick Mathewson | 2005-04-23 |