| Commit message (Expand) | Author | Age |
|---|
| * | Update copyright dates to 2012; add a few missing copyright statements | Nick Mathewson | 2012-06-04 |
| * | Rename nonconformant identifiers.•••Fixes bug 4893.
These changes are pure mechanical, and were generated with this
perl script:
/usr/bin/perl -w -i.bak -p
s/crypto_pk_env_t/crypto_pk_t/g;
s/crypto_dh_env_t/crypto_dh_t/g;
s/crypto_cipher_env_t/crypto_cipher_t/g;
s/crypto_digest_env_t/crypto_digest_t/g;
s/aes_free_cipher/aes_cipher_free/g;
s/crypto_free_cipher_env/crypto_cipher_free/g;
s/crypto_free_digest_env/crypto_digest_free/g;
s/crypto_free_pk_env/crypto_pk_free/g;
s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;
s/crypto_new_cipher_env/crypto_cipher_new/g;
s/crypto_new_digest_env/crypto_digest_new/g;
s/crypto_new_digest256_env/crypto_digest256_new/g;
s/crypto_new_pk_env/crypto_pk_new/g;
s/crypto_create_crypto_env/crypto_cipher_new/g;
s/connection_create_listener/connection_listener_new/g;
s/smartlist_create/smartlist_new/g;
s/transport_create/transport_new/g;
| Nick Mathewson | 2012-01-18 |
| * | Revert "Get rid of tor_tls_block_renegotiation()."•••This reverts commit 340809dd224b244675496e301d3ba154a6fe68d0.
| Nick Mathewson | 2011-12-06 |
| * | Revert "Use callback-driven approach to block renegotiations."•••This reverts commit 406ae1ba5ad529a4d0e710229dab6ed645d42b50.
| Nick Mathewson | 2011-12-06 |
| * | Revert "Refactor tor_event_base_once to do what we actually want"•••This reverts commit 7920ea55b8d994268d2b07f27316b0f34d8f27e5.
| Nick Mathewson | 2011-12-06 |
| * | Refactor tor_event_base_once to do what we actually want•••This version avoids the timeout system entirely, gives a nicer
interface, and lets us manage allocation explicitly.
| Nick Mathewson | 2011-11-25 |
| * | Merge remote-tracking branch 'asn/bug4312' | Nick Mathewson | 2011-11-25 |
| |\ |
|
| | * | Use callback-driven approach to block renegotiations.•••Also use this new approach in the bufferevents-enabled case.
| George Kadianakis | 2011-11-13 |
| | * | Get rid of tor_tls_block_renegotiation().•••Since we check for naughty renegotiations using
tor_tls_t.server_handshake_count we don't need that semi-broken
function (at least till there is a way to disable rfc5746
renegotiations too).
| George Kadianakis | 2011-10-26 |
| * | | Make certificate skew into a protocol warning | Nick Mathewson | 2011-11-15 |
| * | | Allow up to a 30 days future skew, 48 hours past skew in certs. | Nick Mathewson | 2011-11-15 |
| * | | Fix a bunch of whitespace errors | Nick Mathewson | 2011-10-11 |
| |/ |
|
| * | Make tor_tls_cert_is_valid check key lengths | Nick Mathewson | 2011-10-10 |
| * | Function to return peer cert as tor_tls_cert | Nick Mathewson | 2011-10-10 |
| * | Functions to get a public RSA key from a cert | Nick Mathewson | 2011-10-10 |
| * | Function to detect certificate types that signal v3 certificates | Nick Mathewson | 2011-10-10 |
| * | Function to get digests of the certs and their keys | Nick Mathewson | 2011-10-10 |
| * | More functions to manipulate certs received in cells | Nick Mathewson | 2011-10-10 |
| * | Function to extract the TLSSECRETS field for v3 handshakes | Nick Mathewson | 2011-10-10 |
| * | Turn X509 certificates into a first-class type and add some functions | Nick Mathewson | 2011-10-10 |
| * | Record the states of failing OR connections•••This code lets us record the state of any outgoing OR connection
that fails before it becomes open, so we can notice if they're all
dying in the same SSL state or the same OR handshake state.
More work is still needed:
- We need documentation
- We need to actually call the code that reports the failure when
we realize that we're having a hard time connecting out or
making circuits.
- We need to periodically clear out all this data -- perhaps,
whenever we build a circuit successfully?
- We'll eventually want to expose it to controllers, perhaps.
Partial implementation of feature 3116.
| Nick Mathewson | 2011-07-11 |
| * | Merge remote branch 'origin/maint-0.2.2' | Nick Mathewson | 2011-01-03 |
| |\ |
|
| | * | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts:
src/common/test.h
src/or/test.c
| Nick Mathewson | 2011-01-03 |
| | |\ |
|
| | | * | Bump copyright statements to 2011 | Nick Mathewson | 2011-01-03 |
| * | | | Add a testing-only option to use bufferevent_openssl as a filter•••We need filtering bufferevent_openssl so that we can wrap around
IOCP bufferevents on Windows. This patch adds a temporary option to
turn on filtering mode, so that we can test it out on non-IOCP
systems to make sure it hasn't got any surprising bugs.
It also fixes some allocation/teardown errors in using
bufferevent_openssl as a filter.
| Nick Mathewson | 2010-11-09 |
| * | | | Merge remote branch 'origin/maint-0.2.2'•••Conflicts:
src/common/tortls.c
| Nick Mathewson | 2010-10-21 |
| |\| | |
|
| | * | | Maintain separate server and client TLS contexts.•••Fixes bug #988.
| Robert Ransom | 2010-10-04 |
| | * | | Refactor tor_tls_context_new:•••* Make tor_tls_context_new internal to tortls.c, and return the new
tor_tls_context_t from it.
* Add a public tor_tls_context_init wrapper function to replace it.
| Robert Ransom | 2010-10-04 |
| | |/ |
|
| * | | Set OpenSSL 0.9.8l renegotiation flag early enough for bufferevents•••This seems to fix another case of bug2001.
| Nick Mathewson | 2010-10-12 |
| * | | Actually call connection_tls_finish_handshake() with bufferevents•••First start of a fix for bug2001, but my test network still isn't
working: the client and the server send each other VERSIONS cells,
but never notice that they got them.
| Nick Mathewson | 2010-10-12 |
| * | | Add header for tor_tls_log_one_error | Nick Mathewson | 2010-10-11 |
| * | | Make the bufferevent code use the renegotiation-reenabling hack | Nick Mathewson | 2010-09-27 |
| * | | Document and/or fix stuff found by Sebastian in code review•••Thanks to Sebastian for his code-review of the bufferevents patch series.x
| Nick Mathewson | 2010-09-27 |
| * | | Get SSL connections and linked connections working with bufferevents.•••Clients are now verified to work and build circuits correctly. There
are still a few warnings given here and there that I need to look into.
| Nick Mathewson | 2010-09-27 |
| |/ |
|
| * | Update Tor Project copyright years | Nick Mathewson | 2010-02-27 |
| * | Make Tor work with OpenSSL 0.9.8l•••To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default. We are not affected by this security problem, however,
since we do renegotiation right. (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.
Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.
For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done. There's no way to exploit a second handshake
either, but we might as well not allow it.
| Nick Mathewson | 2009-11-05 |
| * | Fix compile warnings on Snow Leopard•••Big thanks to nickm and arma for helping me with this!
| Sebastian Hahn | 2009-09-01 |
| * | Update copyright to 2009. | Karsten Loesing | 2009-05-04 |
| * | Remove svn $Id$s from our source, and remove tor --version --version.•••The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed. They were not actually useful for
telling the version of Tor files in the wild.
svn:r17867
| Nick Mathewson | 2009-01-04 |
| * | Use a consistent naming standard for header file guard macros, taking care no...•••svn:r17805
| Nick Mathewson | 2008-12-29 |
| * | Downlgrade tweak, and answer lots of XXX021s. No actual code fixes in this p...•••svn:r17686
| Nick Mathewson | 2008-12-18 |
| * | Resolve many DOCDOCs.•••svn:r17662
| Nick Mathewson | 2008-12-17 |
| * | r15161@31-33-107: nickm | 2008-04-10 11:11:58 -0400••• Make dumpstats() log the size and fullness of openssl-internal buffers, so I can test my hypothesis that many of them are empty, and my alternative hypothesis that many of them are mostly empty, against the null hypothesis that we really need to be burning 32K per open OR connection on this.
svn:r14350
| Nick Mathewson | 2008-04-10 |
| * | r14362@31-33-219: nickm | 2008-02-21 11:01:10 -0500••• Change some of our log messages related to closed TLS connections in order to better reflect reality.
svn:r13657
| Nick Mathewson | 2008-02-21 |
| * | r18218@catbus: nickm | 2008-02-19 17:27:40 -0500••• When SafeLogging is off, have TLS errors and messages logged with their associated addresses.
svn:r13591
| Nick Mathewson | 2008-02-19 |
| * | r18051@catbus: nickm | 2008-02-12 15:20:43 -0500••• Re-tune mempool parametes based on testing on peacetime: use smaller chuncks, free them a little more aggressively, and try very hard to concentrate allocations on fuller chunks. Also, lots of new documentation.
svn:r13484
| Nick Mathewson | 2008-02-12 |
| * | r14062@tombo: nickm | 2008-02-08 15:17:07 -0500••• Change DNs in x509 certificates to be harder to fingerprint. Raise common code. Refactor random hostname generation into crypto.c
svn:r13429
| Nick Mathewson | 2008-02-08 |
| * | Update some copyright notices: it is now 2008.•••svn:r13412
| Nick Mathewson | 2008-02-07 |
| * | r17955@catbus: nickm | 2008-02-06 16:53:07 -0500••• The SSL portion of the revised handshake now seems to work: I just finally got a client and a server to negotiate versions. Now to make sure certificate verification is really happening, connections are getting opened, etc.
svn:r13409
| Nick Mathewson | 2008-02-06 |
| * | r17947@catbus: nickm | 2008-02-06 11:57:53 -0500••• Fix a bunch of DOCDOC items; document the --quiet flag; refactor a couple of XXXX020 items.
svn:r13405
| Nick Mathewson | 2008-02-06 |