aboutsummaryrefslogtreecommitdiff
path: root/src/common/tortls.h
Commit message (Collapse)AuthorAge
* Update Tor Project copyright yearsNick Mathewson2010-02-27
|
* Make Tor work with OpenSSL 0.9.8lNick Mathewson2009-11-05
| | | | | | | | | | | | | | | | | | | To fix a major security problem related to incorrect use of SSL/TLS renegotiation, OpenSSL has turned off renegotiation by default. We are not affected by this security problem, however, since we do renegotiation right. (Specifically, we never treat a renegotiated credential as authenticating previous communication.) Nevertheless, OpenSSL's new behavior requires us to explicitly turn renegotiation back on in order to get our protocol working again. Amusingly, this is not so simple as "set the flag when you create the SSL object" , since calling connect or accept seems to clear the flags. For belt-and-suspenders purposes, we clear the flag once the Tor handshake is done. There's no way to exploit a second handshake either, but we might as well not allow it.
* Fix compile warnings on Snow LeopardSebastian Hahn2009-09-01
| | | | Big thanks to nickm and arma for helping me with this!
* Update copyright to 2009.Karsten Loesing2009-05-04
|
* Remove svn $Id$s from our source, and remove tor --version --version.Nick Mathewson2009-01-04
| | | | | | | | The subversion $Id$ fields made every commit force a rebuild of whatever file got committed. They were not actually useful for telling the version of Tor files in the wild. svn:r17867
* Use a consistent naming standard for header file guard macros, taking care ↵Nick Mathewson2008-12-29
| | | | | | not to collide with any system headers. This tripped us up on Android. svn:r17805
* Downlgrade tweak, and answer lots of XXX021s. No actual code fixes in this ↵Nick Mathewson2008-12-18
| | | | | | patch. svn:r17686
* Resolve many DOCDOCs.Nick Mathewson2008-12-17
| | | | svn:r17662
* r15161@31-33-107: nickm | 2008-04-10 11:11:58 -0400Nick Mathewson2008-04-10
| | | | | | | Make dumpstats() log the size and fullness of openssl-internal buffers, so I can test my hypothesis that many of them are empty, and my alternative hypothesis that many of them are mostly empty, against the null hypothesis that we really need to be burning 32K per open OR connection on this. svn:r14350
* r14362@31-33-219: nickm | 2008-02-21 11:01:10 -0500Nick Mathewson2008-02-21
| | | | | | | Change some of our log messages related to closed TLS connections in order to better reflect reality. svn:r13657
* r18218@catbus: nickm | 2008-02-19 17:27:40 -0500Nick Mathewson2008-02-19
| | | | | | | When SafeLogging is off, have TLS errors and messages logged with their associated addresses. svn:r13591
* r18051@catbus: nickm | 2008-02-12 15:20:43 -0500Nick Mathewson2008-02-12
| | | | | | | Re-tune mempool parametes based on testing on peacetime: use smaller chuncks, free them a little more aggressively, and try very hard to concentrate allocations on fuller chunks. Also, lots of new documentation. svn:r13484
* r14062@tombo: nickm | 2008-02-08 15:17:07 -0500Nick Mathewson2008-02-08
| | | | | | | Change DNs in x509 certificates to be harder to fingerprint. Raise common code. Refactor random hostname generation into crypto.c svn:r13429
* Update some copyright notices: it is now 2008.Nick Mathewson2008-02-07
| | | | svn:r13412
* r17955@catbus: nickm | 2008-02-06 16:53:07 -0500Nick Mathewson2008-02-06
| | | | | | | The SSL portion of the revised handshake now seems to work: I just finally got a client and a server to negotiate versions. Now to make sure certificate verification is really happening, connections are getting opened, etc. svn:r13409
* r17947@catbus: nickm | 2008-02-06 11:57:53 -0500Nick Mathewson2008-02-06
| | | | | | | Fix a bunch of DOCDOC items; document the --quiet flag; refactor a couple of XXXX020 items. svn:r13405
* r17918@catbus: nickm | 2008-02-05 16:39:17 -0500Nick Mathewson2008-02-05
| | | | | | | Remove a few #if-0d items. svn:r13392
* r17903@catbus: nickm | 2008-02-05 14:40:03 -0500Nick Mathewson2008-02-05
| | | | | | | Remove some dead code; fix some XXX020s; turn some XXX020s into XXXX_IP6s (i.e., "needs to be fixed when we add ipv6 support"). svn:r13382
* clean up copyrights, and assign 2007 copyrights to The Tor Project, IncRoger Dingledine2007-12-12
| | | | svn:r12786
* r15088@tombo: nickm | 2007-11-30 23:47:29 -0500Nick Mathewson2007-12-01
| | | | | | | Add support to get a callback invoked when the client renegotiate a connection. Also, make clients renegotiate. (not enabled yet, until they detect that the server acted like a v2 server) svn:r12623
* r15087@tombo: nickm | 2007-11-30 22:32:26 -0500Nick Mathewson2007-12-01
| | | | | | | Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation. None of this is enabled unless you define V2_HANDSHAKE_SERVER. svn:r12622
* r16669@catbus: nickm | 2007-11-14 14:50:03 -0500Nick Mathewson2007-11-14
| | | | | | | When we complete an OR handshake, set up all the internal fields and mark the connection as open. svn:r12495
* r16523@catbus: nickm | 2007-11-07 11:35:49 -0500Nick Mathewson2007-11-07
| | | | | | | Improve "tls error. breaking" message a little. svn:r12411
* r16455@catbus: nickm | 2007-11-06 12:48:00 -0500Nick Mathewson2007-11-06
| | | | | | | Parse CERT cells and act correctly when we get them. svn:r12396
* r16432@catbus: nickm | 2007-11-05 14:18:57 -0500Nick Mathewson2007-11-05
| | | | | | | Send and parse link_auth cells properly. svn:r12386
* r16413@catbus: nickm | 2007-11-05 13:14:18 -0500Nick Mathewson2007-11-05
| | | | | | | Add functions to encode certificates svn:r12384
* r16411@catbus: nickm | 2007-11-05 11:27:37 -0500Nick Mathewson2007-11-05
| | | | | | | Remember X509 certificates in the context. Store peer/self certificate digests in handshake state. svn:r12382
* r16410@catbus: nickm | 2007-11-05 10:54:29 -0500Nick Mathewson2007-11-05
| | | | | | | Code to remember client_random and server_random values, and to compute hmac using TLS master secret. svn:r12381
* r16285@catbus: nickm | 2007-10-30 17:43:25 -0400Nick Mathewson2007-10-30
| | | | | | | Implement (but do not enable) link connection version negotiation svn:r12286
* r14093@catbus: nickm | 2007-08-08 01:49:54 -0400Nick Mathewson2007-08-08
| | | | | | | Include fewer redundant headers; use the compiler search paths better. svn:r11060
* r11775@catbus: nickm | 2007-02-12 16:39:09 -0500Nick Mathewson2007-02-12
| | | | | | | Update copyright dates. svn:r9570
* r11629@catbus: nickm | 2007-02-02 15:06:17 -0500Nick Mathewson2007-02-02
| | | | | | | Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were. Oops. Hey, kids! Fixing some of these could be your first Tor patch! svn:r9477
* r11607@catbus: nickm | 2007-01-30 17:19:27 -0500Nick Mathewson2007-01-30
| | | | | | | Audit non-const char arguments; make a lot more of them const. svn:r9466
* r11966@Kushana: nickm | 2007-01-15 16:12:17 -0500Nick Mathewson2007-01-15
| | | | | | | Tidy up ORCONN reason patch from Mike Perry. Changes: make some of the handling of TLS error codes less error prone. Enforce house style wrt spaces. Make it compile with --enable-gcc-warnings. Only set or_conn->tls_error in the case of an actual error. Add a changelog entry. svn:r9355
* r11957@Kushana: nickm | 2007-01-15 15:25:57 -0500Nick Mathewson2007-01-15
| | | | | | | Patch from Mike Perry: Track reasons for OR connection failure; display them in control events. Needs review and revision. svn:r9354
* r11741@Kushana: nickm | 2006-12-28 22:41:29 -0500Nick Mathewson2006-12-29
| | | | | | | Count TLS bytes accurately: previously, we counted only the number of bytes read or transmitted via tls, not the number of extra bytes used to do so. This has been a lonstanding wart. The fix "Works for me". svn:r9207
* r11566@Kushana: nickm | 2006-12-13 17:46:24 -0500Nick Mathewson2006-12-13
| | | | | | | Try to fix an assert failure in new write limiting code: make buffers.c aware of previous "forced" write sizes from tortls. svn:r9105
* and now the exciting part: there is now no such thing as doingRoger Dingledine2006-06-07
| | | | | | | a client-only tls, that is, one with no certs. svn:r6558
* simplify the tortls api: we only support being a "server", thatRoger Dingledine2006-06-07
| | | | | | | | | | is, even tor clients do the same sort of handshake. this has been true for years, so it's best to get rid of the stale code. svn:r6557
* if we're a server and some peer has a broken tls certificate, don'tRoger Dingledine2006-05-26
| | | | | | | shout about it unless we want to hear about protocol violations. svn:r6507
* Happy new year!Roger Dingledine2006-02-09
| | | | svn:r5949
* Efficiency hack: call tor_fix_source_file late, not early. Add "BUG" ↵Nick Mathewson2005-10-25
| | | | | | domain. Domains are now bitmasks... just in case. Make some err msgs non-general. svn:r5309
* start the process of reducing clutter in server logsRoger Dingledine2005-10-17
| | | | svn:r5253
* Make doxygen marginally happierNick Mathewson2005-10-06
| | | | svn:r5208
* Change end-of-file NLNL convention. It turns out arma I and I agree.Nick Mathewson2005-06-09
| | | | svn:r4382
* New whitespace normalization rule: no blank line at EOF.Nick Mathewson2005-06-09
| | | | svn:r4378
* Fix "JAP-client" hideous ASN1 bug, twice. (Fix1: check more thoroughly for ↵Nick Mathewson2005-04-23
| | | | | | TLS errors when handling certs. Fix2: stop assert(0)ing on uncaught TLS errors.) svn:r4085
* update copyright notices.Nick Mathewson2005-04-01
| | | | svn:r3982
* add a tor_tls_is_server method to remember if conn->tlsRoger Dingledine2005-03-31
| | | | | | | was an initiator or a receiver svn:r3931
* Free tls resources on exit tooNick Mathewson2005-02-11
| | | | svn:r3615
generated by cgit v1.2.3 (git 2.45.0) at 2024-11-16 04:22:14 +0000