| Commit message (Expand) | Author | Age |
|---|
| * | Use daemon(3) function where available.•••svn:r665
| Nick Mathewson | 2003-10-23 |
| * | resolve warning•••svn:r664
| Nick Mathewson | 2003-10-23 |
| * | Two-pronged attack at my overzealous skew fixes.•••The problem was that the fixes had us generating TLS certs with a
2-day lifetime on the assumption that we'd rotate fairly often. In
fact, we never rotate our TLS keys.
This patch fixes the situation in 2 ways:
1. It bumps the default lifetime back up to one year until we get
rotation in place.
2. It changes tor_tls_context_new() so that it doesn't leak memory
when you call it more than once.
svn:r663
| Nick Mathewson | 2003-10-23 |
| * | switch_id() no longer tries to log the user name when it's calld on•••Windows, since we don't know whether it's the user or the group that
was set.
svn:r659
| Steven Hazel | 2003-10-22 |
| * | Clock skew fixes.•••Allow some slop (currently 3 minutes) when checking certificate validity.
Change certificate lifetime from 1 year to 2 days. Since we
regenerate regularly (we regenerate regularly, right??), this
shouldn't be a problem.
Have directories reject descriptors published too far in the future
(currently 30 minutes). If dirservs don't do this:
0) Today is January 1, 2000.
1) A very skewed server publishes descriptor X with a declared
publication time of August 1, 2000.
2) The directory includes X.
3) Because of certificate lifetime issues, nobody can use the
skewed server.
4) The server fixes its skew, and goes to republish a new descriptor Y
with publication time of January 1, 2000.
5) But because the directory already has a "more recent" descriptor X,
it rejects descriptor "Y" as superseded!
This patch should make step 2 go away.
svn:r658
| Nick Mathewson | 2003-10-22 |
| * | - fixed a bug in the id switching code -- setgid has to happen before••• setuid, because after we setuid we don't have the priviledges we
need to setgid anymore, duh. merged switch_user() and
switch_group() into switch_id(), since that code has to be wound
together.
- return -1 from switch_id() if it's not defined to do anything else.
- moved daemoinize(), write_pidfile(), and switch_id() from main.c to
util.c
svn:r656
| Steven Hazel | 2003-10-22 |
| * | play with connection_edge_send_command•••maybe more robust now
svn:r655
| Roger Dingledine | 2003-10-22 |
| * | move default exit policy into config files•••svn:r654
| Roger Dingledine | 2003-10-22 |
| * | make end relay cells have payloads•••move default exit policy into config files
svn:r653
| Roger Dingledine | 2003-10-22 |
| * | added User and Group options -- if you set them, tor will try to•••setuid and setgid respectively, and die if it can't.
(If the User option is set, tor will setgid to the user's gid as well.)
This happens after the pidfile is created, so that in cases where tor
needs to be root to work with the pidfile, it will at least be able to
create it, although it won't be able to delete it. That sucks, but
it's somewhat better than not being able to create the pidfile in the
first place.
svn:r652
| Steven Hazel | 2003-10-22 |
| * | Update .cvsignores to exclude files generated due to recent build improvements•••svn:r647
| Nick Mathewson | 2003-10-21 |
| * | APPort is now SocksPort•••svn:r644
| Roger Dingledine | 2003-10-21 |
| * | introduce new tor_free() macro•••svn:r643
| Roger Dingledine | 2003-10-21 |
| * | move closer to being able to reload config on HUP•••rename APPort to SocksPort
introduce new tor_free() macro
svn:r642
| Roger Dingledine | 2003-10-21 |
| * | remove obsolete config file•••svn:r641
| Roger Dingledine | 2003-10-21 |
| * | send the end cell when we realize we're going to end,•••not when we're closing the stream.
this lets us put a payload in the end cell if we want to,
to describe why we're closing the stream.
there are still some places where we don't send the end cell
immediately. i need to track them down. but it's a low priority,
since i've made it send the end cell when we close the stream if
we haven't already sent it.
svn:r640
| Roger Dingledine | 2003-10-21 |
| * | include our own timegm() impl, since it's not portable•••svn:r635
| Roger Dingledine | 2003-10-20 |
| * | a skeletal print_usage() function•••svn:r634
| Roger Dingledine | 2003-10-20 |
| * | add an Address line to the sample server rc file•••svn:r633
| Roger Dingledine | 2003-10-19 |
| * | move to 0.0.2pre13•••svn:r631
| Roger Dingledine | 2003-10-19 |
| * | warn, not err•••svn:r630
| Roger Dingledine | 2003-10-19 |
| * | put small buffers back in place•••svn:r629
| Roger Dingledine | 2003-10-19 |
| * | Example code to get nickname from cert•••svn:r628
| Nick Mathewson | 2003-10-19 |
| * | Code to get nicknames from peer certs•••svn:r627
| Nick Mathewson | 2003-10-19 |
| * | let tls tolerate reallocing the buf•••and also remember the params for ssl_write if it returns wantread.
svn:r626
| Roger Dingledine | 2003-10-19 |
| * | first steps toward a WANTWRITE SSL_write tls bug fix•••how exactly the same do the arguments need to be? :(
svn:r625
| Roger Dingledine | 2003-10-18 |
| * | another minor memory leak•••make dnsconn->address reflect what it's currently resolving
svn:r624
| Roger Dingledine | 2003-10-18 |
| * | start to track down the 'peer has invalid cert' bug•••svn:r623
| Roger Dingledine | 2003-10-18 |
| * | no more memory leaks•••when you run it under normal operation
for as many as three minutes
svn:r622
| Roger Dingledine | 2003-10-18 |
| * | fix two more memory problems•••one remains :)
svn:r621
| Roger Dingledine | 2003-10-18 |
| * | clean up memory leaks, confusions•••still one memory leak remaining here.
svn:r620
| Roger Dingledine | 2003-10-18 |
| * | we've been stomping on memory while reading config•••doesn't seem to have bitten us yet, but let's fix that :)
svn:r619
| Roger Dingledine | 2003-10-18 |
| * | log to stdout while parsing config,•••otherwise we log to nothing and give no feedback!
svn:r617
| Roger Dingledine | 2003-10-18 |
| * | rewrite close_logs so it could possibly work•••remove deadbeef memory-clobber testing (for now)
svn:r616
| Roger Dingledine | 2003-10-18 |
| * | put a blank line in the directory, before the first router•••this makes it easier to read (at least for me)
svn:r613
| Roger Dingledine | 2003-10-17 |
| * | try to make cvs more stable for now. need to test this more in a bit.•••svn:r612
| Roger Dingledine | 2003-10-17 |
| * | reload the fingerprints file on HUP•••svn:r611
| Roger Dingledine | 2003-10-17 |
| * | catch misconfigured machines that return hostname as fqdn•••svn:r610
| Roger Dingledine | 2003-10-17 |
| * | Log TLS errors even harder•••svn:r604
| Nick Mathewson | 2003-10-15 |
| * | Add more logging on some ssl errors.•••svn:r603
| Nick Mathewson | 2003-10-15 |
| * | closing stdout *should* be safe (we'll see)•••svn:r601
| Roger Dingledine | 2003-10-15 |
| * | Report delivery cell fullness correctly•••svn:r600
| Nick Mathewson | 2003-10-15 |
| * | change buf->buf to buf->mem•••maybe this will mean fewer dumb errors
svn:r599
| Roger Dingledine | 2003-10-15 |
| * | fix bug with overzealous shrinking; add more comments.•••svn:r597
| Nick Mathewson | 2003-10-15 |
| * | clean up logging, allow user to specify log files•••If DebugLogFile is specified, log to it at -l debug
If LogFile is specified, log to it at the -l from the commandline
(default info)
If no LogFile *and* not a Daemon, then log to stdout.
Make conn->s = -1 by default (this might break things)
When kill -USR1, prefer to log at INFO, but make sure they always see it.
svn:r596
| Roger Dingledine | 2003-10-15 |
| * | Build without warnings on OS X.•••svn:r595
| Nick Mathewson | 2003-10-15 |
| * | Make add_file_log return 0 on success.•••svn:r594
| Nick Mathewson | 2003-10-15 |
| * | Make last commit build•••svn:r593
| Nick Mathewson | 2003-10-15 |
| * | Stop using stdout for non-debugging cases•••svn:r592
| Nick Mathewson | 2003-10-15 |
| * | and in OP config files•••svn:r589
| Roger Dingledine | 2003-10-15 |