svn:r12786

 Aaand, do the code to enable the client side of the new TLS handshake.  There are some loose ends that need tying up in connection_or, and a lot of half-baked code to remove, and some special cases to test for, and lots and lots of testing to do, but that is what weekends are for.


svn:r12721

 Add DHE-RSA-AES256-SHA to the list of ciphers encountered from v1 connections.


svn:r12652

 Add support to get a callback invoked when the client renegotiate a connection.  Also, make clients renegotiate.  (not enabled yet, until they detect that the server acted like a v2 server)


svn:r12623

 Start getting freaky with openssl callbacks in tortls.c: detect client ciphers, and if the list doesn't look like the list current Tors use, present only a single cert do not ask for a client cert. Also, support for client-side renegotiation.  None of this is enabled unless you define V2_HANDSHAKE_SERVER.


svn:r12622

 When we complete an OR handshake, set up all the internal fields and mark the connection as open.


svn:r12495

 Improve "tls error. breaking" message a little.


svn:r12411

without link encryption.


svn:r12410

 Parse CERT cells and act correctly when we get them.


svn:r12396

 Send and parse link_auth cells properly.


svn:r12386

 Add functions to encode certificates


svn:r12384

 Make TLS contexts reference-counted, and add a reference from TLS objects to their corresponding context.  This lets us reliably get the certificates for a given TLS connection, even if we have rotated TLS contexts.


svn:r12383

 Remember X509 certificates in the context.  Store peer/self certificate digests in handshake state.


svn:r12382

 Code to remember client_random and server_random values, and to compute hmac using TLS master secret.


svn:r12381

 Clean spaces.


svn:r12301

 Implement (but do not enable) link connection version negotiation


svn:r12286

 Drop support for OpenSSL 0.9.6.


svn:r12191

 New code (disabled for now) to use the SSL context's cert store instead of using its "extra chain cert" list to get our identity certificate sent.  This is a little close to what OpenSSL expects people to do, and it has the advantage that we should be able to keep the id cert from being sent by setting the NO_CHAIN_CERT bit.  I have tried turning new code on, and it seemed to work fine.


svn:r12086

 Cheesy attempt to break some censorware.  Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them.


svn:r10975

 Review XXXX comments without a version; upgrade some to XXXX020.


svn:r10315

svn:r10111

 Move private function declarations from crypto.c into a new #ifdef CRYPTO_PRIVATE block in crypto.h


svn:r10074

 Fix 35 remaining DOCDOC comments. Yowza.


svn:r9596

 Update copyright dates.


svn:r9570

 Implement proposal 106: stop requiring clients to have certificates, and stop checking for nicknames in certificates.  [See proposal 106 for rationale.]  Also improve messages when checking TLS handshake, to re-resolve bug 382.


svn:r9568

 Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were.  Oops.  Hey, kids!  Fixing some of these could be your first Tor patch!


svn:r9477

 Audit non-const char arguments; make a lot more of them const.


svn:r9466

 Tidy up ORCONN reason patch from Mike Perry.  Changes: make some of the handling of TLS error codes less error prone.  Enforce house style wrt spaces.  Make it compile with --enable-gcc-warnings.  Only set or_conn->tls_error in the case of an actual error.  Add a changelog entry.


svn:r9355

 Patch from Mike Perry: Track reasons for OR connection failure; display them in control events. Needs review and revision.


svn:r9354

"read this if you don't understand the code and want some help."
which is not the same as "hey, you think you understand this code,
but you don't."


svn:r9307

connection handles more than 4 gigs in either direction, we assert.


svn:r9306

svn:r9269

 Count TLS bytes accurately: previously, we counted only the number of bytes read or transmitted via tls, not the number of extra bytes used to do so.  This has been a lonstanding wart.  The fix "Works for me".


svn:r9207

 Try to fix an assert failure in new write limiting code: make buffers.c aware of previous "forced" write sizes from tortls.


svn:r9105

 More doxygen comments


svn:r8637

svn:r8427

 Try to appease some warnings with newer gccs that believe that ignoring a return value is okay, but casting a return value and then ignoring it is a sign of madness.


svn:r8312

svn:r6720

svn:r6717

don't yell as loudly.


svn:r6716