1. 12 Dec, 2009 1 commit
    • Sebastian Hahn's avatar
      *_free functions now accept NULL · 3807db00
      Sebastian Hahn authored
      Some *_free functions threw asserts when passed NULL. Now all of them
      accept NULL as input and perform no action when called that way.
      
      This gains us consistence for our free functions, and allows some
      code simplifications where an explicit null check is no longer necessary.
      3807db00
  2. 04 Dec, 2009 1 commit
  3. 05 Nov, 2009 1 commit
    • Nick Mathewson's avatar
      Make Tor work with OpenSSL 0.9.8l · ce0a89e2
      Nick Mathewson authored
      To fix a major security problem related to incorrect use of
      SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
      default.  We are not affected by this security problem, however,
      since we do renegotiation right.  (Specifically, we never treat a
      renegotiated credential as authenticating previous communication.)
      Nevertheless, OpenSSL's new behavior requires us to explicitly
      turn renegotiation back on in order to get our protocol working
      again.
      
      Amusingly, this is not so simple as "set the flag when you create
      the SSL object" , since calling connect or accept seems to clear
      the flags.
      
      For belt-and-suspenders purposes, we clear the flag once the Tor
      handshake is done.  There's no way to exploit a second handshake
      either, but we might as well not allow it.
      ce0a89e2
  4. 24 Sep, 2009 2 commits
    • Nick Mathewson's avatar
      Fix compilation on OpenSSLs with unusual state lists. · a3f1da2e
      Nick Mathewson authored
      "Unusual" in this context means "not the same as nickm's."  We should grow a
      better list later.
      
      (Also, move TLS state table to a separate header.)
      a3f1da2e
    • Nick Mathewson's avatar
      Debugging logs for TLS handshake · b8b29353
      Nick Mathewson authored
      The big change is to add a function to display the current SSL handshake
      state, and to log it everywhere reasonable.  (A failure in
      SSL23_ST_CR_SRVR_HELLO_A is different from one in
      SSL3_ST_CR_SESSION_TICKET_A.)
      
      This patch also adds a new log domain for OR handshaking, so you can pull out
      all the handshake log messages without having to run at debug for everything.
      For example, you'd just say "log notice-err [handshake]debug-err file
      tor.log".
      b8b29353
  5. 17 Sep, 2009 1 commit
  6. 01 Sep, 2009 1 commit
  7. 27 May, 2009 1 commit
  8. 23 May, 2009 1 commit
  9. 04 May, 2009 1 commit
  10. 02 May, 2009 1 commit
  11. 09 Mar, 2009 1 commit
  12. 04 Jan, 2009 1 commit
  13. 30 Dec, 2008 1 commit
  14. 18 Dec, 2008 1 commit
  15. 17 Dec, 2008 1 commit
  16. 05 Sep, 2008 1 commit
  17. 10 Jul, 2008 2 commits
  18. 13 Jun, 2008 2 commits
  19. 12 Jun, 2008 1 commit
    • Nick Mathewson's avatar
      r16215@tombo: nickm | 2008-06-12 18:39:03 -0400 · 61784398
      Nick Mathewson authored
       Implement code to manually force the OpenSSL client cipher list to match the one recommended in proposal 124, *even if* we do not know all those ciphers.  This is a bit of a kludge, but it is at least decently well commented.
      
      
      svn:r15173
      61784398
  20. 29 May, 2008 1 commit
  21. 19 May, 2008 1 commit
  22. 05 May, 2008 1 commit
  23. 29 Apr, 2008 1 commit
  24. 10 Apr, 2008 1 commit
    • Nick Mathewson's avatar
      r15161@31-33-107: nickm | 2008-04-10 11:11:58 -0400 · b927ede4
      Nick Mathewson authored
       Make dumpstats() log the size and fullness of openssl-internal buffers, so I can test my hypothesis that many of them are empty, and my alternative hypothesis that many of them are mostly empty, against the null hypothesis that we really need to be burning 32K per open OR connection on this.
      
      
      svn:r14350
      b927ede4
  25. 27 Mar, 2008 1 commit
  26. 24 Mar, 2008 1 commit
  27. 18 Mar, 2008 1 commit
  28. 17 Mar, 2008 1 commit
  29. 11 Mar, 2008 2 commits
    • Nick Mathewson's avatar
      r18751@catbus: nickm | 2008-03-11 14:22:43 -0400 · 4d32c2e8
      Nick Mathewson authored
       Fix for bug 614: always look at the network BIO for the SSL object, not at the buffering BIO (if one exists because we are renegotiating or something).  Bugfix on 0.1.2.x, oddly enough, though it should be impossible to trigger the problem there.  Backport candidate.  See comments in tortls.c for detailed implementation note.
      
      
      svn:r13975
      4d32c2e8
    • Nick Mathewson's avatar
      r18747@catbus: nickm | 2008-03-11 13:21:25 -0400 · 24f91d28
      Nick Mathewson authored
       Request client certs when renegotiating on server-side. Spotted by lodger.  Bugfix on 0.2.0.x.
      
      
      svn:r13973
      24f91d28
  30. 08 Mar, 2008 1 commit
  31. 01 Mar, 2008 1 commit
  32. 24 Feb, 2008 2 commits
  33. 21 Feb, 2008 3 commits