Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.

This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.

To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default.  We are not affected by this security problem, however,
since we do renegotiation right.  (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.

Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.

For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done.  There's no way to exploit a second handshake
either, but we might as well not allow it.

The big change is to add a function to display the current SSL handshake
state, and to log it everywhere reasonable.  (A failure in
SSL23_ST_CR_SRVR_HELLO_A is different from one in
SSL3_ST_CR_SESSION_TICKET_A.)

This patch also adds a new log domain for OR handshaking, so you can pull out
all the handshake log messages without having to run at debug for everything.
For example, you'd just say "log notice-err [handshake]debug-err file
tor.log".

Also add code to keep creating circuits every minute until we
hit our minimum threshhold.

Christopher Davis authored Jun 18, 2009 and Nick Mathewson committed Jun 19, 2009

Added a sanity check in config.c and a check in directory.c
directory_initiate_command_rend() to catch any direct connection attempts
when a socks proxy is configured.

The rest of the code was only including event.h so that it could see
EV_READ and EV_WRITE, which we were using as part of the
connection_watch_events interface for no very good reason.

to forgive our bridges and try again when we get an application
request. Bugfix on 0.2.0.x.


svn:r18396

This fixes the last known case of bug 891, which could happen if two
hosts, A and B, disagree about how long a circuit has been open,
because of clock drift of some kind.  Host A would then mark the
connection as is_bad_for_new_circs when it got too old and open a new
connection.  In between when B receives a NETINFO cell on the new
conn, and when B receives a conn cell on the new circuit, the new
circuit will seem worse to B than the old one, and so B will mark it
as is_bad_for_new_circs in the second or third loop of
connection_or_group_set_badness().

Bugfix on 0.1.1.13-alpha.  Bug found by rovv.

Not a backport candidate: the bug is too obscure and the fix too tricky.

svn:r18303

The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed.  They were not actually useful for
telling the version of Tor files in the wild.

svn:r17867

Explain why the XXXX021 in connection_or.c was there, and explain why it doesn' actually need to get fixed in 0.2.1, I think.

svn:r17819

svn:r17757

svn:r17702

svn:r17686

svn:r17642

svn:r17627

Apparently sparc64 is way more strict about uint16_t access alignment than I had thought: it gave bus errors when messing with var-cell headers.  Maybe this patch will fix bug 862.

svn:r17262

fails to establish a TCP connection. Cleanup on 0.2.1.x.


svn:r16803

svn:r16785

 Add a missing safe_str for a debug_log_message.  Fix the bad part of bug 674.


svn:r16462

 Initial conversion of uint32_t addr to tor_addr_t addr in connection_t and related types.  Most of the Tor wire formats using these new types are in, but the code to generate and use it is not.  This is a big patch.  Let me know what it breaks for you.


svn:r16435

 Make generic address manipulation functions work better.  Switch address policy code to use tor_addr_t, so it can handle IPv6.  That is a good place to start.


svn:r16178

 Make circid_t and streamid_t get used instead of uint16_t; it is possible we will soon want to make circid_t change to uint32_t.


svn:r16155

problems just because they do a lot of reachability testing and
some of the connection attempts fail. 


svn:r15348

reaching relays.


svn:r15116

svn:r15111

we never bothered learning why OR conns fail, so next step is to add some
infrastructure for that.


svn:r15091

tell the controller how we're doing at bootstrapping, and it can
tell the user.


svn:r15008

New code to implement proposal for local geoip stats. Only enabled with --enable-geoip-stats passed to configure.

svn:r14802

older ones might be better, close any circuits pending on that
new entry guard connection. Bugfix on 0.1.2.8-beta; found by lodger.


svn:r14417

 Do a slightly better fix for r14329: don't call time() quite so much.  Also note the time(NULL) hack we wanted to do in the TODO.


svn:r14334

 More 64-to-32 fixes. Partial backport candidate. still not done.


svn:r13680

 When SafeLogging is off, have TLS errors and messages logged with their associated addresses.


svn:r13591

 Fix all but 2 DOCDOC items; defer many XXX020s (particularly those where fixing them would fix no bugs at the risk of introducing some bugs).


svn:r13529

 Add roger's responses from IRC to some XXX020 items.


svn:r13487

 Re-tune mempool parametes based on testing on peacetime: use smaller chuncks, free them a little more aggressively, and try very hard to concentrate allocations on fuller chunks.  Also, lots of new documentation.


svn:r13484

 add some documentation


svn:r13462

 Merge connection_or_act_on_netinfo into command.c; remove some fields from or_handshake_state().


svn:r13458