1. 10 May, 2004 2 commits
  2. 02 May, 2004 1 commit
  3. 01 May, 2004 2 commits
  4. 26 Apr, 2004 7 commits
  5. 25 Apr, 2004 1 commit
  6. 24 Apr, 2004 1 commit
  7. 15 Apr, 2004 1 commit
  8. 08 Apr, 2004 1 commit
  9. 06 Apr, 2004 1 commit
  10. 03 Apr, 2004 2 commits
  11. 09 Mar, 2004 1 commit
  12. 28 Feb, 2004 1 commit
  13. 20 Jan, 2004 1 commit
  14. 13 Jan, 2004 1 commit
  15. 17 Dec, 2003 1 commit
  16. 18 Nov, 2003 1 commit
  17. 11 Nov, 2003 1 commit
  18. 23 Oct, 2003 2 commits
    • Nick Mathewson's avatar
      resolve warning · 71e5ad71
      Nick Mathewson authored
      
      svn:r664
      71e5ad71
    • Nick Mathewson's avatar
      Two-pronged attack at my overzealous skew fixes. · 6b79d8a7
      Nick Mathewson authored
      The problem was that the fixes had us generating TLS certs with a
      2-day lifetime on the assumption that we'd rotate fairly often.  In
      fact, we never rotate our TLS keys.
      
      This patch fixes the situation in 2 ways:
         1. It bumps the default lifetime back up to one year until we get
            rotation in place.
         2. It changes tor_tls_context_new() so that it doesn't leak memory
            when you call it more than once.
      
      
      svn:r663
      6b79d8a7
  19. 22 Oct, 2003 1 commit
    • Nick Mathewson's avatar
      Clock skew fixes. · 7604cfe6
      Nick Mathewson authored
      Allow some slop (currently 3 minutes) when checking certificate validity.
      
      Change certificate lifetime from 1 year to 2 days.  Since we
      regenerate regularly (we regenerate regularly, right??), this
      shouldn't be a problem.
      
      Have directories reject descriptors published too far in the future
      (currently 30 minutes).  If dirservs don't do this:
          0) Today is January 1, 2000.
          1) A very skewed server publishes descriptor X with a declared
             publication time of August 1, 2000.
          2) The directory includes X.
          3) Because of certificate lifetime issues, nobody can use the
             skewed server.
          4) The server fixes its skew, and goes to republish a new descriptor Y
             with publication time of January 1, 2000.
          5) But because the directory already has a "more recent" descriptor X,
             it rejects descriptor "Y" as superseded!
      
      This patch should make step 2 go away.
      
      
      svn:r658
      7604cfe6
  20. 21 Oct, 2003 1 commit
  21. 19 Oct, 2003 3 commits
  22. 18 Oct, 2003 2 commits
  23. 15 Oct, 2003 2 commits
  24. 10 Oct, 2003 1 commit
  25. 28 Sep, 2003 1 commit
  26. 27 Sep, 2003 1 commit