1. 02 Feb, 2010 1 commit
    • Nick Mathewson's avatar
      Link libssl and libcrypto in the right order. · f6ff14a8
      Nick Mathewson authored
      For most linking setups, this doesn't matter.  But for some setups, when
      statically linking openssl, it does matter, since you need to link things
      with dependencies before you link things they depend on.
      
      Fix for bug 1237.
      f6ff14a8
  2. 01 Feb, 2010 1 commit
    • Nick Mathewson's avatar
      Revise OpenSSL fix to work with OpenSSL 1.0.0beta* · abd447f8
      Nick Mathewson authored
      In brief: you mustn't use the SSL3_FLAG solution with anything but 0.9.8l,
      and you mustn't use the SSL_OP solution with anything before 0.9.8m, and
      you get in _real_ trouble if you try to set the flag in 1.0.0beta, since
      they use it for something different.
      
      For the ugly version, see my long comment in tortls.c
      abd447f8
  3. 29 Jan, 2010 1 commit
  4. 24 Jan, 2010 3 commits
  5. 22 Jan, 2010 1 commit
    • Nick Mathewson's avatar
      Avoid a possible crash in tls_log_errors. · 4ad5094c
      Nick Mathewson authored
      We were checking for msg==NULL, but not lib or proc.  This case can
      only occur if we have an error whose string we somehow haven't loaded,
      but it's worth coding defensively here.
      
      Spotted by rieo on IRC.
      4ad5094c
  6. 19 Jan, 2010 5 commits
  7. 18 Jan, 2010 1 commit
  8. 21 Dec, 2009 1 commit
  9. 15 Dec, 2009 1 commit
  10. 04 Dec, 2009 1 commit
  11. 23 Nov, 2009 1 commit
  12. 17 Nov, 2009 1 commit
  13. 13 Nov, 2009 4 commits
    • Nick Mathewson's avatar
      0f212193
    • Peter Palfrader's avatar
      Merge branch 'debian-merge' into debian-0.2.1 · 4db6e63c
      Peter Palfrader authored
      * debian-merge: (37 commits)
        New upstream version
        bump to 0.2.1.20
        Move moria1 and Tonga to alternate IP addresses.
        read the "circwindow" parameter from the consensus
        Code to parse and access network parameters.
        Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
        Work around a memory leak in openssl 0.9.8g (and maybe others)
        Teach connection_ap_can_use_exit about Exclude*Nodes
        make some bug 1090 warnings go away
        Fix a memory leak when parsing a ns
        Fix obscure 64-bit big-endian hidserv bug
        turns out the packaging changes aren't in 0.2.1.20
        update changelog with bundle details
        Use an _actual_ fix for the byte-reverse warning.
        Use a simpler fix for the byte-reversing warning
        Fix compile warnings on Snow Leopard
        Add getinfo accepted-server-descriptor. Clean spec.
        Reduce log level for bug case that we now know really exists.
        Only send reachability status events on overall success/failure
        update the README instructions and OS X makefiles
        ...
      4db6e63c
    • Peter Palfrader's avatar
      New upstream version · 751e9b2b
      Peter Palfrader authored
      751e9b2b
    • Peter Palfrader's avatar
      Merge commit 'tor-0.2.1.20' into debian-merge · 0e749396
      Peter Palfrader authored
      * commit 'tor-0.2.1.20': (36 commits)
        bump to 0.2.1.20
        Move moria1 and Tonga to alternate IP addresses.
        read the "circwindow" parameter from the consensus
        Code to parse and access network parameters.
        Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
        Work around a memory leak in openssl 0.9.8g (and maybe others)
        Teach connection_ap_can_use_exit about Exclude*Nodes
        make some bug 1090 warnings go away
        Fix a memory leak when parsing a ns
        Fix obscure 64-bit big-endian hidserv bug
        turns out the packaging changes aren't in 0.2.1.20
        update changelog with bundle details
        Use an _actual_ fix for the byte-reverse warning.
        Use a simpler fix for the byte-reversing warning
        Fix compile warnings on Snow Leopard
        Add getinfo accepted-server-descriptor. Clean spec.
        Reduce log level for bug case that we now know really exists.
        Only send reachability status events on overall success/failure
        update the README instructions and OS X makefiles
        Avoid segfault when accessing hidden service.
        ...
      0e749396
  14. 05 Nov, 2009 1 commit
    • Nick Mathewson's avatar
      Make Tor work with OpenSSL 0.9.8l · ce0a89e2
      Nick Mathewson authored
      To fix a major security problem related to incorrect use of
      SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
      default.  We are not affected by this security problem, however,
      since we do renegotiation right.  (Specifically, we never treat a
      renegotiated credential as authenticating previous communication.)
      Nevertheless, OpenSSL's new behavior requires us to explicitly
      turn renegotiation back on in order to get our protocol working
      again.
      
      Amusingly, this is not so simple as "set the flag when you create
      the SSL object" , since calling connect or accept seems to clear
      the flags.
      
      For belt-and-suspenders purposes, we clear the flag once the Tor
      handshake is done.  There's no way to exploit a second handshake
      either, but we might as well not allow it.
      ce0a89e2
  15. 27 Oct, 2009 5 commits
  16. 15 Oct, 2009 3 commits
  17. 14 Oct, 2009 2 commits
  18. 21 Sep, 2009 1 commit
  19. 17 Sep, 2009 2 commits
  20. 16 Sep, 2009 1 commit
  21. 15 Sep, 2009 2 commits
  22. 14 Sep, 2009 1 commit
    • Sebastian Hahn's avatar
      Fix a memory leak when parsing a ns · b792afa9
      Sebastian Hahn authored
      Adding the same vote to a networkstatus consensus leads to a memory leak
      on the client side. Fix that by only using the first vote from any given
      voter, and ignoring the others.
      
      Problem found by Rotor, who also helped writing the patch. Thanks!
      b792afa9