guilhem authored 11 years ago and Nick Mathewson committed 11 years ago

Since torify has been removed from tsocks, it doesn't need to be
preprocessed. Closes #5505.

To fix #6033, we disabled TLS 1.1 and 1.2.  Eventually, OpenSSL fixed
the bug behind #6033.

I've considered alternate implementations that do more testing to see
if there's secretly an OpenSSL 1.0.1c or something that secretly has a
backport of the OpenSSL 1.0.1e fix, and decided against it on the
grounds of complexity.

Makes mingw64 a bit happier.

This avoids skew warnings as authorities test reachability.

Fix 9798; fix not on any released Tor.

this was causing directory authorities to send a time of 0 on all
connections they generated themselves, which means everybody reachability
test caused a time skew warning in the log for that relay.

(i didn't just revert, because the changes file has been modified by
other later commits.)

Implements part of proposal 222.  We can do this safely, since
REND_CACHE_MAX_SKEW is 24 hours.

This isn't actually much of an issue, since only relays send
AUTHENTICATE cells, but while we're removing timestamps, we might as
well do this too.

Part of proposal 222.  I didn't take the approach in the proposal of
using a time-based HMAC, since that was a bad-prng-mitigation hack
from SSL3, and in real life, if you don't have a good RNG, you're
hopeless as a Tor server.

For now, round down to the nearest 10 minutes.  Later, eliminate entirely by
setting a consensus parameter.

(This rounding is safe because, in 0.2.2, where the timestamp mattered,
REND_REPLAY_TIME_INTERVAL was a nice generous 60 minutes.)

Implements part of proposal 222.

a9910d89 added trickery to make us work with interned strings and
seccomp; it requires libevent 2.

Fix for 9785; bug not in any released tor.

I broke this when I added separate test-mode support by having
the benchmarks get built with TEST_CFLAGS.

tor_malloc returns void *; in C, it is not necessary to cast a
void* to another pointer type before assigning it.

tor_malloc fails with an error rather than returning NULL; it's not
necessary to check its output. (In one case, doing so annoyed Coverity.)

Whenever we had an non-option commandline arguments *and*
option-bearing commandline arguments on the commandline, we would save
only the latter across invocations of options_init_from_torrc, but
take their existence as license not to re-parse the former.  Yuck!

Incidentally, this fix lets us throw away the backup_arg[gv] logic.

Fix for bug 9746; bugfix on d98dfb37,
not in any released Tor.  Found by Damian. Thanks, Damian!

Bugfix on 12938354, which implemented
6752: Not in any released tor.

Conflicts:
	src/or/config.c
	src/or/main.c