Robert Ransom authored 12 years ago and Nick Mathewson committed 12 years ago

(changes file tweaked by nickm)

OpenSSL 1.0.0 added an implementation of TLS session tickets, a
"feature" that let session resumption occur without server-side state
by giving clients an encrypted "ticket" that the client could present
later to get the session going again with the same keys as before.
OpenSSL was giving the keys to decrypt these tickets the lifetime of
the SSL contexts, which would have been terrible for PFS if we had
long-lived SSL contexts.  Fortunately, we don't.  Still, it's pretty
bad.  We should also drop these, since our use of the extension stands
out with our non-use of session cacheing.

Found by nextgens. Bugfix on all versions of Tor when built with
openssl 1.0.0 or later.  Fixes bug 7139.

Failure to do so left us open to a remotely triggerable assertion
failure. Fixes CVE-2012-2249; bugfix on 0.2.3.6-alpha. Reported by
"some guy from France".

We should still make sure mlp approves it.

In the past we had used reason "internal", which is more vague than
it needs to be. Resolves bug 7037.

resolves bug 7022.

Also remove some trailing whitespace.

Patch from maker; fixes bug 6024.

Asserts were hit by Tor2Web mode.

We already had code on windows to fix our file sizes when we're
reading a file in text mode and its size doesn't match the size from
fstat.  But that code was only enabled when _WIN32 was defined, and
Cygwin defines __CYGWIN__ instead.

Fixes bug 6844; bugfix on 0.1.2.7-alpha.

Fixes bug 6827; bugfix on c58675ca
(when the v2 HS desc parser was implemented).

Found by asn.

This reverts commit 4aff97cf.

We don't actually want to be changing the torrc.sample on stable or
near-stable stuff, since doing so makes pointless busywork for debian
users.

Conflicts:
	src/test/test_util.c

Fixes bug 6811.