Commits · 4752b348793f599cbdc93d0503d18def03e45c7a · Benjamin J. Thompson / Tor

Jan 05, 2012
- Log at info level when disabling SSLv3 · 4752b348
  Robert Ransom authored 13 years ago and Nick Mathewson committed 13 years ago
  
  4752b348
- Add a changes file for bug4822 · 0a00678e
  Nick Mathewson authored 13 years ago
  
  0a00678e
- Disable SSLv3 when using a not-up-to-date openssl · db78fe45
  Nick Mathewson authored 13 years ago
  
  This is to address bug 4822, and CVE-2011-4576.
  db78fe45
- add a changes file for ticket 4825 · df17b62d
  Roger Dingledine authored 13 years ago
  
  df17b62d
- Update to the January 2012 GeoIP database. · 1db1b23a
  Karsten Loesing authored 13 years ago
  
  1db1b23a
Dec 28, 2011

Bug 4786 fix: don't convert EARLY to RELAY on v1 connections · 120a7453

Nick Mathewson authored 13 years ago

We used to do this as a workaround for older Tors, but now it's never
the correct thing to do (especially since anything that didn't
understand RELAY_EARLY is now deprecated hard).

120a7453

Dec 15, 2011
- Add a fix for the buf_pullup bug that Vektor reported · 9d077783
  Nick Mathewson authored 13 years ago
  
  9d077783
Dec 08, 2011
- Update to the December 2011 GeoIP database. · ff2c9acb
  Karsten Loesing authored 13 years ago
  
  ff2c9acb
Nov 14, 2011
- Merge remote-tracking branch 'karsten/geoip-november2011' into maint-0.2.1 · 13f02c38
  Nick Mathewson authored 13 years ago
  
  13f02c38
Nov 07, 2011
- Update to the November 2011 GeoIP database. · 6d45c6d5
  Karsten Loesing authored 13 years ago
  
  6d45c6d5
Nov 06, 2011
- Add a changes file for 4410 · be6928d6
  Sebastian Hahn authored 13 years ago
  
  be6928d6
- Fix remotely triggerable assert during ip decryption · d5161ab8
  Dan Rosenberg authored 13 years ago and Sebastian Hahn committed 13 years ago
  
  Fixes bug 4410.
  d5161ab8
Oct 28, 2011
- bump maint to 0.2.1.31 · 5d309515
  Roger Dingledine authored 13 years ago
  
  5d309515
Oct 26, 2011

Reject create cells on outgoing OR connections from bridges · a74e7fd4
Robert Ransom authored 13 years ago and Sebastian Hahn committed 13 years ago

a74e7fd4
Mark which OR connections are outgoing · c05bb535
Robert Ransom authored 13 years ago and Sebastian Hahn committed 13 years ago

c05bb535
Don't use any OR connection which sent us a CREATE_FAST cell for an EXTEND · af12c39d
Robert Ransom authored 13 years ago and Sebastian Hahn committed 13 years ago
```
Fix suggested by Nick Mathewson.
```
af12c39d
Don't send a certificate chain on outgoing TLS connections from non-relays · 638fdedc
Nick Mathewson authored 13 years ago and Sebastian Hahn committed 13 years ago

638fdedc

Remove the -F option from tor-resolve. · a166f104

Nick Mathewson authored 13 years ago and

Roger Dingledine committed 13 years ago

It used to mean "Force": it would tell tor-resolve to ask tor to
resolve an address even if it ended with .onion.  But when
AutomapHostsOnResolve was added, automatically refusing to resolve
.onion hosts stopped making sense.  So in 0.2.1.16-rc (commit
298dc95d), we made tor-resolve happy to resolve anything.

The -F option stayed in, though, even though it didn't do anything.
Oddly, it never got documented.

Found while fixing GCC 4.6 "set, unused variable" warnings.

a166f104

manually backport a5232e0c · a68867b1
Roger Dingledine authored 13 years ago

a68867b1

stop asserting at boot · cecc5b7a

Roger Dingledine authored 13 years ago and

Sebastian Hahn committed 13 years ago

The patch for 3228 made us try to run init_keys() before we had loaded
our state file, resulting in an assert inside init_keys. We had moved
it too early in the function.

Now it's later in the function, but still above the accounting calls.

cecc5b7a

Reinit keys at the start of options_act(). · 55d9e4b8

Nick Mathewson authored 13 years ago and

Sebastian Hahn committed 13 years ago

Previously we did this nearer to the end (in the old_options &&
transition_affects_workers() block).  But other stuff cares about
keys being consistent with options... particularly anything which
tries to access a key, which can die in assert_identity_keys_ok().

Fixes bug 3228; bugfix on 0.2.2.18-alpha.

Conflicts:

	src/or/config.c

55d9e4b8

Don't crash a bridge authority on SIGHUP if it's not in the consensus · 62c29a93
Robert Ransom authored 14 years ago and Sebastian Hahn committed 13 years ago
```
Fixes bug 2572.
```
62c29a93

Fix assert for relay/bridge state change · 90828989

Sebastian Hahn authored 14 years ago

When we added support for separate client tls certs on bridges in
a2bb0bfd we forgot to correctly initialize this when changing
from relay to bridge or vice versa while Tor is running. Fix that
by always initializing keys when the state changes.

Fixes bug 2433.

Conflicts:

	src/or/config.c

90828989

Don't crash when accountingmax is set in non-server Tors · d0a91386

Nick Mathewson authored 14 years ago and

Sebastian Hahn committed 13 years ago

We use a hash of the identity key to seed a prng to tell when an
accounting period should end.  But thanks to the bug998 changes,
clients no longer have server-identity keys to use as a long-term seed
in accounting calculations.  In any case, their identity keys (as used
in TLS) were never never fixed.  So we can just set the wakeup time
from a random seed instead there.  Still open is whether everybody
should be random.

This patch fixes bug 2235, which was introduced in 0.2.2.18-alpha.

Diagnosed with help from boboper on irc.

d0a91386

Properly refcount client_identity_key · 3a890b3b

Sebastian Hahn authored 14 years ago

In a2bb0bfd we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.

Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.

3a890b3b

Add some asserts to get_{tlsclient|server}_identity_key · dc557e81

Nick Mathewson authored 14 years ago and

Sebastian Hahn committed 13 years ago

We now require that:
  - Only actual servers should ever call get_server_identity_key
  - If you're being a client or bridge, the client and server keys should
    differ.
  - If you're being a public relay, the client and server keys
    should be the same.

dc557e81

Rename get_client_identity_key to get_tlsclient_identity_key · 2a2301e4
Nick Mathewson authored 14 years ago and Sebastian Hahn committed 13 years ago

2a2301e4
Maintain separate server and client identity keys when appropriate. · 59e565e2
Robert Ransom authored 14 years ago and Sebastian Hahn committed 13 years ago
```
Fixes a bug described in ticket #988.

Conflicts:

	src/or/main.c
	src/or/router.c
```
59e565e2
Make crypto_free_pk_env tolerate NULL arg in 0.2.1. Error-proofing against bug 988 backport · 299a78c5
Nick Mathewson authored 14 years ago and Sebastian Hahn committed 13 years ago

299a78c5
Maintain separate server and client TLS contexts. · 9976df9e
Robert Ransom authored 14 years ago and Sebastian Hahn committed 13 years ago
```
Fixes bug #988.

Conflicts:

	src/or/main.c
	src/or/router.c
```
9976df9e

Refactor tor_tls_context_new: · 87816401

Robert Ransom authored 14 years ago and

Sebastian Hahn committed 13 years ago

* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.

Conflicts:

	src/or/main.c
	src/or/router.c

87816401

Add public_server_mode function. · 07ab559a
Robert Ransom authored 14 years ago and Sebastian Hahn committed 13 years ago

07ab559a

Fix zlib macro brokenness on osx with zlib 1.2.4 and higher. · c5a3664f

Nick Mathewson authored 14 years ago and

Roger Dingledine committed 13 years ago

From the code:
   zlib 1.2.4 and 1.2.5 do some "clever" things with macros.  Instead of
   saying "(defined(FOO) ? FOO : 0)" they like to say "FOO-0", on the theory
   that nobody will care if the compile outputs a no-such-identifier warning.

   Sorry, but we like -Werror over here, so I guess we need to define these.
   I hope that zlib 1.2.6 doesn't break these too.

Possible fix for bug 1526.

c5a3664f

Oct 13, 2011
- Update to the October 2011 GeoIP database. · ee545cd4
  Karsten Loesing authored 13 years ago and Roger Dingledine committed 13 years ago
  
  ee545cd4
Sep 15, 2011
- Update to the September 2011 GeoIP database. · 679f6173
  Karsten Loesing authored 13 years ago and Roger Dingledine committed 13 years ago
  
  679f6173
Sep 13, 2011
- Generate our ssl session certs with a plausible lifetime · 62ec584a
  Roger Dingledine authored 13 years ago
  
  Nobody but Tor uses certs on the wire with 2 hour lifetimes, and it makes us stand out. Resolves ticket 4014.
  62ec584a
Aug 08, 2011
- Update to the August 2011 GeoIP database. · c75ee94a
  Karsten Loesing authored 13 years ago
  
  c75ee94a
Jul 07, 2011
- update to the july 2011 geoip db · 51d6e950
  Roger Dingledine authored 13 years ago
  
  51d6e950
Jul 01, 2011

Merge branches 'cov217_021' and 'cid_450' into maint-0.2.1 · 021cf3f0
Nick Mathewson authored 13 years ago

021cf3f0

Use strlcpy in create_unix_sockaddr() · 959da6b7

Nick Mathewson authored 13 years ago

Using strncpy meant that if listenaddress were ever >=
sizeof(sockaddr_un.sun_path), we would fail to nul-terminate
sun_path. This isn't a big deal: we never read sun_path, and the
kernel is smart enough to reject the sockaddr_un if it isn't
nul-terminated. Nonetheless, it's a dumb failure mode. Instead, we
should reject addresses that don't fit in sockaddr_un.sun_path.

Coverity found this; it's CID 428. Bugfix on 0.2.0.3-alpha.

959da6b7