This feature can make Tor relays less identifiable by their use of the
mod_ssl DH group, but at the cost of some usability (#4721) and bridge
tracing (#6087) regressions.

We should try to turn this on by default again if we find that the
mod_ssl group is uncommon and/or we move to a different DH group size
(see #6088).  Before we can do so, we need a fix for bugs #6087 and

Resolves ticket #5598 for now.

  * Minor stylistic changes to comments and doxygen
  * Use strcmp_opt; it already exists.
  * Tighten bridge_has_digest implementation a little.

Conflicts:
	src/common/compat.c

The getfilesize change conflicted with the removal of file_handle
from the windows tor_mmap_t.

These include:
   - Having a weird in_addr that can't be initialized with {0}
   - Needing INVALID_HANDLE_VALUE instead of -1 for file handles.
   - Having a weird dependent definition for struct stat.
   - pid is signed, not unsigned.

This reverts commit 981e896d.

Apparently Karsten still needs DirReqStatistics for bridges; see

Conflicts:
	src/or/geoip.c

These stats are currently discarded, but we might as well
hard-disable them on bridges, to be clean.

Fix for bug 5824; bugfix on 0.2.1.17-rc.

Patch originally by Karsten Loesing.

Conflicts:
	src/or/router.c

Also, try to resolve some doxygen issues.  First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.

Somewhere along the line, doxygen and tor changed their behavior a
little. The script is still a dreadful kludge, but now at least it
sorta works again.

This code shouldn't have any effect in 0.2.3, since we already accept
(and handle) data received while we are expecting a renegotiation.
(That's because the 0.2.3.x handshake _does_ have data there instead of
the renegotiation.)

I'm leaving it in anyway, since if it breaks anything, we'll want it
broken in master too so we can find out about it.  I added an XXX023
comment so that we can come back later and fix that.

This fixes a DoS issue where a client could send so much data in 5
minutes that they exhausted the server's RAM.  Fix for bug 5934 and
6007.  Bugfix on 0.2.0.20-rc, which enabled the v2 handshake.

This fixes a warning in efb8a09f, where Debain Lenny's GCC doesn't get
that
    for (i=0; i<3; ++i) {
      const char *p;
      switch(i) {
       case 0:
         p="X"; break;
       case 1:
         p="Y"; break;
       case 2:
         p="Z"; break;
      }
      printf("%s\n", p);
    }
will never try to print an uninitialezed value.

Found by buildbots.  Bug in no released versions of Tor.

It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it
decides to renegotiate, the client will send a record with version "1.0"
rather than with the current TLS version.  This would cause the
connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor
handshake was in use.

As a workaround, disable TLS 1.1 and TLS 1.2.  When a later version of
OpenSSL is released, we can make this conditional on running a fixed
version of OpenSSL.

Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client
side.  But doing it this way for now means that we not only fix TLS with
patched clients; we also fix TLS when the server has this patch and the
client does not.  That could be important to keep the network running
well.

Fixes bug 6033.

Roger Dingledine authored 12 years ago and Nick Mathewson committed 12 years ago

I called it a bugfix on 0.2.0.10-alpha, since git commit e5885dea is
where we introduced anonymized begin_dir connections.

This solves bug 5283, where client traffic could get sent over the
same circuit as an anonymized connection to a directory, even if
that circuit used an exit node unsuitable for clients.  By marking
the directory connection as needs_internal, we ensure that the
(non-internal!) client-traffic connection won't be sent over the
same circuit.

Conflicts:
	src/test/test_util.c

Merge the unit tests; I added some when I did this branch against
0.2.2, and then the test format changed and master added more tests.