Check for orconns and use connection_or_close_for_error() when appropriate in connection_handle_write_impl()

dana koch authored 10 years ago and Nick Mathewson committed 10 years ago

A new set of unit test cases are provided, as well as introducing
an alternative paradigm and macros to support it. Primarily, each test
case is given its own namespace, in order to isolate tests from each
other. We do this by in the usual fashion, by appending module and
submodule names to our symbols. New macros assist by reducing friction
for this and other tasks, like overriding a function in the global
namespace with one in the current namespace, or declaring integer
variables to assist tracking how many times a mock has been called.

A set of tests for a small-scale module has been included in this
commit, in order to highlight how the paradigm can be used. This
suite gives 100% coverage to status.c in test execution.

Conflicts:
	src/or/circuituse.c

Fixes bug 11519, apparently bugfix on 0.2.3.11-alpha.

Conflicts:
	src/or/routerlist.h

I used a list of certificate files from arma, and a little script,
both at 11464.

(I need a list of actual signing keys to blacklist.)

Back in 175b2678, we allowed servers to recognize clients who are
telling them the truth about their ciphersuites, and select the best
cipher from on that list. This implemented the server side of proposal
198.

In bugs 11492, 11498, and 11499, cypherpunks found a bunch of mistakes
and omissions and typos in the UNRESTRICTED_SERVER_CIPHER_LIST we had.
In #11513, I found a couple more.

Rather than try to hand-edit this list, I wrote a short python script
to generate our ciphersuite preferences from the openssl headers.

The new rules are:
  * Require forward secrecy.
  * Require RSA (since our servers only configure RSA keys)
  * Require AES or 3DES. (This means, reject RC4, DES, SEED, CAMELLIA,
    and NULL.)
  * No export ciphersuites.

Then:
  * Prefer AES to 3DES.
  * If both suites have the same cipher, prefer ECDHE to DHE.
  * If both suites have the same DHE group type, prefer GCM to CBC.
  * If both suites have the same cipher mode, prefer SHA384 to SHA256
    to SHA1.
  * If both suites have the same digest, prefer AES256 to AES128.

This involves some duplicate code between backtrace.c and sandbox.c,
but I don't see a way around it: calling more functions would mean
adding more steps to our call stack, and running clean_backtrace()
against the wrong point on the stack.

Tor doesn't use it directly, but the glibc backtrace-to-fd code does

Resolves ticket 5286.

Fixes bug 11460; bug only affects unit tests and is not in any
released version of Tor.

This commit does nothing other than pull the changes/* files into
ChangeLog, sorted by declared type.  I haven't comined any entries or
vetted anything yet.

Matthew Finkel authored 10 years ago and Nick Mathewson committed 10 years ago

When we successfully create a usable circuit after it previously
timed out for a certain amount of time, we should make sure that
our public IP address hasn't changed and update our descriptor.

Conflicts:
	src/test/include.am
	src/test/test.c