From e66b6f0d50c15dd455701d5e0df8b86f2aace10a Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 18 Dec 2006 08:25:34 +0000 Subject: [PATCH] Reject *:563 (NTTPS) in the default exit policy. We already reject NNTP by default, so this seems like a sensible addition. (suggested by bug 331) svn:r9149 --- ChangeLog | 2 ++ doc/tor.1.in | 1 + src/or/policies.c | 3 ++- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0c526dc1f5..78f1666bdd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,8 @@ Changes in version 0.1.2.5-xxxx - 200?-??-?? - Add internal descriptions for a bunch of configuration options: accessible via controller interface and in comments in saved options files. + - Reject *:563 (NTTPS) in the default exit policy. We already reject + NNTP by default, so this seems like a sensible addition. o Security bugfixes: - Stop sending the HttpProxyAuthenticator string to directory diff --git a/doc/tor.1.in b/doc/tor.1.in index 6c99c0c086..acdf008e60 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -542,6 +542,7 @@ either a reject *:* or an accept *:*. Otherwise, you're _augmenting_ .IP "reject *:135-139" .IP "reject *:445" .IP "reject *:465" +.IP "reject *:563" .IP "reject *:587" .IP "reject *:1214" .IP "reject *:4661-4666" diff --git a/src/or/policies.c b/src/or/policies.c index d318b5c9b8..29e3dd002c 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -589,7 +589,8 @@ exit_policy_remove_redundancies(addr_policy_t **dest) #define DEFAULT_EXIT_POLICY \ "reject *:25,reject *:119,reject *:135-139,reject *:445," \ - "reject *:465,reject *:587,reject *:1214,reject *:4661-4666," \ + "reject *:465,reject *:563,reject *:587," \ + "reject *:1214,reject *:4661-4666," \ "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*" /** Parse the exit policy cfg into the linked list *dest. If