Commit Graph

9 Commits

Author SHA1 Message Date
Nick Mathewson
2f67ef58b7 add changes file for geoip db update 2010-06-07 15:09:48 -04:00
Roger Dingledine
befcc84f43 move to maxmind geoip db 2010-05-06 07:15:22 -04:00
Roger Dingledine
67b38d5068 close idle tls conns early 2010-04-23 20:23:00 -04:00
Roger Dingledine
b264192083 finally get rid of "clique mode" 2010-04-23 19:39:42 -04:00
Roger Dingledine
cb31978adb close idle dir-fetch circs early 2010-04-23 18:35:11 -04:00
Nick Mathewson
6ad09cc6af Fix renegotiation on OpenSSL versions that backport RFC5746.
Our code assumed that any version of OpenSSL before 0.9.8l could not
possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.  This is
so... except that many vendors have backported the flag from later
versions of openssl when they backported the RFC5476 renegotiation
feature.

The new behavior is particularly annoying to detect.  Previously,
leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that
clients would fail to renegotiate.  People noticed that one fast!
Now, OpenSSL's RFC5476 support means that clients will happily talk to
any servers there are, but servers won't accept renegotiation requests
from unpatched clients unless SSL_OP_ALLOW_etc is set.  More fun:
servers send back a "no renegotiation for you!" error, which unpatched
clients respond to by stalling, and generally producing no useful
error message.

This might not be _the_ cause of bug 1346, but it is quite likely _a_
cause for bug 1346.
2010-04-13 15:05:03 -04:00
Peter Palfrader
5e679acc72 testsuite: Prevent the main thread from starving the worker threads 2010-04-12 18:15:20 -04:00
Peter Palfrader
a02923122e testsuite: Only free the main mutex when and if all the worker threads are done 2010-04-12 18:15:17 -04:00
Roger Dingledine
0324d3b0ec fetch relay descriptors from v3 authorities 2010-04-03 21:53:29 -04:00