Commit Graph

954 Commits

Author SHA1 Message Date
Nick Mathewson
de827f89df r14062@tombo: nickm | 2008-02-08 15:17:07 -0500
Change DNs in x509 certificates to be harder to fingerprint.  Raise common code.  Refactor random hostname generation into crypto.c


svn:r13429
2008-02-08 21:13:12 +00:00
Nick Mathewson
809227a121 r14061@tombo: nickm | 2008-02-08 14:30:42 -0500
Add a couple of (currently disabled) strategies for trying to avoid using too much ram in memory pools: prefer putting new cells in almost-full chunks, and be willing to free the last empty chunk if we have not needed it for a while.  Also add better output to mp_pool_log_status to track how many mallocs a given memory pool strategy is saving us, so we can tune the mempool parameters.


svn:r13428
2008-02-08 21:13:08 +00:00
Nick Mathewson
eecc44dab8 r17963@catbus: nickm | 2008-02-07 10:14:25 -0500
Be more thorough about memory poisoning and clearing.  Add an in-place version of aes_crypt in order to remove a memcpy from relay_crypt_one_payload.


svn:r13414
2008-02-07 16:10:33 +00:00
Nick Mathewson
f77b8338d2 r17957@catbus: nickm | 2008-02-06 20:08:29 -0500
Oops; left a dquote out of acinclude.m4


svn:r13410
2008-02-07 01:08:33 +00:00
Nick Mathewson
6e2946fb5d r17949@catbus: nickm | 2008-02-06 13:21:12 -0500
Fix bandwidth bucked calculations again, I think. Bugfix on 0.1.2.x. Backport candidate.


svn:r13406
2008-02-06 18:21:16 +00:00
Nick Mathewson
368f62c79d r17933@catbus: nickm | 2008-02-05 19:54:28 -0500
Stamp out a bunch of atoi users; make more tor_parse_long() users check their outputs.


svn:r13395
2008-02-06 00:54:47 +00:00
Nick Mathewson
12071df6c8 r17930@catbus: nickm | 2008-02-05 18:20:40 -0500
Initial attempts to track down bug 600, and refactor possibly offending code.  1) complain early if circuit state is set to OPEN when an onionskin is pending.  2) refactor onionskin field into one only used when n_conn is pending, and a separate onionskin field waiting for attention by a cpuworker.  This might even fix the bug.  More likely, it will make it fail with a more useful core.


svn:r13394
2008-02-05 23:20:49 +00:00
Nick Mathewson
fac2cd3b03 r17916@catbus: nickm | 2008-02-05 16:29:35 -0500
Fix some XXX020 items in control.c: add a maximum line length and note that the number of versioning authorities is no longer apparent to clients.


svn:r13390
2008-02-05 21:39:49 +00:00
Nick Mathewson
c11c48fc78 r17913@catbus: nickm | 2008-02-05 16:11:33 -0500
Correctly register failures in connection_add() in dnsserv_launch_request()


svn:r13387
2008-02-05 21:39:40 +00:00
Roger Dingledine
fdbefc8934 If we're a relay, avoid picking ourselves as an introduction point,
a rendezvous point, or as the final hop for internal circuits. Bug
reported by taranis and lodger. Bugfix on 0.1.2.x.


svn:r13372
2008-02-04 17:25:24 +00:00
Roger Dingledine
426a9bbde1 Don't trigger an assert if we start a directory authority with a
private IP address (like 127.0.0.1).


svn:r13371
2008-02-04 16:58:50 +00:00
Nick Mathewson
91bac90310 r17863@catbus: nickm | 2008-02-01 00:27:07 -0500
Bugfix from weasel: possible fix for 593: make connection_write_to_buf("") work when using zlib compression.


svn:r13347
2008-02-01 05:27:12 +00:00
Nick Mathewson
f013fb5e31 r17854@catbus: nickm | 2008-01-30 17:52:43 -0500
Periodically check whether we have an expired consensus networkstatus.  If we do, and we think we have enough directory info, then call router_dir_info_changed().  Fixes bug 401.  This bug was deferred from 0.1.2.x, but fixing it there is nontrivial.


svn:r13342
2008-01-30 22:52:46 +00:00
Nick Mathewson
1793aeafae r17852@catbus: nickm | 2008-01-30 17:23:36 -0500
Correctly insert connections into the identity->connection map when we connect to a bridge without having specified its key.  Fixes bug 574.


svn:r13341
2008-01-30 22:23:44 +00:00
Nick Mathewson
b4ebe55d12 r13971@tombo: nickm | 2008-01-30 14:25:25 -0500
Write a new autoconf macro to test whether a function is declared. It is suboptimal and possibly buggy in some way, but it seems to work for me.  use it to test for a declaration of malloc_good_size, so we can workaround operating systems (like older OSX) that have the function in their libc but do not deign to declare it in their headers.  Should resolve bug 587.


svn:r13339
2008-01-30 19:25:31 +00:00
Nick Mathewson
0b06546620 r17844@catbus: nickm | 2008-01-30 13:31:37 -0500
Fix bug 597: stop telling people to email Tor-ops.  Also give a better suggestion when some other identity has been assigned the nickname we are using.


svn:r13337
2008-01-30 18:32:30 +00:00
Nick Mathewson
68cf666d04 Fix bug 571: associate certificates with keys, not dirservers, so that we can have certificates for dirservers we do not recognize.
svn:r13304
2008-01-26 23:18:30 +00:00
Roger Dingledine
596b822337 bump to 0.2.0.18-alpha-dev
svn:r13295
2008-01-26 05:38:44 +00:00
Roger Dingledine
65ecbdad76 a changelog entry for the various patches from karsten
svn:r13293
2008-01-26 04:35:16 +00:00
Roger Dingledine
ea0afb6c39 bump to 0.2.0.18-alpha
svn:r13291
2008-01-26 03:48:03 +00:00
Roger Dingledine
1445e17a21 We were computing the wrong Content-Length: header for directory
responses that need to be compressed on the fly, causing clients
asking for those items to always fail. Bugfix on 0.2.0.x; fixes
bug 593.


svn:r13268
2008-01-25 01:45:06 +00:00
Roger Dingledine
980fcb1ca7 When we get a consensus that's been signed by more people than
we expect, don't log about it; it's not a big deal.


svn:r13249
2008-01-24 02:31:37 +00:00
Roger Dingledine
9d1832dd5a Set up dannenberg (run by CCC) as the sixth v3 directory
authority.


svn:r13231
2008-01-22 22:38:38 +00:00
Roger Dingledine
a9aa8917fc a changelog entry for r13218
svn:r13220
2008-01-21 22:42:16 +00:00
Roger Dingledine
750ed3d015 We accidentally enabled the under-development v2 TLS handshake
code, which is causing log entries like "TLS error while
renegotiating handshake". Disable it again. Resolves bug 590.


svn:r13219
2008-01-21 22:33:01 +00:00
Roger Dingledine
a49f14d0d4 When we setconf ClientOnly to 1, close any current OR and Dir
listeners. Reported by mwenge.


svn:r13214
2008-01-21 21:21:19 +00:00
Roger Dingledine
b79850d574 Make "ClientOnly 1" config option disable directory ports too.
svn:r13213
2008-01-21 21:00:50 +00:00
Roger Dingledine
ff62154ba3 New config options WarnPlaintextPorts and RejectPlaintextPorts so
Tor can warn and/or refuse connections to ports commonly used with
vulnerable-plaintext protocols.

We still need to figure out some good defaults for them.


svn:r13198
2008-01-20 05:54:15 +00:00
Roger Dingledine
250590b9e7 and add blurbs for 0.2.0.1[67]-alpha
svn:r13189
2008-01-19 18:05:19 +00:00
Roger Dingledine
1ee96aa48c and forward-port those
svn:r13188
2008-01-19 17:58:09 +00:00
Roger Dingledine
43dce232ad If we've gone 12 hours since our last bandwidth check, and we
estimate we have less than 50KB bandwidth capacity but we could
handle more, do another bandwidth test.


svn:r13176
2008-01-18 04:58:40 +00:00
Roger Dingledine
3d3663a123 Don't answer "/tor/networkstatus-bridges" directory requests if
the request isn't encrypted.


svn:r13175
2008-01-18 04:51:12 +00:00
Roger Dingledine
06047bcec9 Avoid going directly to the directory authorities even if you're a
relay, if you haven't found yourself reachable yet or if you've
decided not to advertise your dirport yet. Addresses bug 556.


svn:r13172
2008-01-18 04:42:22 +00:00
Roger Dingledine
b4b3472b9f Make the tor-gencert man page get included correctly in the tarball.
svn:r13163
2008-01-17 20:32:37 +00:00
Roger Dingledine
fe2f9a29f8 muck with the 0.2.0.16-alpha some more
svn:r13159
2008-01-17 19:56:21 +00:00
Roger Dingledine
55e052b0a5 Assert error introduced in r11957:
Fix an assert if we post a general-purpose descriptor via the
control port but that descriptor isn't mentioned in our current
network consensus. Bug reported by Jon McLachlan; bugfix on
0.2.0.9-alpha.


svn:r13153
2008-01-17 05:25:21 +00:00
Nick Mathewson
4a3b7496f0 r17639@catbus: nickm | 2008-01-15 19:09:21 -0500
Fix some hard to trigger but nonetheless real memory leaks spotted by an anonymous contributor.  Needs review.  Partial backport candidate.


svn:r13147
2008-01-16 05:27:19 +00:00
Nick Mathewson
24aae484c9 r17624@catbus: nickm | 2008-01-15 00:42:01 -0500
Fixes to more anonymously-reported typos and logic errors.


svn:r13136
2008-01-15 05:57:19 +00:00
Nick Mathewson
89dfec02d8 r17614@catbus: nickm | 2008-01-14 13:55:25 -0500
Add a missing "goto err" when parsing v2 ns docs


svn:r13133
2008-01-14 19:00:33 +00:00
Nick Mathewson
d7fb8a34ac r17613@catbus: nickm | 2008-01-14 13:52:44 -0500
Do not segfault if symetric key generation somehow fails in crypto_hybrid_encrypt.


svn:r13132
2008-01-14 19:00:28 +00:00
Nick Mathewson
3b8f76aa51 r17611@catbus: nickm | 2008-01-14 13:44:16 -0500
add some missing checks for failing return values.


svn:r13130
2008-01-14 19:00:23 +00:00
Nick Mathewson
e49229caf8 r17610@catbus: nickm | 2008-01-14 13:20:49 -0500
Fix a bogus free() call on a base64 failure in router_append_dirobj_signature().


svn:r13129
2008-01-14 19:00:19 +00:00
Roger Dingledine
134924482f 0.2.0.15-alpha blurb
svn:r13102
2008-01-11 02:31:19 +00:00
Nick Mathewson
10d86f7615 r17558@catbus: nickm | 2008-01-10 13:07:41 -0500
If we do not serve v2 directory info, and our cached v2 networkstatus files are very old, remove them.  If the directory is old, remove that too.  (We already did this for obsolete routers files.)


svn:r13096
2008-01-10 18:08:42 +00:00
Nick Mathewson
04263648c4 r17554@catbus: nickm | 2008-01-10 12:48:29 -0500
Do not send bridge descriptors over unencrypted connections.


svn:r13094
2008-01-10 17:48:40 +00:00
Nick Mathewson
59fdab43cd r17552@catbus: nickm | 2008-01-10 12:13:43 -0500
Make bridge geoip data get rounded up, not down.


svn:r13092
2008-01-10 17:48:32 +00:00
Nick Mathewson
c508fa5aec r17550@catbus: nickm | 2008-01-10 12:08:01 -0500
Add a manual page for tor-gencert.  Also implement the missing -s option in tor-gencert, and fix the info message for when no cert file is specified.


svn:r13091
2008-01-10 17:08:05 +00:00
Nick Mathewson
ca5f670fab r17548@catbus: nickm | 2008-01-10 11:08:12 -0500
Make proposal-109 behavior optional.


svn:r13090
2008-01-10 16:08:47 +00:00
Roger Dingledine
7d3bf1608b Set up gabelmoo (run by Karsten Loesing) as the fifth v3 directory
authority.


svn:r13079
2008-01-08 23:51:48 +00:00
Nick Mathewson
177d5102d5 r17503@catbus: nickm | 2008-01-07 14:15:30 -0500
Change set_current_consensus interface to take a flags variable.  Do not try to fetch certificates until after we have tried loading the fallback consensus.  Should fix bug 583.


svn:r13058
2008-01-07 19:15:34 +00:00