[tor-bugs] #2204 [Tor Relay]: Recent openssls (1.0.0b and 0.9.8p) break relay handshakes
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sun Nov 21 01:28:30 UTC 2010
#2204: Recent openssls (1.0.0b and 0.9.8p) break relay handshakes
--------------------------------+-------------------------------------------
Reporter: stars | Type: defect
Status: new | Priority: critical
Milestone: Tor: 0.2.1.x-final | Component: Tor Relay
Version: | Keywords:
Parent: |
--------------------------------+-------------------------------------------
Comment(by Sebastian):
So here's a patch that makes a private network work in that relays are
listed in the consensus etc. I'm very unsure about it being correct since
we use the tlsext_hostname field because browsers do it too. This does
make me hopeful that we can solve this in Tor, however.
{{{
diff --git a/src/common/tortls.c b/src/common/tortls.c
index c4b2500..9d4ca63 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1054,18 +1054,18 @@ tor_tls_new(int sock, int isServer)
#ifdef SSL_set_tlsext_host_name
/* Browsers use the TLS hostname extension, so we should too. */
- {
+/* {
char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
SSL_set_tlsext_host_name(result->ssl, fake_hostname);
tor_free(fake_hostname);
- }
+ }*/
#endif
if (!SSL_set_cipher_list(result->ssl,
isServer ? SERVER_CIPHER_LIST : CLIENT_CIPHER_LIST))
{
tls_log_errors(NULL, LOG_WARN, LD_NET, "setting ciphers");
#ifdef SSL_set_tlsext_host_name
- SSL_set_tlsext_host_name(result->ssl, NULL);
+// SSL_set_tlsext_host_name(result->ssl, NULL);
#endif
SSL_free(result->ssl);
tor_free(result);
@@ -1078,7 +1078,7 @@ tor_tls_new(int sock, int isServer)
if (! bio) {
tls_log_errors(NULL, LOG_WARN, LD_NET, "opening BIO");
#ifdef SSL_set_tlsext_host_name
- SSL_set_tlsext_host_name(result->ssl, NULL);
+// SSL_set_tlsext_host_name(result->ssl, NULL);
#endif
SSL_free(result->ssl);
tor_free(result);
@@ -1204,7 +1204,7 @@ tor_tls_free(tor_tls_t *tls)
log_warn(LD_BUG, "Freeing a TLS that was not in the ssl->tls map.");
}
#ifdef SSL_set_tlsext_host_name
- SSL_set_tlsext_host_name(tls->ssl, NULL);
+// SSL_set_tlsext_host_name(tls->ssl, NULL);
#endif
SSL_free(tls->ssl);
tls->ssl = NULL;
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2204#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list