diff options
author | Nick Mathewson <nickm@torproject.org> | 2007-07-29 23:11:42 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2007-07-29 23:11:42 +0000 |
commit | 759ed3ce3f1de0911f25ad1e3a8016e01d3272a6 (patch) | |
tree | 97168a243856dc9a86bd786193ea472e2bad0058 | |
parent | ca7c53d3cc93c71ee1c5d268cbfd3c48dfb1848f (diff) | |
download | tor-759ed3ce3f1de0911f25ad1e3a8016e01d3272a6.tar.gz tor-759ed3ce3f1de0911f25ad1e3a8016e01d3272a6.zip |
r13988@catbus: nickm | 2007-07-29 16:32:36 -0400
Cheesy attempt to break some censorware. Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them.
svn:r10975
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | src/common/tortls.c | 6 |
2 files changed, 7 insertions, 3 deletions
@@ -18,6 +18,10 @@ Changes in version 0.2.0.3-alpha - 2007-07-29 - Directory authorities now never mark more than 3 servers per IP as Valid and Running. (Implements proposal 109, by Kevin Bauer and Damon McCoy.) + - Minor change to organizationName and commonName generation procedures + in certificates, to invalidate some earlier censorware approaches. + This is not a long-term solution, but applying it will give us a bit of + time to look into the epidemiology of countermeasures as they spread. o Major bugfixes (directory): - Rewrite directory tokenization code to never run off the end of diff --git a/src/common/tortls.c b/src/common/tortls.c index f56ce10bab..de39969d54 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -274,7 +274,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa, if ((nid = OBJ_txt2nid("organizationName")) == NID_undef) goto error; if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, - (unsigned char*)"Tor", -1, -1, 0))) + (unsigned char*)"t o r", -1, -1, 0))) goto error; if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, @@ -288,7 +288,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa, if ((nid = OBJ_txt2nid("organizationName")) == NID_undef) goto error; if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC, - (unsigned char*)"Tor", -1, -1, 0))) + (unsigned char*)"t o r", -1, -1, 0))) goto error; if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC, @@ -361,7 +361,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname, char nn2[128]; if (!nickname) nickname = "null"; - tor_snprintf(nn2, sizeof(nn2), "%s <identity>", nickname); + tor_snprintf(nn2, sizeof(nn2), "%s <signing>", nickname); tor_tls_init(); |