diff options
| author | Nick Mathewson <nickm@torproject.org> | 2010-11-21 14:33:11 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2010-11-21 14:33:11 -0500 |
| commit | 2bd64f9e8f613a885ace601787fbbfde607810b6 (patch) | |
| tree | fa69f0845ce379809cc9c41364c1b6725bf79fcb | |
| parent | a33b338c5bf5e40037f465c0257a70dedb095e82 (diff) | |
| parent | a9d2148f53aed97d060498e13ca1597a28bc47c7 (diff) | |
| download | tor-2bd64f9e8f613a885ace601787fbbfde607810b6.tar.gz tor-2bd64f9e8f613a885ace601787fbbfde607810b6.zip | |
Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
| -rw-r--r-- | changes/fix2204 | 7 | ||||
| -rw-r--r-- | src/common/tortls.c | 2 |
2 files changed, 8 insertions, 1 deletions
diff --git a/changes/fix2204 b/changes/fix2204 new file mode 100644 index 0000000000..fb2771a7fa --- /dev/null +++ b/changes/fix2204 @@ -0,0 +1,7 @@ + o Major bugfixes + - Do not set the tlsext_host_name extension on server SSL objects; + only on client SSL objects. We set it to immitate a browser, not a + vhosting server. This resolves an incompatibility with openssl 0.9.8p + and openssl 1.0.0b. Fixes bug 2204; bugfix on 0.2.1.1-alpha. + + diff --git a/src/common/tortls.c b/src/common/tortls.c index 1bb3b8b356..fa89412f6e 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1027,7 +1027,7 @@ tor_tls_new(int sock, int isServer) #ifdef SSL_set_tlsext_host_name /* Browsers use the TLS hostname extension, so we should too. */ - { + if (!isServer) { char *fake_hostname = crypto_random_hostname(4,25, "www.",".com"); SSL_set_tlsext_host_name(result->ssl, fake_hostname); tor_free(fake_hostname); |