Merge branch 'fix2204' into maint-0.2.1

author: Nick Mathewson <nickm@torproject.org> 2010-11-21 14:28:38 -0500
committer: Nick Mathewson <nickm@torproject.org> 2010-11-21 14:28:38 -0500
commit: a9d2148f53aed97d060498e13ca1597a28bc47c7 (patch)
tree: 8e7d103ece7e5994268913b26f5e5dbf362e13fe
parent: 566a115be1acbd0838c81edd251cf7ae47b94fe3 (diff)
parent: 92a99736fd22564515604aa140b8898befd9858e (diff)
download: tor-a9d2148f53aed97d060498e13ca1597a28bc47c7.tar.gz
tor-a9d2148f53aed97d060498e13ca1597a28bc47c7.zip
2 files changed, 8 insertions, 1 deletions
diff --git a/changes/fix2204 b/changes/fix2204
new file mode 100644
index 0000000000..fb2771a7fa
--- /dev/null
+++ b/changes/fix2204
@@ -0,0 +1,7 @@
+  o Major bugfixes
+    - Do not set the tlsext_host_name extension on server SSL objects;
+      only on client SSL objects.  We set it to immitate a browser, not a
+      vhosting server. This resolves an incompatibility with openssl 0.9.8p
+      and openssl 1.0.0b.  Fixes bug 2204; bugfix on 0.2.1.1-alpha.
+
+
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 25f21a9892..2915f79195 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -898,7 +898,7 @@ tor_tls_new(int sock, int isServer)
 
 #ifdef SSL_set_tlsext_host_name
   /* Browsers use the TLS hostname extension, so we should too. */
-  {
+  if (!isServer) {
     char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
     SSL_set_tlsext_host_name(result->ssl, fake_hostname);
     tor_free(fake_hostname);
author	Nick Mathewson <nickm@torproject.org>	2010-11-21 14:28:38 -0500
committer	Nick Mathewson <nickm@torproject.org>	2010-11-21 14:28:38 -0500
commit	a9d2148f53aed97d060498e13ca1597a28bc47c7 (patch)
tree	8e7d103ece7e5994268913b26f5e5dbf362e13fe
parent	566a115be1acbd0838c81edd251cf7ae47b94fe3 (diff)
parent	92a99736fd22564515604aa140b8898befd9858e (diff)
download	tor-a9d2148f53aed97d060498e13ca1597a28bc47c7.tar.gz tor-a9d2148f53aed97d060498e13ca1597a28bc47c7.zip