diff options
| author | Nick Mathewson <nickm@torproject.org> | 2010-10-12 14:45:15 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2010-10-12 14:52:33 -0400 |
| commit | fbacbf9fd92a7f10a86a314b20d34f609fb1e72f (patch) | |
| tree | de07a47f196592c5c9756405d095944a505226ec | |
| parent | a9172c87beaf94119b0c0dc280267d9c76b957b7 (diff) | |
| download | tor-fbacbf9fd92a7f10a86a314b20d34f609fb1e72f.tar.gz tor-fbacbf9fd92a7f10a86a314b20d34f609fb1e72f.zip | |
Set OpenSSL 0.9.8l renegotiation flag early enough for bufferevents
This seems to fix another case of bug2001.
| -rw-r--r-- | src/common/tortls.c | 20 | ||||
| -rw-r--r-- | src/common/tortls.h | 1 |
2 files changed, 21 insertions, 0 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index d560cbf940..40a7c5e9f3 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -863,6 +863,10 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) if (tls) { tls->wasV2Handshake = 1; +#ifdef USE_BUFFEREVENTS + if (use_unsafe_renegotiation_flag) + tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; +#endif } else { log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!"); } @@ -1071,6 +1075,18 @@ tor_tls_block_renegotiation(tor_tls_t *tls) tls->ssl->s3->flags &= ~SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; } +void +tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls) +{ + if (use_unsafe_renegotiation_flag) { + tor_assert(0 != (tls->ssl->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)); + } + if (use_unsafe_renegotiation_op) { + long options = SSL_get_options(tls->ssl); + tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)); + } +} + /** Return whether this tls initiated the connect (client) or * received it (server). */ int @@ -1752,6 +1768,10 @@ tor_tls_init_bufferevent(tor_tls_t *tls, struct bufferevent *bufev_in, state, BEV_OPT_DEFER_CALLBACKS); #endif + /* Unblock _after_ creating the bufferevent, since accept/connect tend to + * clear flags. */ + tor_tls_unblock_renegotiation(tls); + return out; } #endif diff --git a/src/common/tortls.h b/src/common/tortls.h index 950d430788..c1de456611 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -68,6 +68,7 @@ int tor_tls_finish_handshake(tor_tls_t *tls); int tor_tls_renegotiate(tor_tls_t *tls); void tor_tls_unblock_renegotiation(tor_tls_t *tls); void tor_tls_block_renegotiation(tor_tls_t *tls); +void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls); int tor_tls_shutdown(tor_tls_t *tls); int tor_tls_get_pending_bytes(tor_tls_t *tls); size_t tor_tls_get_forced_write_size(tor_tls_t *tls); |