diff options
author | Nick Mathewson <nickm@torproject.org> | 2010-10-04 13:56:17 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2010-10-04 13:56:17 -0400 |
commit | 4c71be65d83c961571db4ca460250503957cbe84 (patch) | |
tree | a30c444789f6b0c4530bbe5c6c35073f604783b2 /src/common/tortls.c | |
parent | 64535a401b4887df8e8852d97a716273ca4eb580 (diff) | |
parent | 1b8c8059c72940e47afa787fe50adbcfeb192895 (diff) | |
download | tor-4c71be65d83c961571db4ca460250503957cbe84.tar.gz tor-4c71be65d83c961571db4ca460250503957cbe84.zip |
Merge remote branch 'origin/maint-0.2.2'
Diffstat (limited to 'src/common/tortls.c')
-rw-r--r-- | src/common/tortls.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index ce5411a55e..7568a6b47f 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -93,7 +93,9 @@ static int use_unsafe_renegotiation_op = 0; * SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */ static int use_unsafe_renegotiation_flag = 0; -/** Structure holding the TLS state for a single connection. */ +/** Holds a SSL_CTX object and related state used to configure TLS + * connections. + */ typedef struct tor_tls_context_t { int refcnt; SSL_CTX *ctx; @@ -379,7 +381,7 @@ tor_tls_init(void) version = SSLeay(); - /* OpenSSL 0.9.8l introduced SSL3_FLAGS_ALLOW_UNSAGE_LEGACY_RENEGOTIATION + /* OpenSSL 0.9.8l introduced SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION * here, but without thinking too hard about it: it turns out that the * flag in question needed to be set at the last minute, and that it * conflicted with an existing flag number that had already been added @@ -562,9 +564,9 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa, (TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":" \ TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" \ SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) -/* Note: for setting up your own private testing network with link crypto - * disabled, set the cipher lists to your cipher list to - * SSL3_TXT_RSA_NULL_SHA. If you do this, you won't be able to communicate +/* Note: to set up your own private testing network with link crypto + * disabled, set your Tors' cipher list to + * (SSL3_TXT_RSA_NULL_SHA). If you do this, you won't be able to communicate * with any of the "real" Tors, though. */ #ifdef V2_HANDSHAKE_CLIENT @@ -625,7 +627,7 @@ tor_tls_context_incref(tor_tls_context_t *ctx) /** Create a new TLS context for use with Tor TLS handshakes. * <b>identity</b> should be set to the identity key used to sign the - * certificate, and <b>nickname</b> set to the nickname to use. + * certificate. * * You can call this function multiple times. Each time you call it, * it generates new certificates; all new connections will use @@ -728,8 +730,8 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) SSL_CTX_set_mode(result->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); /* Free the old context if one exists. */ if (global_tls_context) { - /* This is safe even if there are open connections: OpenSSL does - * reference counting with SSL and SSL_CTX objects. */ + /* This is safe even if there are open connections: we reference- + * count tor_tls_context_t objects. */ tor_tls_context_decref(global_tls_context); } global_tls_context = result; @@ -935,7 +937,7 @@ tor_tls_new(int sock, int isServer) tor_assert(global_tls_context); /* make sure somebody made it first */ if (!(result->ssl = SSL_new(global_tls_context->ctx))) { - tls_log_errors(NULL, LOG_WARN, LD_NET, "generating TLS context"); + tls_log_errors(NULL, LOG_WARN, LD_NET, "creating SSL object"); tor_free(result); return NULL; } @@ -992,7 +994,7 @@ tor_tls_new(int sock, int isServer) #endif /* Not expected to get called. */ - tls_log_errors(NULL, LOG_WARN, LD_NET, "generating TLS context"); + tls_log_errors(NULL, LOG_WARN, LD_NET, "creating tor_tls_t object"); return result; } |