summaryrefslogtreecommitdiff
path: root/src/or/circuitlist.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2010-04-13 14:58:30 -0400
committerNick Mathewson <nickm@torproject.org>2010-04-13 15:05:03 -0400
commit6ad09cc6afa4d620978b6b18f7f134d15903dcc1 (patch)
tree7845e5b13859e18996ff032084ca56c773372d31 /src/or/circuitlist.c
parent5e679acc72a2648c38a3ee3a2b05cd5b75906568 (diff)
downloadtor-6ad09cc6afa4d620978b6b18f7f134d15903dcc1.tar.gz
tor-6ad09cc6afa4d620978b6b18f7f134d15903dcc1.zip
Fix renegotiation on OpenSSL versions that backport RFC5746.
Our code assumed that any version of OpenSSL before 0.9.8l could not possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION. This is so... except that many vendors have backported the flag from later versions of openssl when they backported the RFC5476 renegotiation feature. The new behavior is particularly annoying to detect. Previously, leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that clients would fail to renegotiate. People noticed that one fast! Now, OpenSSL's RFC5476 support means that clients will happily talk to any servers there are, but servers won't accept renegotiation requests from unpatched clients unless SSL_OP_ALLOW_etc is set. More fun: servers send back a "no renegotiation for you!" error, which unpatched clients respond to by stalling, and generally producing no useful error message. This might not be _the_ cause of bug 1346, but it is quite likely _a_ cause for bug 1346.
Diffstat (limited to 'src/or/circuitlist.c')
0 files changed, 0 insertions, 0 deletions