diff options
author | Nick Mathewson <nickm@torproject.org> | 2003-09-15 19:38:52 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2003-09-15 19:38:52 +0000 |
commit | e4dfc3c8fe70501354d0cbd56e313b77640e9233 (patch) | |
tree | de50e7a36e9eccb0b4b8131fee5d3b3bd54f2b3e /src | |
parent | 633a5ffc0b1ef41eec408964adc26bc4d8cb4f74 (diff) | |
download | tor-e4dfc3c8fe70501354d0cbd56e313b77640e9233.tar.gz tor-e4dfc3c8fe70501354d0cbd56e313b77640e9233.zip |
Cipher lists need to be colon separated. Also make initialization more bulletproof
svn:r459
Diffstat (limited to 'src')
-rw-r--r-- | src/common/crypto.c | 7 | ||||
-rw-r--r-- | src/common/tortls.c | 20 |
2 files changed, 17 insertions, 10 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index df4822fc41..538f946ae8 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -108,9 +108,14 @@ crypto_cipher_evp_cipher(int type, int enc) { } } +static int _crypto_global_initialized = 0; + int crypto_global_init() { - ERR_load_crypto_strings(); + if (!_crypto_global_initialized) { + ERR_load_crypto_strings(); + _crypto_global_initialized = 1; + } return 0; } diff --git a/src/common/tortls.c b/src/common/tortls.c index 8155b841a1..dbfbe29c0d 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -46,10 +46,10 @@ EVP_PKEY *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env); crypto_pk_env_t *_crypto_new_pk_env_rsa(RSA *rsa); static void -tls_log_error(int severity, const char *doing, int err) +tls_log_error(int severity, const char *doing) { - const char *msg = (const char*)ERR_reason_error_string(err); - if (!err) msg = "(null)"; + const char *msg = (const char*)ERR_reason_error_string(ERR_get_error()); + if (!msg) msg = "(null)"; if (doing) { log(severity, "TLS error while %s: %s", doing, msg); } else { @@ -71,14 +71,14 @@ tor_tls_get_error(tor_tls *tls, int r, int extra, return TOR_TLS_WANTWRITE; case SSL_ERROR_SYSCALL: /* This is oververbose XXX */ - tls_log_error(severity, doing, err); + tls_log_error(severity, doing); return extra ? _TOR_TLS_SYSCALL : TOR_TLS_ERROR; case SSL_ERROR_ZERO_RETURN: /* This is oververbose XXX */ - tls_log_error(severity, doing, err); + tls_log_error(severity, doing); return extra ? _TOR_TLS_ZERORETURN : TOR_TLS_ERROR; default: - tls_log_error(severity, doing, err); + tls_log_error(severity, doing); return TOR_TLS_ERROR; } } @@ -87,7 +87,9 @@ static void tor_tls_init() { if (!tls_library_is_initialized) { SSL_library_init(); + SSL_load_error_strings(); crypto_global_init(); + OpenSSL_add_all_algorithms(); tls_library_is_initialized = 1; } } @@ -155,7 +157,7 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname) goto error; if (!(PEM_write_bio_X509(out, x509))) goto error; - + r = 0; goto done; error: @@ -181,7 +183,7 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname) /* Some people are running OpenSSL before 0.9.7, but we aren't. * We can support AES and 3DES. */ -#define CIPHER_LIST (TLS1_TXT_DHE_RSA_WITH_AES_128_SHA \ +#define CIPHER_LIST (TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" \ SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) #else /* We're running OpenSSL before 0.9.7. We only support 3DES. */ @@ -354,7 +356,7 @@ tor_tls_handshake(tor_tls *tls) } return r; } - + /* Shut down an open tls connection 'tls'. When finished, returns * TOR_TLS_DONE. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD, * or TOR_TLS_WANTWRITE. |