summaryrefslogtreecommitdiff
path: root/src/or/config.c
AgeCommit message (Collapse)Author
2015-06-17Support encrypted offline master keys with a new --keygen flagNick Mathewson
When --keygen is provided, we prompt for a passphrase when we make a new master key; if it is nonempty, we store the secret key in a new crypto_pwbox. Also, if --keygen is provided and there *is* an encrypted master key, we load it and prompt for a passphrase unconditionally. We make a new signing key unconditionally when --keygen is provided. We never overwrite a master key.
2015-05-28Merge branch '12498_ed25519_keys_v6'Nick Mathewson
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28Generate weird certificates correctlyNick Mathewson
(Our link protocol assumes that the link cert certifies the TLS key, and there is an RSA->Ed25519 crosscert)
2015-05-28Regenerate ed25519 keys when they will expire soon.Nick Mathewson
Also, have testing-level options to set the lifetimes and expiration-tolerances of all key types, plus a non-testing-level option to set the lifetime of any auto-generated signing key.
2015-05-28# This is a combination of 2 commits.Nick Mathewson
# The first commit's message is: Regenerate ed25519 keys when they will expire soon. Also, have testing-level options to set the lifetimes and expiration-tolerances of all key types, plus a non-testing-level option to set the lifetime of any auto-generated signing key. # The 2nd commit message will be skipped: # fixup! Regenerate ed25519 keys when they will expire soon.
2015-05-21Remove support for OpenSSL without ECC.Yawning Angel
As OpenSSL >= 1.0.0 is now required, ECDHE is now mandatory. The group has to be validated at runtime, because of RedHat lawyers (P224 support is entirely missing in the OpenSSL RPM, but P256 is present and is the default). Resolves ticket #16140.
2015-05-20Add "HiddenServiceMaxStreams" as a per-HS tunable.Yawning Angel
When set, this limits the maximum number of simultaneous streams per rendezvous circuit on the server side of a HS, with further RELAY_BEGIN cells being silently ignored. This can be modified via "HiddenServiceMaxStreamsCloseCircuit", which if set will cause offending rendezvous circuits to be torn down instead. Addresses part of #16052.
2015-04-23Merge remote-tracking branch 'public/remove_old_libevent_autoconf_stuff'Nick Mathewson
2015-04-23Merge remote-tracking branch 'andrea/ticket14840'Nick Mathewson
2015-04-23Unit tests for consider_adding_dir_servers() as modified in #15642teor
Unit tests for the 10 valid combinations of set/NULL config options DirAuthorities, AlternateBridgeAuthority, AlternateDirAuthority, and FallbackDir. Add assertion in consider_adding_dir_servers() for checks in validate_dir_servers(): "You cannot set both DirAuthority and Alternate*Authority."
2015-04-23Disable default fallback directories when other directories are setteor
Only add the default fallback directories when the DirAuthorities, AlternateDirAuthority, and FallbackDir directory config options are set to their defaults. The default fallback directory list is currently empty, this fix will only change tor's behaviour when it has default fallback directories. Fixes bug 15642; bugfix on 90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor".
2015-04-17Add default DirAuthority lines to output of ↵Andrea Shepard
getinfo_helper_config(config/defaults) if not already present
2015-04-17Move list of default directory authorities to file scopeAndrea Shepard
2015-04-07Merge branch 'bug15604_squashed'Nick Mathewson
2015-04-07Set ConnDirectionStatistics back to 0 if not running as relay.rl1987
2015-04-07Merge branch 'bug15541_squashed'Nick Mathewson
2015-04-07Update other entries in CMDLINE_ONLY_OPTIONS to use values from ↵rl1987
takes_argument_t.
2015-04-07Print the error message for --dump-config even if no arguments are given.rl1987
2015-04-06Fix the memory leak in `warn_if_option_path_is_relative()`.Yawning Angel
Fixes coverity defect CID 1293337, not in any released version of tor.
2015-04-01Merge branch 'remove_digests'Nick Mathewson
2015-04-01Merge branch 'bug13736'Nick Mathewson
2015-04-01Remove needless call to crypto_set_tls_dh_prime()Nick Mathewson
2015-04-01Drop support for --digestsNick Mathewson
This is a fair amount of maintainance burden, and doesn't help much more than the git microversion. Closes ticket 14742.
2015-03-25clean up list of paths that cannot be relativeNick Mathewson
2015-03-24Merge branch 'bug14018'Nick Mathewson
2015-03-24Complain if relative paths are used in configurationrl1987
When we validate torrc options, print warning(s) when relative path(s) been found.
2015-03-24Check return values for tor_addr_parse(default) in config.cNick Mathewson
In these cases, the address is always a constant "default", so should always succeed. But coverity can't tell that. Fixes CID 1291645
2015-03-14Remove DynamicDHGroups as obsoleted by PluggableTransports or P256.Nick Mathewson
Closes ticket 13736.
2015-03-12Remove workarounds for Libevent < 1.3.Nick Mathewson
This actually lets us dump a lot of old cruft that nobody had (I hope!) tested in ages. Closes 15248.
2015-03-12Initialize the extorport auth cookie before launching PTs.Yawning Angel
PTs expect the auth cookie to be available immedieately after launch, leading to a race condition when PTs opt to cache the extorport cookie once immediately after startup. Fixes #15240.
2015-02-20Merge remote-tracking branch 'origin/maint-0.2.5'Nick Mathewson
2015-02-20Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5Nick Mathewson
2015-02-19Check ENABLE_TOR2WEB_MODE before any tor2webmode codeNick Mathewson
2015-02-18Merge branch 'bug9321_rerebase'Nick Mathewson
Conflicts: src/or/dirvote.h src/test/include.am src/test/test_entrynodes.c
2015-02-18Don't exit if we can't find the GuardfractionFile when booting.George Kadianakis
...just disable the feature in that case.
2015-02-18Parse GuardFraction info from consensuses and votes.George Kadianakis
Also introduce the UseGuardFraction torrc option which decides whether clients should use guardfraction information found in the consensus.
2015-02-18Parse Guardfraction file and apply results to routerstatuses.George Kadianakis
Parse the file just before voting and apply its information to the provided vote_routerstatus_t. This follows the same logic as when dirauths parse bwauth files.
2015-02-17Merge remote-tracking branch 'public/feature_13822'Nick Mathewson
2015-02-16No, coverity, this is not a memory leak. 1268065Nick Mathewson
2015-02-16Faravahar's New IP Address as of 2/20/2015Sina Rabbani
2015-02-15Call cpu_init if we change to being a relaySebastian Hahn
The issue is that we use the cpuworker system with relays only, so if we start up as a client and transition to being a relay later, we'll be sad. This fixes bug 14901; not in any released version of Tor.
2015-02-11Merge branch 'bug12844'Nick Mathewson
Conflicts: src/or/circuituse.c src/test/include.am src/test/test_entrynodes.c
2015-02-07Search-and-replace to regain coding style in wake of 13822.Nick Mathewson
(all-caps should be reserved for global or module-global constants and
2015-02-07Split ROUTER_REQUIRED_MIN_BANDWIDTH into RELAY_ and BRIDGE_ variantsNick Mathewson
Also raise those minima from 20 to 75 and 50 respectively. Closes ticket 13822.
2015-02-02Fix an unused-variable warning.Nick Mathewson
2015-02-02Merge branch 'feature13864_squashed'Nick Mathewson
2015-02-02Allow reading torrc from stdin.rl1987
2015-01-30Merge remote-tracking branch 'public/prop227_v2'Nick Mathewson
Conflicts: src/test/test_dir.c
2015-01-30Correctly handle OutboundBindAddress again.Nick Mathewson
ca5ba2956bcd4b5ee1e526ccf5914f52fe6e6d51 broke this; bug not in any released Tor. Also fix a typo. Fixes 14541 and 14527. Reported by qbi.
2015-01-29Restrict unix: addresses to control and socks for nowNick Mathewson
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion