[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #4594 [Tor Relay]: tor_tls_state_changed_callback(): detects of ClientHello is too late

To: undisclosed-recipients:;
Subject: [tor-bugs] #4594 [Tor Relay]: tor_tls_state_changed_callback(): detects of ClientHello is too late
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 28 Nov 2011 06:55:35 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 28 Nov 2011 01:55:48 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4594: tor_tls_state_changed_callback(): detects of ClientHello is too late
-----------------------+----------------------------------------------------
 Reporter:  troll_un   |          Owner:                    
     Type:  defect     |         Status:  new               
 Priority:  normal     |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Relay  |        Version:  Tor: 0.2.3.8-alpha
 Keywords:             |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------
 It's a git master 58d1aa4 with #4312 fixes.

 {{{
   if (type == SSL_CB_ACCEPT_LOOP &&
       ssl->state == SSL3_ST_SW_SRVR_HELLO_A) {

     /* Call tor_tls_got_client_hello() for every SSL ClientHello we
        receive. */
 }}}
 As OpenSSL's code says, such conditions happens not after ClientHello
 recved. It happens already when serverhello sent. It's too late for
 accurate counting cleinthello with limit renegs.

 Server shouldn't say hello if doesn't want a new clienthello.

 Correct states for such case is
 SSL3_ST_SR_CLNT_HELLO_A || SSL3_ST_SR_CLNT_HELLO_B ||
 SSL3_ST_SR_CLNT_HELLO_C (reason is non blocking io)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4594>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #4594 [Tor Relay]: tor_tls_state_changed_callback(): detects of ClientHello is too late
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #4594 [Tor Relay]: tor_tls_state_changed_callback(): detects of ClientHello is too late
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #4593 [EFF-HTTPS Everywhere]: Breaks goodreads.com / cloudfront.net
Next by Author: Re: [tor-bugs] #4593 [EFF-HTTPS Everywhere]: Breaks goodreads.com / cloudfront.net
Previous by thread: Re: [tor-bugs] #4593 [EFF-HTTPS Everywhere]: Breaks goodreads.com / cloudfront.net
Next by thread: Re: [tor-bugs] #4594 [Tor Relay]: tor_tls_state_changed_callback(): detects of ClientHello is too late
Index(es):
- Author
- Thread