[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Remove client-side support for detecting v1 handshake
commit 6505d529a5cc669ee723d818a614fe7663e5c0ea
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Wed Oct 7 10:10:08 2015 -0400
Remove client-side support for detecting v1 handshake
Fixes more of 11150
---
src/common/tortls.c | 22 +++-------------------
src/or/connection_or.c | 7 +++----
2 files changed, 6 insertions(+), 23 deletions(-)
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 62d8cab..4321330 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1941,25 +1941,9 @@ tor_tls_finish_handshake(tor_tls_t *tls)
tls->wasV2Handshake = 0;
}
} else {
-#if 1111
- /* XXXXXXXX remove v1 detection support, NM! */
- /* If we got no ID cert, we're a v2 handshake. */
- X509 *cert = SSL_get_peer_certificate(tls->ssl);
- STACK_OF(X509) *chain = SSL_get_peer_cert_chain(tls->ssl);
- int n_certs = sk_X509_num(chain);
- if (n_certs > 1 || (n_certs == 1 && cert != sk_X509_value(chain, 0))) {
- log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it "
- "looks like a v1 handshake on %p", tls);
- tls->wasV2Handshake = 0;
- } else {
- log_debug(LD_HANDSHAKE,
- "Server sent back a single certificate; looks like "
- "a v2 handshake on %p.", tls);
- tls->wasV2Handshake = 1;
- }
- if (cert)
- X509_free(cert);
-#endif
+ /* Client-side */
+ tls->wasV2Handshake = 1;
+ /* XXXX this can move, probably? -NM */
if (SSL_set_cipher_list(tls->ssl, SERVER_CIPHER_LIST) == 0) {
tls_log_errors(NULL, LOG_WARN, LD_HANDSHAKE, "re-setting ciphers");
r = TOR_TLS_ERROR_MISC;
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 8e12aa0..c08dc4b 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1783,11 +1783,10 @@ connection_tls_finish_handshake(or_connection_t *conn)
circuit_build_times_network_is_live(get_circuit_build_times_mutable());
if (tor_tls_used_v1_handshake(conn->tls)) {
+ tor_assert(!started_here);
conn->link_proto = 1;
- if (!started_here) {
- connection_or_init_conn_from_address(conn, &conn->base_.addr,
- conn->base_.port, digest_rcvd, 0);
- }
+ connection_or_init_conn_from_address(conn, &conn->base_.addr,
+ conn->base_.port, digest_rcvd, 0);
tor_tls_block_renegotiation(conn->tls);
rep_hist_note_negotiated_link_proto(1, started_here);
return connection_or_set_state_open(conn);
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits