[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] [tor/master] Do not set the hostname TLS extension server-side; only client-side
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Sat, 20 Nov 2010 22:21:50 -0500
Subject: Do not set the hostname TLS extension server-side; only client-side
Commit: 92a99736fd22564515604aa140b8898befd9858e
This may fix bug 2204, and resolve the incompatibility with openssl
0.9.8p/1.0.0b.
---
changes/fix2204 | 7 +++++++
src/common/tortls.c | 2 +-
2 files changed, 8 insertions(+), 1 deletions(-)
create mode 100644 changes/fix2204
diff --git a/changes/fix2204 b/changes/fix2204
new file mode 100644
index 0000000..fb2771a
--- /dev/null
+++ b/changes/fix2204
@@ -0,0 +1,7 @@
+ o Major bugfixes
+ - Do not set the tlsext_host_name extension on server SSL objects;
+ only on client SSL objects. We set it to immitate a browser, not a
+ vhosting server. This resolves an incompatibility with openssl 0.9.8p
+ and openssl 1.0.0b. Fixes bug 2204; bugfix on 0.2.1.1-alpha.
+
+
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 25f21a9..2915f79 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -898,7 +898,7 @@ tor_tls_new(int sock, int isServer)
#ifdef SSL_set_tlsext_host_name
/* Browsers use the TLS hostname extension, so we should too. */
- {
+ if (!isServer) {
char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
SSL_set_tlsext_host_name(result->ssl, fake_hostname);
tor_free(fake_hostname);
--
1.7.1