[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r10975: Cheesy attempt to break some censorware. Not a long-term fix (in tor/trunk: . src/common)



Author: nickm
Date: 2007-07-29 19:11:42 -0400 (Sun, 29 Jul 2007)
New Revision: 10975

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/common/tortls.c
Log:
 r13988@catbus:  nickm | 2007-07-29 16:32:36 -0400
 Cheesy attempt to break some censorware.  Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r13988] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-07-29 22:13:44 UTC (rev 10974)
+++ tor/trunk/ChangeLog	2007-07-29 23:11:42 UTC (rev 10975)
@@ -18,6 +18,10 @@
     - Directory authorities now never mark more than 3 servers per IP as
       Valid and Running.  (Implements proposal 109, by Kevin Bauer and
       Damon McCoy.)
+    - Minor change to organizationName and commonName generation procedures
+      in certificates, to invalidate some earlier censorware approaches.
+      This is not a long-term solution, but applying it will give us a bit of
+      time to look into the epidemiology of countermeasures as they spread.
 
   o Major bugfixes (directory):
     - Rewrite directory tokenization code to never run off the end of

Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c	2007-07-29 22:13:44 UTC (rev 10974)
+++ tor/trunk/src/common/tortls.c	2007-07-29 23:11:42 UTC (rev 10975)
@@ -274,7 +274,7 @@
   if ((nid = OBJ_txt2nid("organizationName")) == NID_undef)
     goto error;
   if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
-                                   (unsigned char*)"Tor", -1, -1, 0)))
+                                   (unsigned char*)"t o r", -1, -1, 0)))
     goto error;
   if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
   if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
@@ -288,7 +288,7 @@
   if ((nid = OBJ_txt2nid("organizationName")) == NID_undef)
     goto error;
   if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC,
-                                   (unsigned char*)"Tor", -1, -1, 0)))
+                                   (unsigned char*)"t o r", -1, -1, 0)))
     goto error;
   if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
   if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC,
@@ -361,7 +361,7 @@
   char nn2[128];
   if (!nickname)
     nickname = "null";
-  tor_snprintf(nn2, sizeof(nn2), "%s <identity>", nickname);
+  tor_snprintf(nn2, sizeof(nn2), "%s <signing>", nickname);
 
   tor_tls_init();