[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Possible fix needs testing [was Re: Problem with 'tor' and/or 'openssl 0.9.8k-7ubuntu8.4']

On Sat, Nov 20, 2010 at 8:47 AM, Gitano <ran6oony7r9deku5@xxxxxxxxxxxxxx> wrote:

This does indeed (as stars noted) look like bug #2204, the one that
makes Tor not work with 0.9.8p or 1.0.0b.  Sebastian and I think we
might have come up with a fix.  I've attached the (tiny) patch that
seems to work for us in testing, but which may or may not.  If you
know how to apply patches and build Tor from source, and you are
running into the problem associated with the openssl versions in
question, give it a go and see if it makes stuff better?    It should
work cleanly on 0.2.1, 0.2.2, and master.

If you prefer git, this is branch "fix2204" in my public repository.
It's against 0.2.1, but it should also merge cleanly into 0.2.2 or

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 25f21a9..2915f79 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -898,7 +898,7 @@ tor_tls_new(int sock, int isServer)
 #ifdef SSL_set_tlsext_host_name
   /* Browsers use the TLS hostname extension, so we should too. */
-  {
+  if (!isServer) {
     char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
     SSL_set_tlsext_host_name(result->ssl, fake_hostname);