[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #13319 [Tor]: Unhandled OpenSSL errors found
#13319: Unhandled OpenSSL errors found
-------------------------+--------------------------------
Reporter: torland | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version: Tor: 0.2.5.8-rc
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-------------------------+--------------------------------
Comment (by cypherpunks):
Unhandled errors are from failure of `X509_verify` called by
`tor_tls_cert_is_valid`, from another tls context for another connection
even that was already marked for close by
`channel_tls_process_certs_cell`. Errors was handled by `read_to_buf_tls`
because it called often, but could be handled on TLS handshake too.
Openssl error queue unique for thread, but not for context.
To fix this situation in general we need:
1. Handle TLS errors after `X509_verify` and another possible friends.
2. To check if call of `tls_log_errors` need at the end of tls functions,
in the name of
{{{
/* This should never get invoked, but let's make sure in case OpenSSL
* acts unexpectedly. */
}}}
3. To check if every TLS IO operation protected by `check_no_tls_errors`.
as example `tor_tls_renegotiate` need such check for sure.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13319#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs