[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Possible fix needs testing [was Re: Problem with 'tor 0.2.2.18-alpha-1~lucid+1' and/or 'openssl 0.9.8k-7ubuntu8.4']
- To: or-talk@xxxxxxxxxxxxx
- Subject: Possible fix needs testing [was Re: Problem with 'tor 0.2.2.18-alpha-1~lucid+1' and/or 'openssl 0.9.8k-7ubuntu8.4']
- From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
- Date: Sat, 20 Nov 2010 22:38:23 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sat, 20 Nov 2010 22:38:31 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=NdVktORiMgWGIvq4KRPE3oiux7DAjeuIDSrFruai7rc=; b=evTEoXNiJPaRclVIB3ZWKJQNUEoVZkrqVrTp+skh3UWsaFA4I+xKvwpuXxxeSniVCa 3gj/fqdCguVJt2en28JnFISIlNlXTYgid5u6fIvlY9mXu3itd9R3M8Vkdqct5lccdk77 h64U7yM2lxoK+zuEBh2yJoFxLmJHTxoMwEC0o=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=YUiZID7wboBfjOHP+YoJSdvRj4316oo8D3NxBfqIzG9QHON/JabKmhxXu9/Mlpgzba TXQ8Dv5zoOc4BXddQZTcgdGt0djFlx9Z7tboNOksdafj7FiVsEQxxwWpMxEkho++7CjA Z2M7dSwZQy99CXa4vHuvsdxw/Itn2zyE16j2Y=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Sat, Nov 20, 2010 at 8:47 AM, Gitano <ran6oony7r9deku5@xxxxxxxxxxxxxx> wrote:
This does indeed (as stars noted) look like bug #2204, the one that
makes Tor not work with 0.9.8p or 1.0.0b. Sebastian and I think we
might have come up with a fix. I've attached the (tiny) patch that
seems to work for us in testing, but which may or may not. If you
know how to apply patches and build Tor from source, and you are
running into the problem associated with the openssl versions in
question, give it a go and see if it makes stuff better? It should
work cleanly on 0.2.1, 0.2.2, and master.
If you prefer git, this is branch "fix2204" in my public repository.
It's against 0.2.1, but it should also merge cleanly into 0.2.2 or
mater.
peace,
--
Nick
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 25f21a9..2915f79 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -898,7 +898,7 @@ tor_tls_new(int sock, int isServer)
#ifdef SSL_set_tlsext_host_name
/* Browsers use the TLS hostname extension, so we should too. */
- {
+ if (!isServer) {
char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
SSL_set_tlsext_host_name(result->ssl, fake_hostname);
tor_free(fake_hostname);