commit 8af0cfc10d33186adaa114f215e8fa69af91a84a Author: Nick Mathewson nickm@torproject.org Date: Mon Oct 10 23:12:29 2011 -0400
Add some points to make it easy to turn off v3 support --- src/common/tortls.c | 9 +++++++++ src/or/command.c | 7 +++++++ 2 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/src/common/tortls.c b/src/common/tortls.c index b393bfd..9a3c02b 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1095,7 +1095,11 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
tor_tls_init(); nickname = crypto_random_hostname(8, 20, "www.", ".net"); +#ifdef DISABLE_V3_LINKPROTO_SERVERSIDE + nn2 = crypto_random_hostname(8, 20, "www.", ".net"); +#else nn2 = crypto_random_hostname(8, 20, "www.", ".com"); +#endif
/* Generate short-term RSA key for use with TLS. */ if (!(rsa = crypto_new_pk_env())) @@ -2183,6 +2187,10 @@ tor_tls_used_v1_handshake(tor_tls_t *tls) static int dn_indicates_v3_cert(X509_NAME *name) { +#ifdef DISABLE_V3_LINKPROTO_CLIENTSIDE + (void)name; + return 0; +#else X509_NAME_ENTRY *entry; int n_entries; ASN1_OBJECT *obj; @@ -2206,6 +2214,7 @@ dn_indicates_v3_cert(X509_NAME *name) r = fast_memneq(s + len - 4, ".net", 4); OPENSSL_free(s); return r; +#endif }
/** Return true iff the peer certificate we're received on <b>tls</b> diff --git a/src/or/command.c b/src/or/command.c index 738bf35..a511156 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -689,6 +689,13 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn) send_chall ? " AUTH_CHALLENGE" : "", send_netinfo ? " NETINFO" : "");
+#ifdef DISABLE_V3_LINKPROTO_SERVERSIDE + if (1) { + connection_mark_for_close(TO_CONN(conn)); + return; + } +#endif + if (send_versions) { if (connection_or_send_versions(conn, 1) < 0) { log_warn(LD_OR, "Couldn't send versions cell");