[tor-bugs] #4591 [Tor Relay]: Don't set SSL_MODE_NO_AUTO_CHAIN during renegotiation.
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Nov 28 03:31:38 UTC 2011
#4591: Don't set SSL_MODE_NO_AUTO_CHAIN during renegotiation.
-----------------------+----------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
If during the renegotiation's ClientHello a client passes:
{{{
if (tor_tls_client_is_using_v2_ciphers(ssl, ADDR(tls))) {
}}}
in `tor_tls_server_info_callback()` (or `tor_tls_got_client_hello()` in
`master`), we don't send a full certificate chain to the client.
The above `if` statement should only be examined during the initial SSL
handshake.
There was already a
{{{
/*XXXX_TLS keep this from happening more than once! */
}}}
comment that never got implemented.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4591>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list