[tor-bugs] #4594 [Tor Relay]: tor_tls_state_changed_callback(): detects of ClientHello is too late
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Nov 28 06:55:35 UTC 2011
#4594: tor_tls_state_changed_callback(): detects of ClientHello is too late
-----------------------+----------------------------------------------------
Reporter: troll_un | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Relay | Version: Tor: 0.2.3.8-alpha
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
It's a git master 58d1aa4 with #4312 fixes.
{{{
if (type == SSL_CB_ACCEPT_LOOP &&
ssl->state == SSL3_ST_SW_SRVR_HELLO_A) {
/* Call tor_tls_got_client_hello() for every SSL ClientHello we
receive. */
}}}
As OpenSSL's code says, such conditions happens not after ClientHello
recved. It happens already when serverhello sent. It's too late for
accurate counting cleinthello with limit renegs.
Server shouldn't say hello if doesn't want a new clienthello.
Correct states for such case is
SSL3_ST_SR_CLNT_HELLO_A || SSL3_ST_SR_CLNT_HELLO_B ||
SSL3_ST_SR_CLNT_HELLO_C (reason is non blocking io)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4594>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list