[tor-bugs] #4591 [Tor Relay]: Don't set SSL_MODE_NO_AUTO_CHAIN during renegotiation.
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon May 7 21:45:07 UTC 2012
#4591: Don't set SSL_MODE_NO_AUTO_CHAIN during renegotiation.
-----------------------------+----------------------------------------------
Reporter: asn | Owner: nickm
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Relay | Version:
Keywords: tls correctness | Parent:
Points: | Actualpoints:
-----------------------------+----------------------------------------------
Comment(by asn):
I tested this by connecting to a relay with OpenSSL `s_client`, requesting
renegotiation and checking the length of the `Certificate` record. The
certificate record on the first handshake is 600 bytes (or so) smaller
than the certificate on the renegotiation handshake (since during
renegotiation the bridge sends two certificates in the `Certificate`
record). It seems to fix the bug.
The patch looks OK too.
The OpenSSL command I used is:
{{{
openssl s_client -cert ./example.pem -tls1 -msg -showcerts -connect
localhost:6666
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4591#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list