[or-cvs] Cipher lists need to be colon separated. Also make initial...

[Nick Mathewson]

Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/tmp/cvs-serv31539/src/common

Modified Files:
	crypto.c tortls.c 
Log Message:
Cipher lists need to be colon separated.  Also make initialization more bulletproof

Index: crypto.c
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- crypto.c	11 Sep 2003 21:12:39 -0000	1.33
+++ crypto.c	15 Sep 2003 19:38:52 -0000	1.34
@@ -108,9 +108,14 @@
     }
 }
 
+static int _crypto_global_initialized = 0;
+
 int crypto_global_init() 
 {
-  ERR_load_crypto_strings();
+  if (!_crypto_global_initialized) {
+      ERR_load_crypto_strings();
+      _crypto_global_initialized = 1;
+  }
   return 0;
 }
 

Index: tortls.c
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- tortls.c	15 Sep 2003 18:37:49 -0000	1.11
+++ tortls.c	15 Sep 2003 19:38:52 -0000	1.12
@@ -46,10 +46,10 @@
 crypto_pk_env_t *_crypto_new_pk_env_rsa(RSA *rsa);
 
 static void
-tls_log_error(int severity, const char *doing, int err)
+tls_log_error(int severity, const char *doing)
 {
-  const char *msg = (const char*)ERR_reason_error_string(err);
-  if (!err) msg = "(null)";
+  const char *msg = (const char*)ERR_reason_error_string(ERR_get_error());
+  if (!msg) msg = "(null)";
   if (doing) {
     log(severity, "TLS error while %s: %s", doing, msg);
   } else {
@@ -71,14 +71,14 @@
       return TOR_TLS_WANTWRITE;
     case SSL_ERROR_SYSCALL:
       /* This is oververbose XXX */
-      tls_log_error(severity, doing, err);
+      tls_log_error(severity, doing);
       return extra ? _TOR_TLS_SYSCALL : TOR_TLS_ERROR;
     case SSL_ERROR_ZERO_RETURN:
       /* This is oververbose XXX */
-      tls_log_error(severity, doing, err);
+      tls_log_error(severity, doing);
       return extra ? _TOR_TLS_ZERORETURN : TOR_TLS_ERROR;
     default:
-      tls_log_error(severity, doing, err);
+      tls_log_error(severity, doing);
       return TOR_TLS_ERROR;
   }
 }
@@ -87,7 +87,9 @@
 tor_tls_init() {
   if (!tls_library_is_initialized) {
     SSL_library_init();
+    SSL_load_error_strings();
     crypto_global_init();
+    OpenSSL_add_all_algorithms();
     tls_library_is_initialized = 1;
   }
 }
@@ -155,7 +157,7 @@
     goto error;
   if (!(PEM_write_bio_X509(out, x509)))
     goto error;
-  
+
   r = 0;
   goto done;
  error:
@@ -181,7 +183,7 @@
 /* Some people are running OpenSSL before 0.9.7, but we aren't.  
  * We can support AES and 3DES.
  */
-#define CIPHER_LIST (TLS1_TXT_DHE_RSA_WITH_AES_128_SHA \
+#define CIPHER_LIST (TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" \
 		     SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
 #else
 /* We're running OpenSSL before 0.9.7. We only support 3DES. */
@@ -354,7 +356,7 @@
   }
   return r;
 }
-
+  
 /* Shut down an open tls connection 'tls'.  When finished, returns
  * TOR_TLS_DONE.  On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD,
  * or TOR_TLS_WANTWRITE.