Possible fix needs testing [was Re: Problem with 'tor 0.2.2.18-alpha-1~lucid+1' and/or 'openssl 0.9.8k-7ubuntu8.4']

[Nick Mathewson]

On Sat, Nov 20, 2010 at 8:47 AM, Gitano <ran6oony7r9deku5 at gmx-topmail.de> wrote:

This does indeed (as stars noted) look like bug #2204, the one that
makes Tor not work with 0.9.8p or 1.0.0b.  Sebastian and I think we
might have come up with a fix.  I've attached the (tiny) patch that
seems to work for us in testing, but which may or may not.  If you
know how to apply patches and build Tor from source, and you are
running into the problem associated with the openssl versions in
question, give it a go and see if it makes stuff better?    It should
work cleanly on 0.2.1, 0.2.2, and master.

If you prefer git, this is branch "fix2204" in my public repository.
It's against 0.2.1, but it should also merge cleanly into 0.2.2 or
mater.

peace,
-- 
Nick
-------------- next part --------------
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 25f21a9..2915f79 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -898,7 +898,7 @@ tor_tls_new(int sock, int isServer)
 
 #ifdef SSL_set_tlsext_host_name
   /* Browsers use the TLS hostname extension, so we should too. */
-  {
+  if (!isServer) {
     char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
     SSL_set_tlsext_host_name(result->ssl, fake_hostname);
     tor_free(fake_hostname);