Skip to content
  1. Jul 16, 2018
  2. Mar 21, 2018
  3. Mar 07, 2018
  4. Feb 16, 2018
    • David Fifield's avatar
      Update programVersion = "0.29". · d0c35232
      David Fifield authored
      0.29
      d0c35232
    • David Fifield's avatar
      Have meek-client-torbrowser give meek-client a stdin that doesn't close. · a47e634f
      David Fifield authored
      https://bugs.torproject.org/24642
      
      Running meek-client-torbrowser with the environment variable
      TOR_PT_EXIT_ON_STDIN_CLOSE=1 would cause meek-client to exit
      immediately, as it sensed that its stdin was closed.
      meek-client-torbrowser was running the meek-client subprocess with a nil
      Stdin, which causes its stdin to be /dev/null (or NUL on Windows), which
      returns an immediate EOF. So instead, give meek-client an StdinPipe and
      just keep it open. (We could alternatively keep track of it and close it
      when necessary, but that would take further refactoring.)
      
      The commit where things would have first broken was
      0ec986eb (part of tag 0.28), which
      added TOR_PT_EXIT_ON_STDIN_CLOSE awareness to meek-client. But it was
      not meek-client's fault.
      
      This bug did not affect any releases of Tor Browser, despite that on
      Windows we unconditionally set TOR_PT_EXIT_ON_STDIN_CLOSE=1 via
      terminateprocess-buffer, because Tor Browser is still using tag 0.25,
      which doesn't have the TOR_PT_EXIT_ON_STDIN_CLOSE change in meek-client.
      a47e634f
  5. Jan 11, 2018
    • David Fifield's avatar
      Show an error when missing a meek-client command line. · dcfbef8d
      David Fifield authored
      Running meek-client-torbrowser without arguments would panic as it tried
      to index the nonexistent arguments.
      
      2018/01/11 21:02:07 running firefox command ["firefox" "--invisible" "-no-remote" "-profile" "TorBrowser/Data/Browser/profile.meek-http-helper"]
      2018/01/11 21:02:07 firefox started with pid 23721
      2018/01/11 21:02:08 killing PID 23721
      panic: runtime error: index out of range
      
      goroutine 1 [running]:
      panic(0x4e95a0, 0xc42000a110)
              /usr/lib/go-1.7/src/runtime/panic.go:500 +0x1a1
      main.runMeekClient(0xc420010589, 0xf, 0xc42000a2c0, 0x0, 0x0, 0x0, 0x10, 0xc42000e440)
              meek-client-torbrowser.go:267 +0x416
      main.main()
              meek-client-torbrowser.go:354 +0x3d2
      dcfbef8d
  6. Oct 01, 2017
  7. Sep 27, 2017
    • David Fifield's avatar
      Allow --port to set port 443 with --acme-hostnames. · 83daf8ad
      David Fifield authored
      --port is meant to override TOR_PT_SERVER_BINDADDR, but it was not
      overriding in the check for the presence of a bindaddr on port 443.
      
      SMETHOD-ERROR meek The --acme-hostnames option requires one of the bindaddrs to be on port 443.
      83daf8ad
  8. Sep 16, 2017
  9. Jul 26, 2017
  10. Jul 15, 2017
  11. Jun 29, 2017
  12. Apr 23, 2017
    • David Fifield's avatar
      Regen man pages. · 45132061
      David Fifield authored
      0.27
      45132061
    • David Fifield's avatar
      Update programVersion = "0.27". · 5bdd128a
      David Fifield authored
      5bdd128a
    • David Fifield's avatar
      Wait briefly after calling ListenAndServe{TLS} to see if it errors. · e3f3054f
      David Fifield authored
      An unfortunate effect of using net/http ListenAndServe and
      ListenAndServeTLS is that you don't get early errors like "permission
      denied" and "address already in use"--they happen later which means they
      appear only in the meek-server log, not in the tor log. Here we apply a
      hack to hold on for a fraction of a second to see if the call errors,
      hopefully long enough to catch most of such errors.
      e3f3054f
    • David Fifield's avatar
      Use ListenAndServe{TLS} rather than separate Listen and Serve. · cea86c93
      David Fifield authored
      The net/http package provides ListenAndServe and ListenAndServeTLS
      functions, but it doesn't provide a way to set up a listener without
      also entering an infinite serve loop. This matters for
      ListenAndServeTLS, which sets up a lot of magic behind the scenes for
      TLS and HTTP/2 support. Formerly, we had copy-pasted code from
      ListenAndServeTLS, but that code has only gotten more complicated in
      upstream net/http.
      
      The price we pay for this is that it's no longer possible for a server
      bindaddr to ask to listen on port 0 (i.e., a random ephemeral port).
      That's because we never get a change to find out what the listening
      address is, before entering the serve loop.
      
      What we gain is HTTP/2 support; formerly our copy-pasted code had the
      side effect of disabling HTTP/2, because it was copied from an older
      version and did things like
      	config.NextProtos = []string{"http/1.1"}
      
      The new code calls http2.ConfigureServer first, but that's not what's
      providing HTTP/2 support. HTTP/2 support happens by default. The reason
      we call http2.ConfigureServer is because we need to set
      TLSConfig.GetCertificate, and http2.ConfigureServer is a convenient way
      to initialize TLSConfig in a way that is guaranteed to work with HTTP/2.
      cea86c93
  13. Apr 20, 2017
  14. Apr 12, 2017
  15. Apr 11, 2017
  16. Mar 31, 2017
  17. Mar 22, 2017
  18. Mar 20, 2017
  19. Mar 15, 2017