tlsdate, branch tlsdate-0.0.3 Learn the current time from a remote TLS server bump version to 0.0.3; update macros to make this a single line change 2012-11-05T22:52:50+00:00 Jacob Appelbaum jacob@appelbaum.net 2012-11-05T22:52:50+00:00 6cc59a7e1103bedafa504bcecb2f3002b130872e 






Update HACKING to reflect desire for unsigned values over signed values
2012-11-05T22:40:31+00:00

Jacob Appelbaum
jacob@appelbaum.net

2012-11-05T22:40:31+00:00

1c064abbe8400e911920444dce50a46817c52364












We now have a local time cache and tlsdated reads it properly
2012-11-05T22:36:57+00:00

Jacob Appelbaum
jacob@appelbaum.net

2012-11-05T22:36:57+00:00

f23084631334dff16baf97b48021ca9f9fdec949












We have a proxy mode now and it is Tor safe
2012-11-05T22:36:19+00:00

Jacob Appelbaum
jacob@appelbaum.net

2012-11-05T22:36:19+00:00

780638ac985ede3452701287409bb917454a87be












Update TODO to include wish for PolarSSL support
2012-11-05T22:35:44+00:00

Jacob Appelbaum
jacob@appelbaum.net

2012-11-05T22:35:44+00:00

bfc1813a8ac03edb99cccfb4de0b613362bfaae1












Update README to include information about tlsdated
2012-11-05T22:35:08+00:00

Jacob Appelbaum
jacob@appelbaum.net

2012-11-05T22:35:08+00:00

b1e5e8ba74110d9ee82c78509454760d3f8f4b75












Add TODO items that we hope make it into 0.0.4
2012-11-05T22:27:48+00:00

Jacob Appelbaum
jacob@appelbaum.net

2012-11-05T22:27:48+00:00

716bb618a7ed7669300c6387e2ccd248ea0c7132












Merge pull request #30 from elly/proxy-fix
2012-11-05T22:15:01+00:00

Jacob Appelbaum
jacob@appelbaum.net

2012-11-05T22:15:01+00:00

944581cd83ea653e408cb561d94e475edbef38e1

proxy-bio fixes




proxy-bio fixes






proxy-bio: Fix up buffer length handling logic.
2012-11-05T21:50:13+00:00

Elly Fong-Jones
ellyjones@google.com

2012-11-05T21:50:13+00:00

a9e52fe816b570da68138394c4884c7db7171580

The buffer length was being badly mishandled such that if the returned hostname
was 254 bytes long, we'd repeatedly read zero bytes and get stuck in an endless
loop. There were also a bunch of places that would accept short reads/writes
during protocol negotiation which have now been changed to only accept exact
lengths.

Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>





The buffer length was being badly mishandled such that if the returned hostname
was 254 bytes long, we'd repeatedly read zero bytes and get stuck in an endless
loop. There were also a bunch of places that would accept short reads/writes
during protocol negotiation which have now been changed to only accept exact
lengths.

Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>







proxy-bio fixes
2012-11-02T17:53:47+00:00

Elly Fong-Jones
ellyjones@google.com

2012-11-02T17:53:47+00:00

547f808ad83d57c3f42bd8ded6ba520fa998fc60

1. Send the Host header with HTTP CONNECT, as it is required by RFC 2616,
section 14.23:

   A client MUST include a Host header field in all HTTP/1.1 request
   messages . If the requested URI does not include an Internet host
   name for the service being requested, then the Host header field MUST
   be given with an empty value. An HTTP/1.1 proxy MUST ensure that any
   request message it forwards does contain an appropriate Host header
   field that identifies the service being requested by the proxy. All
   Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request)
   status code to any HTTP/1.1 request message which lacks a Host header
   field.

2. Drain the response buffer for SOCKS5 connections even if the hostname is too
long for us to store (i.e., is longer than NI_MAXHOST); this could happen if
NI_MAXHOST < 255, but I believe there are no systems on which this is true in
practice.

3. Use unsigned buffers in SOCKS4/SOCKS5 code to save on casts to/from unsigned.

4. Return an int from BIO_proxy_set_host() so we can signal malloc failures to
the caller.

Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>





1. Send the Host header with HTTP CONNECT, as it is required by RFC 2616,
section 14.23:

   A client MUST include a Host header field in all HTTP/1.1 request
   messages . If the requested URI does not include an Internet host
   name for the service being requested, then the Host header field MUST
   be given with an empty value. An HTTP/1.1 proxy MUST ensure that any
   request message it forwards does contain an appropriate Host header
   field that identifies the service being requested by the proxy. All
   Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request)
   status code to any HTTP/1.1 request message which lacks a Host header
   field.

2. Drain the response buffer for SOCKS5 connections even if the hostname is too
long for us to store (i.e., is longer than NI_MAXHOST); this could happen if
NI_MAXHOST < 255, but I believe there are no systems on which this is true in
practice.

3. Use unsigned buffers in SOCKS4/SOCKS5 code to save on casts to/from unsigned.

4. Return an int from BIO_proxy_set_host() so we can signal malloc failures to
the caller.

Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>