Opened 9 years ago

Closed 9 years ago

Last modified 7 years ago

#1190 closed defect (fixed)

Renegotiation bug still present on OpenBSD 4.6 stable

Reported by: nixmlists Owned by: nickm
Priority: Low Milestone: Tor: 0.2.2.x-final
Component: Core Tor/Tor Version: 0.2.1.21
Severity: Keywords:
Cc: nixmlists, Sebastian, bsdtechie, arma, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by nickm)

Renegotiation bug still present on OpenBSD 4.6 with
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/004_openssl.patch applied.

Results in the supposedly fixed TLS renegotiation errors in .21, and prevents it from working. Works without the patch, but that
leaves the whole system vulnerable.

[warn] TLS error: unexpected close while renegotiating

same exact problem with 0.2.2.6-alpha

OpenBSD 4.6 ships with OpenSSL 0.9.8k

What is the work-around?

[Automatically added by flyspray2trac: Operating System: Other]

Child Tickets

Change History (6)

comment:1 Changed 9 years ago by arma

Does openbsd still ship with a crippled openssl?

Do the newer Tor builds build better? Or do you need to use your
own openssl on openbsd now since they removed critical functionality?

See also bug 1225.

comment:2 Changed 9 years ago by nickm

I think the newer Tor alphas handle this properly; somebody should fire up an OpenBSD to confirm.

comment:3 Changed 9 years ago by nickm

Description: modified (diff)
Milestone: Tor: 0.2.2.x-final
Owner: set to nickm
Status: newassigned

comment:4 Changed 9 years ago by nickm

Resolution: Nonefixed
Status: assignedclosed

There seem to be several openbsd Tor nodes running happily. Since nobody has confirmed this (or talked to us at all about it) in the last 5 months, I think we can call this fixed.

[I tried to confirm/disconfirm myself, but trying to update my openbsd vm was a very 1990s experience that ultimately ended in partition-full errors.]

comment:5 Changed 9 years ago by nickm

(Tas has just confirmed:

01:37 < Tas> nickm: as far as I can tell the patch fixed it all

)

comment:6 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.