Opened 8 months ago

Last modified 8 months ago

#30252 needs_revision enhancement

Add the tor OpenSSL and NSS versions to the sbws bandwidth file headers

Reported by: teor Owned by:
Priority: Medium Milestone: sbws: 1.2.x-final
Component: Core Tor/sbws Version:
Severity: Normal Keywords:
Cc: juga Actual Points:
Parent ID: #30255 Points:
Reviewer: Sponsor:

Description

See #30196.

Child Tickets

Change History (4)

comment:1 Changed 8 months ago by teor

Parent ID: #30255

comment:2 Changed 8 months ago by teor

Copied from #30196:

juga:

teor:

  • we might be interested in OpenSSL and NSS versions in future, because they have both had different bugs that stop relays connecting to each other

Is there a way to ask this to Tor? GETINFO only returns Tor version.

We can look at Tor's logs, or add a control port GETINFO for the SSL and NSS versions.

Is it possible that python ssl.OPENSSL_VERSION might be different to the one being used by the running Tor?.

They can be different. And we also need to know the NSS version, if Tor is using NSS.

comment:3 Changed 8 months ago by teor

Status: newneeds_revision

Replying to juga:

Reminder to myself: i've implemented the operating system, ssl_version and tor_version in branch https://github.com/juga0/sbws/tree/ticket30196

Here's my review of ssl_version:

  • we need Tor's OpenSSL version, not Python's OpenSSL version
  • we need Tor's NSS version (if it is using NSS). Tor can use OpenSSL and NSS at the same time.
  • you added tor_version in two places, but ssl_version in one place. Please refactor EXTRA_ARG_KEYVALUES and BANDWIDTH_HEADER_KEY_VALUES_INIT so the headers are consistent.
  • please submit a bandwidth-file-spec patch, so the reviewer knows what your code should do
  • does the "chg: v3bwfile: !refactor, obtain headers from state" commit belong in a separate pull request? It's quite large.
  • please submit each feature in a separate pull request

comment:4 Changed 8 months ago by teor

I'm not sure what names to use here.
We could use "nss_version" and "openssl_version".
But if we do, we need to make sure that the OpenSSL version distinguishes between OpenSSL and LibreSSL.

Note: See TracTickets for help on using tickets.