David Goulet [Thu, 2 Oct 2025 17:43:34 +0000 (13:43 -0400)]
ci: Pin TPA runners for now
For unknown reasons, the non TPA runners lead to this failure:
slow/process/callbacks:
FAIL ../../src/test/test_process_slow.c:157: assert(timer_tick_count OP_LT 10): 10 vs 10
FAIL ../../src/test/test_process_slow.c:188: assert(ret OP_EQ 0): -1 vs 0
FAIL ../../src/test/test_process_slow.c:240: assert(smartlist_len(process_data->stdout_data) OP_EQ 12): 0 vs 12
[callbacks FAILED]
slow/process/nonexistent_executable: Sep 30 13:29:58.340 [err] tor_assertion_failed_(): Bug: ../../src/core/mainloop/mainloop.c:750: shutdown_did_not_work_callback: Assertion line should be unreached failed; aborting. (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: Tor 0.4.8.18-dev: Assertion line should be unreached failed in shutdown_did_not_work_callback at ../../src/core/mainloop/mainloop.c:750: . Stack trace: (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(log_backtrace_impl+0x57) [0x5648f4b4fef7] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(tor_assertion_failed_+0x147) [0x5648f4b5d837] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(+0x1b3676) [0x5648f4b0b676] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: /lib/x86_64-linux-gnu/libevent-2.1.so.7(+0x21482) [0x7f75a879c482] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: /lib/x86_64-linux-gnu/libevent-2.1.so.7(event_base_loop+0x49f) [0x7f75a879cc1f] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(+0x1b4024) [0x5648f4b0c024] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(run_main_loop_until_done+0x35) [0x5648f4b0fa45] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(+0x81d3d) [0x5648f49d9d3d] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(+0x82237) [0x5648f49da237] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(+0x9aeb4) [0x5648f49f2eb4] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(testcase_run_one+0x72) [0x5648f49f2f82] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(tinytest_main+0x104) [0x5648f49f3814] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(main+0x493) [0x5648f49d32c3] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: /lib/x86_64-linux-gnu/libc.so.6(+0x2724a) [0x7f75a803724a] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x85) [0x7f75a8037305] (on Tor 0.4.8.18-dev )
Sep 30 13:29:58.341 [err] Bug: ./src/test/test-slow(_start+0x21) [0x5648f49d33e1] (on Tor 0.4.8.18-dev )
It is unclear why this is being triggered only on 0.4.8 and non TPA runners
(not happening on main) thus for now pin the runners until we either figure
this one out or deprecate 0.4.8
Signed-off-by: David Goulet <dgoulet@torproject.org>
Nick Mathewson [Tue, 23 Sep 2025 15:44:28 +0000 (11:44 -0400)]
Bulletproof the "get_mozilla_ciphers" script
Reviewers have noted that the script's logic treats all "enabled"
flags in StaticPrefList.yaml (other than an explicit False) as True.
That's not so great, since the flag can also be a string, and we
don't necessarily want to treat all strings as meaning that a
ciphersuite is enabled. (Although we do in fact want to treat
the only string used in _current_ firefox git main that way.)
This change has no effect on the generated ciphers.inc.
I don't think any other entries use "Default" lke this, and the repetition
seems pointless. The historical context was broken off to keep the "main" part
short and tidy.
practracker: codecs.open -> io.open for python 3.14
codecs.open is now deprecated: https://docs.python.org/3.14/whatsnew/3.14.html.
it prints a DeprecationWarning which makes tests fail, and may be removed in
the future. io.open works on python 2 and 3
pt_update_bridge_lines() was based on pt_get_extra_info_descriptor_string().
In particular, I copied the behaviour of not printing IPv6 addresses if IPv4 is
present. I'll make both functions use IPv6 in another MR.
That function is called when the IP or key changes. Sadly, I don't remember
how I decided from where exactly to call it (I wrote this ages ago), but it
seems fine?
ValdikSS [Thu, 26 Jun 2025 14:24:28 +0000 (10:24 -0400)]
tls: Set TLSv1.3 ciphers to preserve ciphersuites order
This commit fixes two issues:
1. ciphers.inc has TLSv1.3 ciphers prefixed with "TXT", while current version
has "RFC". TLS1_3_RFC_AES_128_GCM_SHA256 should be instead of
TLS1_3_TXT_AES_128_GCM_SHA256, in both define and CIPHER() macro.
2. Tor calls only SSL_set_cipher_list() in tlstls_openssl.c, this sets only
TLSv1.2 ciphers, while TLSv1.3 ciphers stay in default state. TLSv1.3
ciphersuites are set with SSL_set_ciphersuites(), but the list require to
contain only TLSv1.3 suites (no v1.2).
Contrary to SSL_set_cipher_list(), TLSv1.3 SSL_set_ciphersuites() does NOT
accept finalizing :, so it should be stripped out.
Signed-off-by: David Goulet <dgoulet@torproject.org>
projects / thirdparty / tor.git / log
