r13988@catbus: nickm | 2007-07-29 16:32:36 -0400

 Cheesy attempt to break some censorware.  Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them.

svn:r10975

diff --git a/ChangeLog b/ChangeLog
index 82680ea46960119aa1705f03ddad97bc7e9eb4ea..104a07b06017f409abc02be8863fe38113ee426d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,10 @@ Changes in version 0.2.0.3-alpha - 2007-07-29
     - Directory authorities now never mark more than 3 servers per IP as
       Valid and Running.  (Implements proposal 109, by Kevin Bauer and
       Damon McCoy.)
+    - Minor change to organizationName and commonName generation procedures
+      in certificates, to invalidate some earlier censorware approaches.
+      This is not a long-term solution, but applying it will give us a bit of
+      time to look into the epidemiology of countermeasures as they spread.
 
   o Major bugfixes (directory):
     - Rewrite directory tokenization code to never run off the end of

diff --git a/src/common/tortls.c b/src/common/tortls.c
index f56ce10bab36860db0d52af10af98d259b4064a2..de39969d548f7881c5072203ce9f8360dc4022fc 100644 (file)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -274,7 +274,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
   if ((nid = OBJ_txt2nid("organizationName")) == NID_undef)
     goto error;
   if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
-                                   (unsigned char*)"Tor", -1, -1, 0)))
+                                   (unsigned char*)"t o r", -1, -1, 0)))
     goto error;
   if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
   if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
@@ -288,7 +288,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
   if ((nid = OBJ_txt2nid("organizationName")) == NID_undef)
     goto error;
   if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC,
-                                   (unsigned char*)"Tor", -1, -1, 0)))
+                                   (unsigned char*)"t o r", -1, -1, 0)))
     goto error;
   if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
   if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC,
@@ -361,7 +361,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname,
   char nn2[128];
   if (!nickname)
     nickname = "null";
-  tor_snprintf(nn2, sizeof(nn2), "%s <identity>", nickname);
+  tor_snprintf(nn2, sizeof(nn2), "%s <signing>", nickname);
 
   tor_tls_init();