Add some points to make it easy to turn off v3 support

diff --git a/src/common/tortls.c b/src/common/tortls.c
index b393bfd4a3c70b7f5d7007d66b1054508f04577d..9a3c02b5b3b6445567b0adf175fbe3c0f475bfb1 100644 (file)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1095,7 +1095,11 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
 
   tor_tls_init();
   nickname = crypto_random_hostname(8, 20, "www.", ".net");
+#ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
+  nn2 = crypto_random_hostname(8, 20, "www.", ".net");
+#else
   nn2 = crypto_random_hostname(8, 20, "www.", ".com");
+#endif
 
   /* Generate short-term RSA key for use with TLS. */
   if (!(rsa = crypto_new_pk_env()))
@@ -2183,6 +2187,10 @@ tor_tls_used_v1_handshake(tor_tls_t *tls)
 static int
 dn_indicates_v3_cert(X509_NAME *name)
 {
+#ifdef DISABLE_V3_LINKPROTO_CLIENTSIDE
+  (void)name;
+  return 0;
+#else
   X509_NAME_ENTRY *entry;
   int n_entries;
   ASN1_OBJECT *obj;
@@ -2206,6 +2214,7 @@ dn_indicates_v3_cert(X509_NAME *name)
   r = fast_memneq(s + len - 4, ".net", 4);
   OPENSSL_free(s);
   return r;
+#endif
 }
 
 /** Return true iff the peer certificate we're received on <b>tls</b>

diff --git a/src/or/command.c b/src/or/command.c
index 738bf35d9cc18a55cabe78bc522b83aa32ed09dd..a51115631864f4601687864502dcf84c1618e42c 100644 (file)
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -689,6 +689,13 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
              send_chall ? " AUTH_CHALLENGE" : "",
              send_netinfo ? " NETINFO" : "");
 
+#ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
+    if (1) {
+      connection_mark_for_close(TO_CONN(conn));
+      return;
+    }
+#endif
+
     if (send_versions) {
       if (connection_or_send_versions(conn, 1) < 0) {
         log_warn(LD_OR, "Couldn't send versions cell");