Cipher lists need to be colon separated. Also make initialization more bulletproof

svn:r459

diff --git a/src/common/crypto.c b/src/common/crypto.c
index df4822fc41af08d11a7d09161cb0aca3a1a00d16..538f946ae88344bad4dd2524dafced1c568caead 100644 (file)
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -108,9 +108,14 @@ crypto_cipher_evp_cipher(int type, int enc) {
     }
 }
 
+static int _crypto_global_initialized = 0;
+
 int crypto_global_init() 
 {
-  ERR_load_crypto_strings();
+  if (!_crypto_global_initialized) {
+      ERR_load_crypto_strings();
+      _crypto_global_initialized = 1;
+  }
   return 0;
 }
 

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 8155b841a1751894510f3d0becb9ac5f4ee8b644..dbfbe29c0dc162732a3c842c8fa60d91f94f2591 100644 (file)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -46,10 +46,10 @@ EVP_PKEY *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env);
 crypto_pk_env_t *_crypto_new_pk_env_rsa(RSA *rsa);
 
 static void
-tls_log_error(int severity, const char *doing, int err)
+tls_log_error(int severity, const char *doing)
 {
-  const char *msg = (const char*)ERR_reason_error_string(err);
-  if (!err) msg = "(null)";
+  const char *msg = (const char*)ERR_reason_error_string(ERR_get_error());
+  if (!msg) msg = "(null)";
   if (doing) {
     log(severity, "TLS error while %s: %s", doing, msg);
   } else {
@@ -71,14 +71,14 @@ tor_tls_get_error(tor_tls *tls, int r, int extra,
       return TOR_TLS_WANTWRITE;
     case SSL_ERROR_SYSCALL:
       /* This is oververbose XXX */
-      tls_log_error(severity, doing, err);
+      tls_log_error(severity, doing);
       return extra ? _TOR_TLS_SYSCALL : TOR_TLS_ERROR;
     case SSL_ERROR_ZERO_RETURN:
       /* This is oververbose XXX */
-      tls_log_error(severity, doing, err);
+      tls_log_error(severity, doing);
       return extra ? _TOR_TLS_ZERORETURN : TOR_TLS_ERROR;
     default:
-      tls_log_error(severity, doing, err);
+      tls_log_error(severity, doing);
       return TOR_TLS_ERROR;
   }
 }
@@ -87,7 +87,9 @@ static void
 tor_tls_init() {
   if (!tls_library_is_initialized) {
     SSL_library_init();
+    SSL_load_error_strings();
     crypto_global_init();
+    OpenSSL_add_all_algorithms();
     tls_library_is_initialized = 1;
   }
 }
@@ -155,7 +157,7 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname)
     goto error;
   if (!(PEM_write_bio_X509(out, x509)))
     goto error;
-  
+
   r = 0;
   goto done;
  error:
@@ -181,7 +183,7 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname)
 /* Some people are running OpenSSL before 0.9.7, but we aren't.  
  * We can support AES and 3DES.
  */
-#define CIPHER_LIST (TLS1_TXT_DHE_RSA_WITH_AES_128_SHA \
+#define CIPHER_LIST (TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" \
                     SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
 #else
 /* We're running OpenSSL before 0.9.7. We only support 3DES. */
@@ -354,7 +356,7 @@ tor_tls_handshake(tor_tls *tls)
   }
   return r;
 }
-
+  
 /* Shut down an open tls connection 'tls'.  When finished, returns
  * TOR_TLS_DONE.  On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD,
  * or TOR_TLS_WANTWRITE.