openssl fixes

New Stable released, Tor 0.2.1.21

Tor 0.2.1.21 fixes an incompatibility with the most recent OpenSSL
library. If you use Tor on Linux / Unix and you're getting SSL
renegotiation errors, upgrading should help. We also recommend an
upgrade if you're an exit relay.

https://www.torproject.org/easy-download

Changes in version 0.2.1.21 - 2009-12-21
Major bugfixes:

  • Work around a security feature in OpenSSL 0.9.8l that prevents our
    handshake from working unless we explicitly tell OpenSSL that we
    are using SSL renegotiation safely. We are, of course, but OpenSSL
    0.9.8l won't work unless we say we are.
  • Avoid crashing if the client is trying to upload many bytes and the
    circuit gets torn down at the same time, or if the flip side
    happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.

Minor bugfixes: read more »

  • Do not refuse to learn about authority certs and v2 networkstatus

Tor Browser Bundle 1.2.10 Released

On November 20, we released an updated Tor Browser Bundle, version 1.2.10, which includes:

  • updated Vidalia to 0.2.6
  • updated Pidgin to 2.6.3
  • updated Tor to 0.2.1.20
  • updated Firefox to 3.0.15
  • updated OpenSSL to 0.9.8l
  • updated libevent to 1.4.13

You can download the updated version at https://www.torproject.org/torbrowser/

Tor Browser Bundle 1.2.8 released

Tor Browser Bundle 1.2.8 is released. The big changes are the inclusion of statically linked openssl dlls to resolve a few geoip lookup and functionality issues with Vidalia, and the upgrade to the new Vidalia 0.2.2.

Available at https://torproject.org/torbrowser

The full list of updates and fixes:

  • update Torbutton to 1.2.2
  • update Vidalia to 0.2.2
  • compile OpenSSL 0.9.8k with Visual C to make dlls
  • update Pidgin to 2.6.1

Testing Tor Browser Bundle 1.2.7-dev

I've updated the Tor Browser Bundle with torbutton 1.2.2, the new Vidalia 0.2.2, and openssl 0.9.8k compiled with Microsoft Visual C to handle ssl compatibility issues with various versions of Windows.

If this works, it will be the new Tor Browser Bundle 1.2.8. Please test away.

The full list of changes:

  • update Torbutton to 1.2.2
  • update Vidalia to 0.2.2
  • compile OpenSSL 0.9.8k with Visual C to make dlls

There is an issue for some people using a clean Windows XP, Vista, 7 which would either require we ship the Visual C redistributable package, or compile OpenSSL ourselves with Visual C. The symptoms were the "find bridges now" button didn't appear in Vidalia 0.2.x, and the relays would never get flags. A few people posted comments to this blog about lacking flags and geoip information with TBB. read more »

Vidalia 0.2.2 Released

Vidalia 0.2.2 is released. It addresses an issue with openssl which causes the geoip lookups to fail on various versions of Windows. It also switches from the Nullsoft Installer to the Microsoft System Installer for better compatibility with Microsoft Windows.

There are now separate Apple OS X builds, one for PowerPC architectures and one for i386 architectures. No more Universal binary bloat to download.

The changes are: read more »

  • When the user clicks "Browse" in the Advanced settings page to locate
    a new torrc, set the initial directory shown in the file dialog to the
    current location of the user's torrc. (Ticket #505)
  • Use 'ditto' to strip the architectures we don't want from the Qt
    frameworks installed into the app bundle with the dist-osx,
    dist-osx-bundle and dist-osx-split-bundle build targets.
  • Fix a bug in the CMakeLists.txt files for ts2po and po2ts that caused
    build errors on Panther for those two tools.
Syndicate content