From 00c74f0956d20e15e73b356f36f754813233dd17 Mon Sep 17 00:00:00 2001
From: csoler <csoler@users.sourceforge.net>
Date: Wed, 4 Dec 2019 22:24:11 +0100
Subject: [PATCH] moved rsevent for incomplete cert info to the right place so
 that it does not trigger when a connection from a non friend is denied

---
 libretroshare/src/pqi/authssl.cc        | 14 +++++++-------
 libretroshare/src/pqi/pqissllistener.cc | 19 +++++++++----------
 2 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc
index 397fdddea..f9815d76c 100644
--- a/libretroshare/src/pqi/authssl.cc
+++ b/libretroshare/src/pqi/authssl.cc
@@ -1186,13 +1186,13 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 
 		RsErr() << __PRETTY_FUNCTION__ << " " << errMsg << std::endl;
 
-		if(rsEvents)
-		{
-			ev->mErrorMsg = errMsg;
-			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::NO_CERTIFICATE_SUPPLIED;
-
-			rsEvents->postEvent(std::move(ev));
-		}
+//		if(rsEvents)
+//		{
+//			ev->mErrorMsg = errMsg;
+//			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::NO_CERTIFICATE_SUPPLIED;
+//
+//			rsEvents->postEvent(std::move(ev));
+//		}
 
 		return verificationFailed;
 	}
diff --git a/libretroshare/src/pqi/pqissllistener.cc b/libretroshare/src/pqi/pqissllistener.cc
index afd12ccbd..84fdd3dcb 100644
--- a/libretroshare/src/pqi/pqissllistener.cc
+++ b/libretroshare/src/pqi/pqissllistener.cc
@@ -486,23 +486,24 @@ int	pqissllistenbase::continueSSL(IncomingSSLInfo& incoming_connexion_info, bool
 			break;
 		}
 
-		if(rsEvents)
+		pqioutput(PQL_WARNING, pqissllistenzone, "Read Error on the SSL Socket\nShutting it down!");
+
+        // We use SSL_get_verify_result() in order to differentiate two cases:
+        //   case 1: the incoming connection is closed because the peer is not a friend. This is already handled in authssl.
+        //   case 2: the incoming connection is closed because no authentication info is available, in which case it returns X509_V_OK
+        auto vres = SSL_get_verify_result(incoming_connexion_info.ssl);
+
+		if(vres == X509_V_OK && nullptr != rsEvents)
 		{
 			auto ev = std::unique_ptr<RsAuthSslConnectionAutenticationEvent>(new RsAuthSslConnectionAutenticationEvent);
 
-			ev->mSslId = incoming_connexion_info.sslid;
-			ev->mPgpId = incoming_connexion_info.gpgid;
-			ev->mSslCn = incoming_connexion_info.sslcn;
 			ev->mLocator = RsUrl(incoming_connexion_info.addr);
 			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::MISSING_AUTHENTICATION_INFO;
 
 			rsEvents->postEvent(std::move(ev));
 		}
-
 		closeConnection(fd, incoming_connexion_info.ssl) ;
 
-		pqioutput(PQL_WARNING, pqissllistenzone, "Read Error on the SSL Socket\nShutting it down!");
-
 		// failure -1, pending 0, sucess 1.
 		return -1;
     }
@@ -524,17 +525,15 @@ int	pqissllistenbase::continueSSL(IncomingSSLInfo& incoming_connexion_info, bool
         std::cerr << "  Got SSL CN = " << incoming_connexion_info.sslcn << std::endl;
 #endif
     }
+
 #ifdef DEBUG_LISTENNER
     else
         std::cerr << "  no info." << std::endl;
 #endif
 
-
 	// if it succeeds
 	if (0 < completeConnection(fd, incoming_connexion_info))
-	{
 		return 1;
-	}
 
 	/* else we shut it down! */
   	pqioutput(PQL_WARNING, pqissllistenzone,