Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-01-27 15:57:08 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

* removed SSL ex_data sharing of sslids in pqissl+authssl.

Browse Source 
This used an unprotected singleton -> bad... Probably killed a lot of connections.
 * removed mConnMgr tests in authssl 
	AuthSSL shouldn't use ConnectMgr. what happened to abstraction / seperation of function???
	This code prevents quick reconnections.

 * Disabled AuthSSL from adding new SSL peers.
	This functionality is important... but should be handled elsewhere (p3connmgr or pqissl)



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@3200 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
drbob 2010-06-24 17:41:34 +00:00
parent a24d833a12
commit 30210cf9ec
4 changed files with 7 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
libretroshare/src/pqi/authssl.cc
View File

@ -50,12 +50,10 @@
/********************************************************************************/ /********************************************************************************/
/********************************************************************************/ /********************************************************************************/
// initialisation du pointeur de singleton à zéro // initialisation du pointeur de singleton à zéro
AuthSSL *AuthSSL::instance_ssl = new AuthSSL(); AuthSSL *AuthSSL::instance_ssl = new AuthSSL();
// initialisation du pointeur de ex data du ssl context
int AuthSSL::ex_data_ctx_index = 0;
sslcert::sslcert(X509 *x509, std::string pid) sslcert::sslcert(X509 *x509, std::string pid)
{ {
@ -2049,57 +2047,6 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
std::string certId; std::string certId;
getX509id(X509_STORE_CTX_get_current_cert(ctx), certId); getX509id(X509_STORE_CTX_get_current_cert(ctx), certId);
if(certId == mConnMgr->getOwnId())
return false ;
if (!mConnMgr->isFriend(certId)) {
//we've got a new ssl id
preverify_ok = false;
mConnMgr->addFriend(certId, getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer));
}
//is the connection was initiated by us, then it was for a specific peer id wich is stored is in the context
//check that the peerid in the context is the same as the cert one
SSL *ssl = (SSL*) X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
if (SSL_get_ex_data(ssl, AuthSSL::ex_data_ctx_index)) {
char *peer_id_in_context = (char*) SSL_get_ex_data(ssl, AuthSSL::ex_data_ctx_index);
if (std::string(certId.c_str()) != std::string(peer_id_in_context)) {
//the connection was asked for a given peer and get connected to another peer
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "AuthSSL::VerifyX509Callback peer id in context not the same as cert, aborting connection.\n");
#endif
preverify_ok = false;
//tranfer the ip address to the new peer
peerConnectState detail;
if (mConnMgr->getFriendNetStatus(peer_id_in_context, detail)) {
//transfer ips only if the two peers got the same gpg key
if (detail.gpg_id == getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer)) {
mConnMgr->updateAddressList(certId, detail.getIpAddressList());
}
}
} else {
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "AuthSSL::VerifyX509Callback peer id in context is the same as cert, continung connection.\n");
#endif
}
}
//set location
mConnMgr->setLocation(certId, getX509LocString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->subject));
//Check if peer isn't already connected
peerConnectState detail;
if (mConnMgr->getFriendNetStatus(certId, detail)) {
if (detail.state & RS_PEER_CONNECTED && !(detail.connecttype & RS_NET_CONN_TUNNEL)) {
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "AuthSSL::VerifyX509Callback this peer is already connected, refuse a new connection.\n");
#endif
preverify_ok = false;
}
}
} }
#ifdef AUTHSSL_DEBUG #ifdef AUTHSSL_DEBUG

9
libretroshare/src/pqi/authssl.h
View File

@ -54,9 +54,12 @@
typedef std::string SSL_id; typedef std::string SSL_id;
class AuthSSL; /* This #define removes Connection Manager references in AuthSSL.
* They should not be here. What about Objects and orthogonality?
* This code is also stopping immediate reconnections from working.
*/
class p3ConnectMgr; class AuthSSL;
class sslcert class sslcert
{ {
@ -185,8 +188,6 @@ static int ex_data_ctx_index; //used to pass the peer id in the ssl context
static AuthSSL *getAuthSSL() throw() // pour obtenir l'instance static AuthSSL *getAuthSSL() throw() // pour obtenir l'instance
{ return instance_ssl; } { return instance_ssl; }
p3ConnectMgr *mConnMgr;
private: private:
// the single instance of this // the single instance of this

4
libretroshare/src/pqi/pqissl.cc
View File

@ -966,10 +966,6 @@ int pqissl::Initiate_SSL_Connection()
ssl_connection = ssl; ssl_connection = ssl;
//store the peer id in the context for the callback check
AuthSSL::ex_data_ctx_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
SSL_set_ex_data(ssl, AuthSSL::ex_data_ctx_index, const_cast<char*> (PeerId().c_str()));
net_internal_SSL_set_fd(ssl, sockfd); net_internal_SSL_set_fd(ssl, sockfd);
if (err < 1) if (err < 1)
{ {

2
libretroshare/src/rsserver/rsinit.cc
View File

@ -1980,7 +1980,7 @@ int RsServer::StartupRetroShare()
rsNotify = new p3Notify(); rsNotify = new p3Notify();
mConnMgr = new p3ConnectMgr(); mConnMgr = new p3ConnectMgr();
AuthSSL::getAuthSSL()->mConnMgr = mConnMgr;
//load all the SSL certs as friends //load all the SSL certs as friends
// std::list<std::string> sslIds; // std::list<std::string> sslIds;
// AuthSSL::getAuthSSL()->getAuthenticatedList(sslIds); // AuthSSL::getAuthSSL()->getAuthenticatedList(sslIds);