Cleanup huge amount of AuthSSL cruft

Make reduntant auth check in pqi effective (even if redundant only siganture was checked but friendess wasn't) Evidence redundant auth check in pqi by putting it inside #ifdef this way the beaviior being the same with and without redundat check can be verified easier Solve lot of compiler warnings and made code more readable Remove dangerous sslcert wrapper Remove misleading messeges and notification about peer not giving cert, FailedCertificate logic is wrong since many years as authentication is fully handled inside VerifyX509Callback
2025-06-29 00:27:27 -04:00 · 2019-05-03 01:27:32 +02:00 · 2019-05-03 01:27:32 +02:00 · 41d4599fe3
commit 41d4599fe3
parent 8300e65cad
11 changed files with 682 additions and 1083 deletions
--- a/libretroshare/src/pqi/sslfns.h
+++ b/libretroshare/src/pqi/sslfns.h
@ -1,4 +1,4 @@
-/*******************************************************************************
+/*******************************************************************************
 * libretroshare/src/pqi: sslfns.h                                             *
 *                                                                             *
 * libretroshare: retroshare core library                                      *
@ -19,8 +19,7 @@
 * along with this program. If not, see <https://www.gnu.org/licenses/>.       *
 *                                                                             *
 *******************************************************************************/
-#ifndef RS_PQI_SSL_HELPER_H
-#define RS_PQI_SSL_HELPER_H 
+#pragma once

 /* Functions in this file are SSL only, 
 * and have no dependence on SSLRoot() etc.
@ -32,9 +31,12 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>

-#include <inttypes.h>
-#include <retroshare/rstypes.h>
 #include <string>
+#include <inttypes.h>
+
+#include "util/rsdeprecate.h"
+#include "retroshare/rstypes.h"
+

 /****
 * #define AUTHSSL_DEBUG 1
@ -113,9 +115,12 @@ bool getX509id(X509 *x509, RsPeerId &xid);

 int pem_passwd_cb(char *buf, int size, int rwflag, void *password);

-bool CheckX509Certificate(X509 *x509);
-// Not dependent on sslroot. load, and detroys the X509 memory.
-int	LoadCheckX509(const char *cert_file, RsPgpId& issuer, std::string &location, RsPeerId& userId);
+/** This function loads the X509 certificate from the file, and checks the
+ * certificate.
+ * Not dependent on sslroot. load, and detroys the X509 memory. */
+int LoadCheckX509(
+        const char* cert_file, RsPgpId& issuer, std::string& location,
+        RsPeerId& userId );


 std::string getX509NameString(X509_NAME *name);
@ -131,7 +136,8 @@ uint32_t getX509RetroshareCertificateVersion(X509 *cert) ;

 /********** SSL ERROR STUFF ******************************************/

-int printSSLError(SSL *ssl, int retval, int err, unsigned long err2, std::string &out);
-
-#endif /* RS_PQI_SSL_HELPER_H */
+RS_DEPRECATED_FOR(sslErrorToString)
+int printSSLError(
+        SSL* unused, int retval, int err, unsigned long err2, std::string& out);

+std::string sslErrorToString(int retval, int err, unsigned long err2);