Make SSL-only friend criteria stricter

2024-10-01 02:35:48 -04:00 · 2019-09-28 14:15:12 +02:00 · 2019-09-28 14:15:12 +02:00 · 4e3ac4a9f4
commit 4e3ac4a9f4
parent 5660c73175
3 changed files with 13 additions and 1 deletions
--- a/libretroshare/src/pgp/pgphandler.cc
+++ b/libretroshare/src/pgp/pgphandler.cc
@ -1667,6 +1667,9 @@ bool PGPHandler::getGPGFilteredList(std::list<RsPgpId>& list,bool (*filter)(cons
 	return true ;
 }

+bool PGPHandler::isPgpPubKeyAvailable(const RsPgpId &id)
+{ return _public_keyring_map.find(id) != _public_keyring_map.end(); }
+
 bool PGPHandler::isGPGId(const RsPgpId &id)
 {
 	return _public_keyring_map.find(id) != _public_keyring_map.end() ;
--- a/libretroshare/src/pgp/pgphandler.h
+++ b/libretroshare/src/pgp/pgphandler.h
@ -148,6 +148,15 @@ class PGPHandler

 		const PGPCertificateInfo *getCertificateInfo(const RsPgpId& id) const ;

+		/**
+		 * @brief Check if a PGP publick key is available
+		 * @param id id of the key to check
+		 * @return true if the public key for the given id is available,
+		 *	false otherwise
+		 */
+		bool isPgpPubKeyAvailable(const RsPgpId& id);
+
+		RS_DEPRECATED_FOR(isPgpPubKeyAvailable)
 		bool isGPGId(const RsPgpId &id);
 		bool isGPGSigned(const RsPgpId &id);
 		bool isGPGAccepted(const RsPgpId &id);
--- a/libretroshare/src/pqi/p3peermgr.cc
+++ b/libretroshare/src/pqi/p3peermgr.cc
@ -1138,7 +1138,7 @@ bool p3PeerMgrIMPL::addSslOnlyFriend(
 	 * Instead if pstate.skip_pgp_signature_validation would have been
 	 * superficially set to true the PGP signature verification would have been
 	 * skipped and the attacker connection would be accepted. */
-	if(!AuthGPG::getAuthGPG()->isGPGAccepted(pgp_id))
+	if(!AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id))
 		pstate.skip_pgp_signature_validation = true;

 	pstate.gpg_id = pgp_id;