First of the Networking REWORK checkings. I'm doing these is stages,

so I can properly document what is being changed! Revert / Merge : pqissl / pqissludp code. * restored original timeout system. * removed weird testing code - should never have been here! * switched extra checks to generate ALERT msgs - we want to know if they happen. * removed quietShutdown (breaks TLS protocol - why was this added?) * switched listening on all the time. (helps restore disconnects). * restored common connect parameters (removed duplicates in ssludp). * restored AuthSSL->Failed/CheckCertificate() calls ... useful. git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@3212 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2025-01-27 07:47:03 -05:00 · 2010-06-25 21:44:24 +00:00 · 2010-06-25 21:44:24 +00:00 · 69ba03dbd2
commit 69ba03dbd2
parent afb1d24bc7
3 changed files with 78 additions and 79 deletions
--- a/libretroshare/src/pqi/pqissl.cc
+++ b/libretroshare/src/pqi/pqissl.cc
@ -61,7 +61,8 @@ const int PQISSL_REMOTE_FLAG = 0x02;
 const int PQISSL_UDP_FLAG = 0x02;
 ***********/
-static const int PQISSL_MAX_READ_ZERO_COUNT = 40;
+static const int PQISSL_MAX_READ_ZERO_COUNT = 20;
 static const int PQISSL_SSL_CONNECT_TIMEOUT = 30;
 /********** PQI SSL STUFF ******************************************
 *
@ -93,11 +94,11 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3ConnectMgr *cm)
 	sslmode(PQISSL_ACTIVE), ssl_connection(NULL), sockfd(-1), 
 	pqil(l),  // no init for remote_addr.
 	readpkt(NULL), pktlen(0), 
 	attempt_ts(0),
 	net_attempt(0), net_failure(0), net_unreachable(0), 
 	sameLAN(false), n_read_zero(0), 
 	mConnectDelay(0), mConnectTS(0),
-        mConnectTimeout(0), mTimeoutTS(0), quietShutdown(false),
+        mConnectTimeout(0), mTimeoutTS(0), mConnMgr(cm)
        mConnMgr(cm)
 {
 	/* set address to zero */
@ -109,6 +110,21 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3ConnectMgr *cm)
 	  rslog(RSL_ALERT, pqisslzone, out.str());
 	}
 #if 0
 	if (!(AuthSSL::getAuthSSL()->isAuthenticated(PeerId())))
 	{
  	  rslog(RSL_ALERT, pqisslzone, 
 	    "pqissl::Warning Certificate Not Approved!");
  	  rslog(RSL_ALERT, pqisslzone, 
 	    "\t pqissl will not initialise....");
 	}
 #else
  	  rslog(RSL_ALERT, pqisslzone, 
 	    "pqissl::Warning SSL Certificate Approval Not CHECKED??");
 #endif
 	return;
 }
@ -195,21 +211,15 @@ int 	pqissl::reset()
 	out << "\tssl_con: " << ssl_connection << std::endl;
 	out << std::endl;
-        bool neededReset = false;
+	bool neededReset = false;
-	if (ssl_connection != NULL && sockfd > 0)
+	if (ssl_connection != NULL)
 	{
 		out << "pqissl::reset() Shutting down SSL Connection";
 		out << std::endl;
-                if (quietShutdown) {
+		SSL_shutdown(ssl_connection);
-                    ssl_connection->quiet_shutdown = 1;
+		SSL_free (ssl_connection);
                    SSL_shutdown(ssl_connection);
                } else {
                    ssl_connection->quiet_shutdown = 0;
                    SSL_shutdown(ssl_connection);
                }
                quietShutdown = false;
 		neededReset = true;	
 	}
@ -224,13 +234,11 @@ int 	pqissl::reset()
 	active = false;
 	sockfd = -1;
 	waiting = WAITING_NOT;
 	SSL_free (ssl_connection);
 	ssl_connection = NULL;
 	sameLAN = false;
 	n_read_zero = 0;
 	total_len = 0 ;
        mTimeoutTS = 0;
        listen();
 	if (neededReset)
 	{
@ -359,15 +367,7 @@ int	pqissl::tick()
 			out << "Continuing Connection Attempt!";
 			rslog(RSL_DEBUG_BASIC, pqisslzone, out.str());
-                        if (mTimeoutTS != 0 && time(NULL) > mTimeoutTS)
+                        ConnectAttempt();
                        {
                                rslog(RSL_DEBUG_BASIC, pqisslzone,
                                        "pqissl::Authorise_SSL_Connection() Connection Timed Out!");
                                /* as sockfd is valid, this should close it all up */
                                reset();
                        } else {
                            ConnectAttempt();
                        }
 			return 1;
 		}
 	}
@ -710,16 +710,6 @@ int 	pqissl::Basic_Connection_Complete()
 	rslog(RSL_DEBUG_BASIC, pqisslzone, 
 	  "pqissl::Basic_Connection_Complete()...");
 #ifdef DEBUG_PQISSL_TUNNEL
        rslog(RSL_DEBUG_BASIC, pqisslzone,
          "pqissl::Basic_Connection_Complete() parent()->PeerId() : " + parent()->PeerId());
        if (parent()->PeerId() == "a0f6dfa2478e327a5687eaffe68882d3" || parent()->PeerId() == "9a033552091254bf9875edabe0bfd0e2") {
            rslog(RSL_DEBUG_BASIC, pqisslzone,
              "pqissl::Basic_Connection_Complete() resetting connection for test purpose.");
            reset();
        }
 #endif
 	/* new TimeOut code. */
 	if (time(NULL) > mTimeoutTS)
 	{
@ -738,14 +728,14 @@ int 	pqissl::Basic_Connection_Complete()
 	if (waiting != WAITING_SOCK_CONNECT)
 	{
-		rslog(RSL_DEBUG_BASIC, pqisslzone, 
+		rslog(RSL_ALERT, pqisslzone, 
 	  		"pqissl::Basic_Connection_Complete() Wrong Mode");
 		return -1;
 	}
        if (sockfd == -1)
        {
-                rslog(RSL_DEBUG_BASIC, pqisslzone,
+                rslog(RSL_ALERT, pqisslzone,
                        "pqissl::Basic_Connection_Complete() problem with the socket descriptor. Aborting");
                reset();
                return -1;
@ -759,9 +749,6 @@ int 	pqissl::Basic_Connection_Complete()
 	FD_ZERO(&WriteFDs);
 	FD_ZERO(&ExceptFDs);
 	if(sockfd < 0)
 		return -1 ;
 	FD_SET(sockfd, &ReadFDs);
 	FD_SET(sockfd, &WriteFDs);
 	FD_SET(sockfd, &ExceptFDs);
@ -948,16 +935,18 @@ int 	pqissl::Initiate_SSL_Connection()
  	rslog(RSL_DEBUG_BASIC, pqisslzone, 
 	  "pqissl::Initiate_SSL_Connection() Basic Connection Okay");
 	// setup timeout value.
 	ssl_connect_timeout = time(NULL) + PQISSL_SSL_CONNECT_TIMEOUT;
 	// Perform SSL magic.
 	// library already inited by sslroot().
-        SSL_CTX *ssl_ctx = AuthSSL::getAuthSSL()->getCTX();
+	SSL *ssl = SSL_new(AuthSSL::getAuthSSL()->getCTX());
        SSL *ssl = SSL_new(ssl_ctx);
 	if (ssl == NULL)
 	{
  		rslog(RSL_ALERT, pqisslzone, 
 		  "pqissl::Initiate_SSL_Connection() SSL_new failed!");
 		exit(1);
 		return -1;
 	}
@ -966,7 +955,7 @@ int 	pqissl::Initiate_SSL_Connection()
 	ssl_connection = ssl;
-        net_internal_SSL_set_fd(ssl, sockfd);
+	net_internal_SSL_set_fd(ssl, sockfd);
 	if (err < 1)
 	{
 		std::ostringstream out;
@ -1046,7 +1035,7 @@ int 	pqissl::SSL_Connection_Complete()
 			out.str());
 		// attempt real error.
-                //Extract_Failed_SSL_Certificate();
+		Extract_Failed_SSL_Certificate();
 		reset();
 		waiting = WAITING_FAIL_INTERFACE;
@ -1073,7 +1062,7 @@ int 	pqissl::Extract_Failed_SSL_Certificate()
 	// Get the Peer Certificate....
 	X509 *peercert = SSL_get_peer_certificate(ssl_connection);
-        if (peercert == NULL)
+	if (peercert == NULL)
 	{
  		rslog(RSL_WARNING, pqisslzone, 
 		  "pqissl::Extract_Failed_SSL_Certificate() Peer Didnt Give Cert");
@ -1081,14 +1070,14 @@ int 	pqissl::Extract_Failed_SSL_Certificate()
 	}
  	rslog(RSL_DEBUG_BASIC, pqisslzone, 
-          "pqissl::Extract_Failed_SSL_Certificate() Have Peer Cert - (Not) Registering (anymore)");
+	  "pqissl::Extract_Failed_SSL_Certificate() Have Peer Cert - Registering");
 	// save certificate... (and ip locations)
 	// false for outgoing....
 	// we actually connected to remote_addr, 
 	// 	which could be 
 	//      (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
-        //AuthSSL::getAuthSSL()->FailedCertificate(peercert, false);
+        AuthSSL::getAuthSSL()->FailedCertificate(peercert, false);
 	return 1;
 }
@ -1099,9 +1088,9 @@ int 	pqissl::Extract_Failed_SSL_Certificate()
 int 	pqissl::Authorise_SSL_Connection()
 {
  	rslog(RSL_DEBUG_BASIC, pqisslzone, 
-          "pqissl::Authorise_SSL_Connection()");
+	  "pqissl::Authorise_SSL_Connection()");
-        if (time(NULL) > mTimeoutTS)
+        if (time(NULL) > ssl_connect_timeout)
        {
 		rslog(RSL_DEBUG_BASIC, pqisslzone,
 			"pqissl::Authorise_SSL_Connection() Connection Timed Out!");
@ -1115,8 +1104,6 @@ int 	pqissl::Authorise_SSL_Connection()
 		return err;
 	}
        stoplistening();
  	rslog(RSL_DEBUG_BASIC, pqisslzone, 
 	  "pqissl::Authorise_SSL_Connection() SSL_Connection_Complete");
@ -1149,8 +1136,38 @@ int 	pqissl::Authorise_SSL_Connection()
  	rslog(RSL_DEBUG_BASIC, pqisslzone, 
 	  "pqissl::Authorise_SSL_Connection() Have Peer Cert");
-        accept(ssl_connection, sockfd, remote_addr);
+	// save certificate... (and ip locations)
-        return 1;
+	// false for outgoing....
 	// we actually connected to remote_addr, 
 	// 	which could be 
 	//      (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
 	AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
 	bool certCorrect = true; /* WE know it okay already! */
 	// check it's the right one.
 	if (certCorrect)
 	{
 		// then okay...
 		std::ostringstream out;
 	  	out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
  		rslog(RSL_WARNING, pqisslzone, out.str());
 		accept(ssl_connection, sockfd, remote_addr);
 		return 1;
 	}
 	{
 		std::ostringstream out;
 	  	out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
 		out << " Shutdown. Peer: " << PeerId();
  		rslog(RSL_WARNING, pqisslzone, out.str());
 	}
 	// else shutdown ssl connection.
 	reset();
 	return 0;
 }
 int	pqissl::accept(SSL *ssl, int fd, struct sockaddr_in foreign_addr) // initiate incoming connection.
@ -1343,7 +1360,6 @@ int 	pqissl::senddata(void *data, int len)
 			out << std::endl;
 			std::cerr << out.str() ;
 			rslog(RSL_ALERT, pqisslzone, out.str());
                        quietShutdown = true;
 			reset();
 			return -1;
 		}
@ -1447,7 +1463,6 @@ int 	pqissl::readdata(void *data, int len)
 				if (PQISSL_MAX_READ_ZERO_COUNT < n_read_zero)
 				{
 					out << "Count passed Limit, shutting down!";
                                        quietShutdown = true;
 					reset();
 				}
@ -1464,8 +1479,7 @@ int 	pqissl::readdata(void *data, int len)
 				out << "Socket Closed Abruptly.... Resetting PQIssl";
 				out << std::endl;
 				rslog(RSL_ALERT, pqisslzone, out.str());
-                                quietShutdown = true;
+				reset();
                                reset();
 				std::cerr << out.str() << std::endl ;
 				return -1;
 			}
@ -1605,7 +1619,7 @@ bool 	pqissl::moretoread()
 bool 	pqissl::cansend()
 {
        if (n_read_zero > 0) {
-        rslog(RSL_DEBUG_ALL, pqisslzone,
+        rslog(RSL_ALERT, pqisslzone,
                "pqissl::cansend() read socket returns 0, so we don't wanna send know.");
            return false;
        }
--- a/libretroshare/src/pqi/pqissl.h
+++ b/libretroshare/src/pqi/pqissl.h
@ -177,7 +177,7 @@ virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd)
 	int pktlen;
 	int total_len ; // saves the reading state accross successive calls.
-        //int attempt_ts;
+	int attempt_ts;
 	// Some flags to indicate
 	// the status of the various interfaces
@ -190,13 +190,12 @@ virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd)
 	int n_read_zero; /* a counter to determine if the connection is really dead */
-        //int ssl_connect_timeout; /* timeout to ensure that we don't get stuck (can happen on udp!) */
+	int ssl_connect_timeout; /* timeout to ensure that we don't get stuck (can happen on udp!) */
 	uint32_t mConnectDelay;
 	time_t   mConnectTS;
 	uint32_t mConnectTimeout;
 	time_t   mTimeoutTS;
        bool quietShutdown;
 	p3ConnectMgr *mConnMgr;
--- a/libretroshare/src/pqi/pqissludp.cc
+++ b/libretroshare/src/pqi/pqissludp.cc
@ -253,7 +253,7 @@ int 	pqissludp::Basic_Connection_Complete()
 	{
 		std::ostringstream out;
 	  	out << "pqissludp::Basic_Connection_Complete() Connection Timed Out. ";
-                out << "Peer: " << PeerId() << " Timeout: ";
+		out << "Peer: " << PeerId() << " Period: ";
 		out << mConnectTimeout;
 		rslog(RSL_WARNING, pqissludpzone, out.str());
@ -411,25 +411,11 @@ bool 	pqissludp::connect_parameter(uint32_t type, uint32_t value)
 		std::ostringstream out;
 		out << "pqissludp::connect_parameter() Peer: " << PeerId() << " PERIOD: " << value;
 		rslog(RSL_WARNING, pqissludpzone, out.str());
 		mConnectPeriod = value;
 		return true;
-        }else if (type == NET_PARAM_CONNECT_DELAY)
+	}
-        {
+	return pqissl::connect_parameter(type, value);
                std::ostringstream out;
                out << "pqissludp::connect_parameter() Peer: " << PeerId() << " DELAY: " << value;
                rslog(RSL_WARNING, pqissludpzone, out.str());
                mConnectDelay = value;
                return true;
        }
        else if (type == NET_PARAM_CONNECT_TIMEOUT)
        {
                std::ostringstream out;
                out << "pqissludp::connect_parameter() Peer: " << PeerId() << " TIMEOUT: " << value;
                rslog(RSL_WARNING, pqissludpzone, out.str());
                mConnectTimeout = value;
                return true;
        }
        return pqissl::connect_parameter(type, value);
 }
 /********** PQI STREAMER OVERLOADING *********************************/