mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-08-03 03:36:58 -04:00
merged with upstreamm/master
This commit is contained in:
csoler
commit
6f6e0de5f1
59 changed files with 1438 additions and 1164 deletions
|
|
@ -806,22 +806,22 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long /*days*/)
|
|||
X509_NAME_free(issuer_name);
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
// (does not leak the key creation date to the outside anymore. for more privacy)
|
||||
ASN1_TIME_set(X509_get_notBefore(x509), 0);
|
||||
ASN1_TIME_set(X509_get_notAfter(x509), 0);
|
||||
// (does not leak the key creation date to the outside anymore. for more privacy)
|
||||
ASN1_TIME_set(X509_get_notBefore(x509), 0);
|
||||
ASN1_TIME_set(X509_get_notAfter(x509), 0);
|
||||
#else
|
||||
// NEW code, set validity time between 2010 and 2110 (remember to change it when, if OpenSSL check it by default. ;) )
|
||||
// (does not leak the key creation date to the outside anymore. for more privacy)
|
||||
if (!ASN1_TIME_set_string(X509_getm_notBefore(x509), "20100101000000Z"))
|
||||
{
|
||||
RsErr() << __PRETTY_FUNCTION__ << " Set notBefore FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
if (!ASN1_TIME_set_string(X509_getm_notAfter(x509), "21100101000000Z"))
|
||||
{
|
||||
RsErr() << __PRETTY_FUNCTION__ << " Set notAfter FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
// NEW code, set validity time between 2010 and 2110 (remember to change it when, if OpenSSL check it by default. ;) )
|
||||
// (does not leak the key creation date to the outside anymore. for more privacy)
|
||||
if (!ASN1_TIME_set_string(X509_getm_notBefore(x509), "20100101000000Z"))
|
||||
{
|
||||
RsErr() << __PRETTY_FUNCTION__ << " Set notBefore FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
if (!ASN1_TIME_set_string(X509_getm_notAfter(x509), "21100101000000Z"))
|
||||
{
|
||||
RsErr() << __PRETTY_FUNCTION__ << " Set notAfter FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!X509_set_subject_name(x509, X509_REQ_get_subject_name(req)))
|
||||
|
|
|
|||
|
|
@ -56,6 +56,69 @@ const int PQISSL_UDP_FLAG = 0x02;
|
|||
/* TCP buffer size for Windows systems */
|
||||
const int WINDOWS_TCP_BUFFER_SIZE = 512 * 1024; // 512 KB
|
||||
|
||||
|
||||
// This is a (very) simple overview of the different state machnines. The tree includes high level funtions only.
|
||||
//
|
||||
// connect_parameter() is used to pass down settings, like address or timeout values
|
||||
//
|
||||
// tick() or connect()
|
||||
// |
|
||||
// +----- ConnectAttempt()
|
||||
// |
|
||||
// +--WAITING_NOT or WAITING_DELAY
|
||||
// | |
|
||||
// | +----- Delay_Connection()
|
||||
// | |
|
||||
// | +--WAITING_NOT
|
||||
// | | - set 'waiting' to WAITING_DELAY and set delay for next connection attempt
|
||||
// | |
|
||||
// | +--WAITING_DELAY
|
||||
// | |
|
||||
// | +----- Initiate_Connection()
|
||||
// | |
|
||||
// | +----- setup socket
|
||||
// | +----- connect
|
||||
// | - on success: set "waiting" to WAITING_SOCK_CONNECT and "sockfd" to newly created socket
|
||||
// | - on failure: set "waiting" to WAITING_FAIL_INTERFACE
|
||||
// |
|
||||
// +--WAITING_SOCK_CONNECT
|
||||
// | |
|
||||
// | +----- Initiate_SSL_Connection()
|
||||
// | |
|
||||
// | +----- Basic_Connection_Complete()
|
||||
// | | |
|
||||
// | | +----- CheckConnectionTimeout()
|
||||
// | | |
|
||||
// | | +----- ready up socket.
|
||||
// | | - SOCKS, udp tou, i2p BOB intercept here
|
||||
// | | - on failure: set "waiting" to WAITING_FAIL_INTERFACE and "sockfd" to -1
|
||||
// | |
|
||||
// | +----- create SSL context and attach file descriptors
|
||||
// | - on success:_set "waiting" to WAITING_SSL_CONNECTION
|
||||
// |
|
||||
// +--WAITING_SSL_CONNECTION or WAITING_SSL_AUTHORISE
|
||||
// | |
|
||||
// | +----- Authorise_SSL_Connection()
|
||||
// | |
|
||||
// | +----- SSL_Connection_Complete()
|
||||
// | | |
|
||||
// | | +----- performes TSL handshake
|
||||
// | | - on success: set "waiting" to WAITING_SSL_AUTHORISE
|
||||
// | | - on failure: set "waiting" to WAITING_FAIL_INTERFACE
|
||||
// | |
|
||||
// | +----- set "waiting" to WAITING_NOT
|
||||
// | |
|
||||
// | +----- accept_locked()
|
||||
// | - add peer to the rest of RS and start pqi thread
|
||||
// |
|
||||
// |
|
||||
// +--WAITING_FAIL_INTERFACE
|
||||
// |
|
||||
// +----- Failed_Connection()
|
||||
// - set "waiting" to WAITING_NOT
|
||||
//
|
||||
|
||||
|
||||
/***************************** pqi Net SSL Interface *********************************
|
||||
* This provides the base SSL interface class,
|
||||
* and handles most of the required functionality.
|
||||
|
|
@ -203,9 +266,9 @@ bool CheckConnectionTimeout();
|
|||
uint32_t mConnectTimeout;
|
||||
rstime_t mTimeoutTS;
|
||||
|
||||
RS_SET_CONTEXT_DEBUG_LEVEL(1)
|
||||
|
||||
private:
|
||||
// ssl only fns.
|
||||
int connectInterface(const struct sockaddr_storage &addr);
|
||||
|
||||
RS_SET_CONTEXT_DEBUG_LEVEL(1)
|
||||
};
|
||||
|
|
|
|||
|
|
@ -34,6 +34,73 @@
|
|||
|
||||
#define RS_PQISSL_AUTH_DOUBLE_CHECK 1
|
||||
|
||||
|
||||
// This is a simple overview of how the listener is setup, ticked (calling accept) and peers added to it.
|
||||
// On the highest level (RsServer) the listener lives inside the pqisslpersongrp class (variable: "pqih").
|
||||
// Inside pqisslpersongrp the listener is stored in "pqil".
|
||||
//
|
||||
// The listener has an internal list with incoming connections that are handled in a similar fashion to pqissl.
|
||||
// (Mainly setting up the socket (non-blocking) and establisching the ssl handshake.)
|
||||
// When everything went fine the connection is passed to pqissl in finaliseConnection()
|
||||
//
|
||||
// This is how the listener is initialized during start up:
|
||||
//
|
||||
// RsServer::StartupRetroShare()
|
||||
// |
|
||||
// +----- pqih = new pqisslpersongrp(serviceCtrl, flags, mPeerMgr);
|
||||
// +----- pqih->init_listener();
|
||||
// |
|
||||
// +----- pqil = locked_createListener(laddr);
|
||||
// |
|
||||
// +----- return new pqissllistener(laddr, mPeerMgr);
|
||||
//
|
||||
//
|
||||
// This is how the listener is ticked to call accept:
|
||||
//
|
||||
// RsServer::StartupRetroShare()
|
||||
// |
|
||||
// +----- pqih->tick();
|
||||
// |
|
||||
// +----- pqil->tick();
|
||||
// |
|
||||
// +----- acceptconnection();
|
||||
// | |
|
||||
// | +----- accecpt()
|
||||
// |
|
||||
// +----- continueaccepts();
|
||||
// +----- finaliseAccepts();
|
||||
// |
|
||||
// +----- finaliseConnection()
|
||||
// |
|
||||
// +----- pqis->accept()
|
||||
//
|
||||
//
|
||||
// This is how peers (their id) are registered to the listener:
|
||||
// (This is only used to tell if a connection peer is known or a new one (which is then added))
|
||||
//
|
||||
// pqipersongrp::addPeer()
|
||||
// |
|
||||
// +----- pqiperson *pqip = locked_createPerson(id, pqil);
|
||||
// | |
|
||||
// | +----- pqiperson *pqip = new pqiperson(id, this);
|
||||
// | +----- pqissl *pqis = new pqissl((pqissllistener *) listener, pqip, mLinkMgr);
|
||||
// | +----- pqiconnect *pqisc = new pqiconnect(pqip, rss, pqis);
|
||||
// | +----- pqip->addChildInterface(PQI_CONNECT_TCP, pqisc);
|
||||
// | |
|
||||
// | +-- sets kids[type] = pqisc;
|
||||
// |
|
||||
// +----- pqip->reset();
|
||||
// +----- pqip->listen();
|
||||
// |
|
||||
// +-- for all kids[]
|
||||
// |
|
||||
// +----- listen() ( of class pqiconnect )
|
||||
// |
|
||||
// +----- listen() ( of class pqissl )
|
||||
// |
|
||||
// +----- pqil->addlistenaddr(PeerId(), this);
|
||||
|
||||
|
||||
/***************************** pqi Net SSL Interface *********************************
|
||||
*/
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue