mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-27 00:19:25 -05:00
Fix addSslOnlyFriend when adding with already known PGP
If the PGP key is available add as full friend. Without this change when the PGP key of a non-friend is available the SSL-id is added in peer list but the PGP-id is not added as PGP friend, at same time skip_pgp_signature_validation is false, because we have the full PGP, so the connection attempt is refused, when it should be verified with PGP and accepted.
This commit is contained in:
parent
1b071d106f
commit
93bfbb6ede
@ -1074,26 +1074,22 @@ bool p3PeerMgrIMPL::addFriend(const RsPeerId& input_id, const RsPgpId& input_gpg
|
||||
bool p3PeerMgrIMPL::addSslOnlyFriend(
|
||||
const RsPeerId& sslId, const RsPgpId& pgp_id, const RsPeerDetails& dt )
|
||||
{
|
||||
if(sslId.isNull())
|
||||
constexpr auto fname = __PRETTY_FUNCTION__;
|
||||
const auto failure = [&](const std::string& err)
|
||||
{
|
||||
RsErr() << __PRETTY_FUNCTION__ << " Cannot add a null "
|
||||
<< "ID as SSL-only friend " << std::endl;
|
||||
RsErr() << fname << " " << err << std::endl;
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
if(sslId.isNull())
|
||||
return failure("Cannot add a null ID as SSL-only friend");
|
||||
|
||||
if(pgp_id.isNull())
|
||||
{
|
||||
RsErr() << __PRETTY_FUNCTION__ << " Cannot add as SSL-only friend a "
|
||||
<< "peer with null PGP" << std::endl;
|
||||
return false;
|
||||
}
|
||||
return failure( " Cannot add as SSL-only friend a peer with null PGP");
|
||||
|
||||
if(sslId == getOwnId())
|
||||
{
|
||||
RsErr() << __PRETTY_FUNCTION__ << " Cannot add yourself as SSL-only "
|
||||
<< "friend (id=" << sslId << ")" << std::endl;
|
||||
return false;
|
||||
}
|
||||
return failure( "Cannot add yourself as SSL-only friend id:" +
|
||||
sslId.toStdString() );
|
||||
|
||||
bool alreadySslFriend = false;
|
||||
peerState pstate;
|
||||
@ -1116,13 +1112,10 @@ bool p3PeerMgrIMPL::addSslOnlyFriend(
|
||||
* PGP id we already know, to avoid nasty tricks with malevolently forged
|
||||
* short invites.*/
|
||||
if(alreadySslFriend && pstate.gpg_id != pgp_id)
|
||||
{
|
||||
RsErr() << __PRETTY_FUNCTION__ << " Cannot SSL-only friend for "
|
||||
<< "a pre-existing friend with mismatching PGP-id "
|
||||
<< "known: " << pstate.gpg_id << " new: " << pgp_id
|
||||
<< std::endl;
|
||||
return false;
|
||||
}
|
||||
return failure( "Cannot SSL-only friend for a pre-existing friend with "
|
||||
"mismatching PGP-id known: " +
|
||||
pstate.gpg_id.toStdString() + " new: " +
|
||||
pgp_id.toStdString() );
|
||||
|
||||
/* It is very important to be expecially carefull setting
|
||||
* pstate.skip_pgp_signature_validation to true because this effectively
|
||||
@ -1137,8 +1130,11 @@ bool p3PeerMgrIMPL::addSslOnlyFriend(
|
||||
* connection closed.
|
||||
* Instead if pstate.skip_pgp_signature_validation would have been
|
||||
* superficially set to true the PGP signature verification would have been
|
||||
* skipped and the attacker connection would be accepted. */
|
||||
if(!AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id))
|
||||
* skipped and the attacker connection would be accepted.
|
||||
* If the PGP key is available add it as full friend. */
|
||||
if(AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id))
|
||||
AuthGPG::getAuthGPG()->AllowConnection(pgp_id, true);
|
||||
else
|
||||
pstate.skip_pgp_signature_validation = true;
|
||||
|
||||
pstate.gpg_id = pgp_id;
|
||||
|
Loading…
Reference in New Issue
Block a user