Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

small update of connct mgr and ssl connection

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2489 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
joss17 2010-03-05 21:27:42 +00:00
parent f57b4c7b64
commit aa7bed984f
5 changed files with 40 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libretroshare/src/pqi/authssl.cc
View File

@ -2010,7 +2010,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId()) if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
{ {
#ifdef AUTHSSL_DEBUG #ifdef AUTHSSL_DEBUG
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n"); fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not accepted : \n");
fprintf(stderr, "issuer pgpid : "); fprintf(stderr, "issuer pgpid : ");
fprintf(stderr, "%s\n",pgpid.c_str()); fprintf(stderr, "%s\n",pgpid.c_str());
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : "); fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
@ -2024,7 +2024,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
} else { } else {
#ifdef AUTHSSL_DEBUG #ifdef AUTHSSL_DEBUG
fprintf(stderr, "Failing Normal Certificate!!!\n"); fprintf(stderr, "A normal certificate is probably a security breach attempt. We sould fail it !!!\n");
#endif #endif
preverify_ok = false; preverify_ok = false;
} }

6
libretroshare/src/pqi/p3cfgmgr.cc
View File

@ -39,7 +39,7 @@ using std::ifstream;
#include "serialiser/rsconfigitems.h" #include "serialiser/rsconfigitems.h"
#define CONFIG_DEBUG 1 //#define CONFIG_DEBUG 1
p3ConfigMgr::p3ConfigMgr(std::string dir, std::string fname, std::string signame) p3ConfigMgr::p3ConfigMgr(std::string dir, std::string fname, std::string signame)
@ -633,7 +633,9 @@ bool p3Config::saveConfiguration()
ofstream ofstrm; ofstream ofstrm;
ifstrm.open(fname.c_str(), std::ifstream::binary); ifstrm.open(fname.c_str(), std::ifstream::binary);
std::cerr << "p3config::saveConfiguration() Is file open: " << ifstrm.is_open(); #ifdef CONFIG_DEBUG
std::cerr << "p3config::saveConfiguration() Is file open: " << ifstrm.is_open() << std::endl;
#endif
// if file does not exist then open temporay file already created // if file does not exist then open temporay file already created
if(!ifstrm.is_open()){ if(!ifstrm.is_open()){

47
libretroshare/src/pqi/p3connmgr.cc
View File

@ -2635,41 +2635,40 @@ bool p3ConnectMgr::setAddressList(std::string id, std::list<IpAddressTimed> I
#ifdef CONN_DEBUG #ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::setAddressList() called for id : " << id << std::endl; std::cerr << "p3ConnectMgr::setAddressList() called for id : " << id << std::endl;
#endif #endif
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
/* check if it is our own ip */ /* check if it is our own ip */
if (id == getOwnId()) { if (id == getOwnId()) {
ownState.updateIpAddressList(IpAddressTimedList); ownState.updateIpAddressList(IpAddressTimedList);
//if we have no ext address from upnp or extAdrFinder, we will use this list for ext ip detection //if we have no ext address from upnp or extAdrFinder, we will use this list for ext ip detection
sockaddr_in extAddr; //useless, already done in network consistency check
if (!getExtFinderExtAddress(extAddr) && !getUpnpExtAddress(extAddr)) { //TODO fix it // sockaddr_in extAddr;
IpAddressTimed extractedAddress; // if (!getExtFinderExtAddress(extAddr) && !getUpnpExtAddress(extAddr)) { //TODO fix it
if (peerConnectState::extractExtAddress(IpAddressTimedList, extractedAddress)) { // IpAddressTimed extractedAddress;
#ifdef CONN_DEBUG // if (peerConnectState::extractExtAddress(IpAddressTimedList, extractedAddress)) {
std::cerr << "p3ConnectMgr::setAddressList() using ip address list to set external addres." << std::endl; // #ifdef CONN_DEBUG
#endif // std::cerr << "p3ConnectMgr::setAddressList() using ip address list to set external addres." << std::endl;
ownState.currentserveraddr.sin_addr = extractedAddress.ipAddr.sin_addr; // #endif
IndicateConfigChanged(); // ownState.currentserveraddr.sin_addr = extractedAddress.ipAddr.sin_addr;
} else { // IndicateConfigChanged();
#ifdef CONN_DEBUG // } else {
std::cerr << "p3ConnectMgr::setAddressList() no valuable ext adress found." << std::endl; // #ifdef CONN_DEBUG
#endif // std::cerr << "p3ConnectMgr::setAddressList() no valuable ext adress found." << std::endl;
} // #endif
} // }
// }
return true; return true;
} }
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
/* check if it is a friend */ /* check if it is a friend */
std::map<std::string, peerConnectState>::iterator it; std::map<std::string, peerConnectState>::iterator it;
if (mFriendList.end() == (it = mFriendList.find(id))) if (mFriendList.end() == (it = mFriendList.find(id)))
{ {
if (mOthersList.end() == (it = mOthersList.find(id))) #ifdef CONN_DEBUG
{ std::cerr << "p3ConnectMgr::setLocalAddress() cannot add addres info : peer id not found in friend list. id: " << id << std::endl;
#ifdef CONN_DEBUG #endif
std::cerr << "p3ConnectMgr::setLocalAddress() cannot add addres info : peer id not found in friend list id: " << id << std::endl; return false;
#endif
return false;
}
} }
/* "it" points to peer */ /* "it" points to peer */

34
libretroshare/src/pqi/pqissl.cc
View File

@ -1137,6 +1137,7 @@ int pqissl::Authorise_SSL_Connection()
reset(); reset();
return -1; return -1;
} }
std::string certPeerId; std::string certPeerId;
getX509id(peercert, certPeerId); getX509id(peercert, certPeerId);
if (certPeerId != PeerId()) { if (certPeerId != PeerId()) {
@ -1153,39 +1154,6 @@ int pqissl::Authorise_SSL_Connection()
accept(ssl_connection, sockfd, remote_addr); accept(ssl_connection, sockfd, remote_addr);
return 1; return 1;
// save certificate... (and ip locations)
// false for outgoing....
// we actually connected to remote_addr,
// which could be
// (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
// bool certCorrect = false;
// certCorrect = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
//
// // check it's the right one.
// if (certCorrect)
// {
// // then okay...
// std::ostringstream out;
// out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
// rslog(RSL_WARNING, pqisslzone, out.str());
//
// accept(ssl_connection, sockfd, remote_addr);
// return 1;
// }
//
// {
// std::ostringstream out;
// out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
// out << " Shutdown. Peer: " << PeerId();
// rslog(RSL_WARNING, pqisslzone, out.str());
// }
// else shutdown ssl connection.
reset();
return 0;
} }
int pqissl::accept(SSL *ssl, int fd, struct sockaddr_in foreign_addr) // initiate incoming connection. int pqissl::accept(SSL *ssl, int fd, struct sockaddr_in foreign_addr) // initiate incoming connection.

36
libretroshare/src/pqi/pqissllistener.cc
View File

@ -391,7 +391,7 @@ int pqissllistenbase::continueSSL(SSL *ssl, struct sockaddr_in remote_addr, bool
} }
/* we have failed -> get certificate if possible */ /* we have failed -> get certificate if possible */
Extract_Failed_SSL_Certificate(ssl, &remote_addr); //Extract_Failed_SSL_Certificate(ssl, &remote_addr);
// other wise delete ssl connection. // other wise delete ssl connection.
// kill connection.... // kill connection....
@ -675,33 +675,17 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem
pqioutput(PQL_DEBUG_BASIC, pqissllistenzone, out.str()); pqioutput(PQL_DEBUG_BASIC, pqissllistenzone, out.str());
} }
if (found == false) if (found == false) {
{ std::ostringstream out;
std::ostringstream out; out << "Don't accept connection because friend is not found or (probably) already connected";
out << "No Matching Certificate/Already Connected"; out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
out << " for Connection:" << inet_ntoa(remote_addr.sin_addr); out << std::endl;
out << std::endl; out << "pqissllistenbase: Will shut it down!" << std::endl;
out << "pqissllistenbase: Will shut it down!" << std::endl; pqioutput(PQL_WARNING, pqissllistenzone, out.str());
pqioutput(PQL_WARNING, pqissllistenzone, out.str()); X509_free(peercert);
X509_free(peercert); return -1;
return -1;
} }
// /* Certificate consumed! */
// bool certKnown = AuthSSL::getAuthSSL()->CheckCertificate(it->first, peercert);
//
// if (certKnown == false)
// {
// std::ostringstream out;
// out << "Failed Final Check";
// out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
// out << std::endl;
// out << "pqissllistenbase: Will shut it down!" << std::endl;
// pqioutput(PQL_WARNING, pqissllistenzone, out.str());
// return -1;
// }
pqissl *pqis = it -> second; pqissl *pqis = it -> second;
// dont remove from the list of certificates. // dont remove from the list of certificates.