mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-10-01 02:35:48 -04:00
small update of connct mgr and ssl connection
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2489 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
f57b4c7b64
commit
aa7bed984f
@ -2010,7 +2010,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
|
||||
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not accepted : \n");
|
||||
fprintf(stderr, "issuer pgpid : ");
|
||||
fprintf(stderr, "%s\n",pgpid.c_str());
|
||||
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
|
||||
@ -2024,7 +2024,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
|
||||
} else {
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
fprintf(stderr, "Failing Normal Certificate!!!\n");
|
||||
fprintf(stderr, "A normal certificate is probably a security breach attempt. We sould fail it !!!\n");
|
||||
#endif
|
||||
preverify_ok = false;
|
||||
}
|
||||
|
@ -39,7 +39,7 @@ using std::ifstream;
|
||||
|
||||
#include "serialiser/rsconfigitems.h"
|
||||
|
||||
#define CONFIG_DEBUG 1
|
||||
//#define CONFIG_DEBUG 1
|
||||
|
||||
|
||||
p3ConfigMgr::p3ConfigMgr(std::string dir, std::string fname, std::string signame)
|
||||
@ -633,7 +633,9 @@ bool p3Config::saveConfiguration()
|
||||
ofstream ofstrm;
|
||||
ifstrm.open(fname.c_str(), std::ifstream::binary);
|
||||
|
||||
std::cerr << "p3config::saveConfiguration() Is file open: " << ifstrm.is_open();
|
||||
#ifdef CONFIG_DEBUG
|
||||
std::cerr << "p3config::saveConfiguration() Is file open: " << ifstrm.is_open() << std::endl;
|
||||
#endif
|
||||
|
||||
// if file does not exist then open temporay file already created
|
||||
if(!ifstrm.is_open()){
|
||||
|
@ -2635,42 +2635,41 @@ bool p3ConnectMgr::setAddressList(std::string id, std::list<IpAddressTimed> I
|
||||
#ifdef CONN_DEBUG
|
||||
std::cerr << "p3ConnectMgr::setAddressList() called for id : " << id << std::endl;
|
||||
#endif
|
||||
|
||||
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
|
||||
|
||||
/* check if it is our own ip */
|
||||
if (id == getOwnId()) {
|
||||
ownState.updateIpAddressList(IpAddressTimedList);
|
||||
//if we have no ext address from upnp or extAdrFinder, we will use this list for ext ip detection
|
||||
sockaddr_in extAddr;
|
||||
if (!getExtFinderExtAddress(extAddr) && !getUpnpExtAddress(extAddr)) { //TODO fix it
|
||||
IpAddressTimed extractedAddress;
|
||||
if (peerConnectState::extractExtAddress(IpAddressTimedList, extractedAddress)) {
|
||||
#ifdef CONN_DEBUG
|
||||
std::cerr << "p3ConnectMgr::setAddressList() using ip address list to set external addres." << std::endl;
|
||||
#endif
|
||||
ownState.currentserveraddr.sin_addr = extractedAddress.ipAddr.sin_addr;
|
||||
IndicateConfigChanged();
|
||||
} else {
|
||||
#ifdef CONN_DEBUG
|
||||
std::cerr << "p3ConnectMgr::setAddressList() no valuable ext adress found." << std::endl;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
//useless, already done in network consistency check
|
||||
// sockaddr_in extAddr;
|
||||
// if (!getExtFinderExtAddress(extAddr) && !getUpnpExtAddress(extAddr)) { //TODO fix it
|
||||
// IpAddressTimed extractedAddress;
|
||||
// if (peerConnectState::extractExtAddress(IpAddressTimedList, extractedAddress)) {
|
||||
// #ifdef CONN_DEBUG
|
||||
// std::cerr << "p3ConnectMgr::setAddressList() using ip address list to set external addres." << std::endl;
|
||||
// #endif
|
||||
// ownState.currentserveraddr.sin_addr = extractedAddress.ipAddr.sin_addr;
|
||||
// IndicateConfigChanged();
|
||||
// } else {
|
||||
// #ifdef CONN_DEBUG
|
||||
// std::cerr << "p3ConnectMgr::setAddressList() no valuable ext adress found." << std::endl;
|
||||
// #endif
|
||||
// }
|
||||
// }
|
||||
return true;
|
||||
}
|
||||
|
||||
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
|
||||
|
||||
/* check if it is a friend */
|
||||
std::map<std::string, peerConnectState>::iterator it;
|
||||
if (mFriendList.end() == (it = mFriendList.find(id)))
|
||||
{
|
||||
if (mOthersList.end() == (it = mOthersList.find(id)))
|
||||
{
|
||||
#ifdef CONN_DEBUG
|
||||
std::cerr << "p3ConnectMgr::setLocalAddress() cannot add addres info : peer id not found in friend list id: " << id << std::endl;
|
||||
std::cerr << "p3ConnectMgr::setLocalAddress() cannot add addres info : peer id not found in friend list. id: " << id << std::endl;
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/* "it" points to peer */
|
||||
it->second.updateIpAddressList(IpAddressTimedList);
|
||||
|
@ -1137,6 +1137,7 @@ int pqissl::Authorise_SSL_Connection()
|
||||
reset();
|
||||
return -1;
|
||||
}
|
||||
|
||||
std::string certPeerId;
|
||||
getX509id(peercert, certPeerId);
|
||||
if (certPeerId != PeerId()) {
|
||||
@ -1153,39 +1154,6 @@ int pqissl::Authorise_SSL_Connection()
|
||||
|
||||
accept(ssl_connection, sockfd, remote_addr);
|
||||
return 1;
|
||||
|
||||
// save certificate... (and ip locations)
|
||||
// false for outgoing....
|
||||
// we actually connected to remote_addr,
|
||||
// which could be
|
||||
// (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
|
||||
|
||||
// bool certCorrect = false;
|
||||
// certCorrect = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
|
||||
//
|
||||
// // check it's the right one.
|
||||
// if (certCorrect)
|
||||
// {
|
||||
// // then okay...
|
||||
// std::ostringstream out;
|
||||
// out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
|
||||
// rslog(RSL_WARNING, pqisslzone, out.str());
|
||||
//
|
||||
// accept(ssl_connection, sockfd, remote_addr);
|
||||
// return 1;
|
||||
// }
|
||||
//
|
||||
// {
|
||||
// std::ostringstream out;
|
||||
// out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
|
||||
// out << " Shutdown. Peer: " << PeerId();
|
||||
// rslog(RSL_WARNING, pqisslzone, out.str());
|
||||
// }
|
||||
|
||||
// else shutdown ssl connection.
|
||||
|
||||
reset();
|
||||
return 0;
|
||||
}
|
||||
|
||||
int pqissl::accept(SSL *ssl, int fd, struct sockaddr_in foreign_addr) // initiate incoming connection.
|
||||
|
@ -391,7 +391,7 @@ int pqissllistenbase::continueSSL(SSL *ssl, struct sockaddr_in remote_addr, bool
|
||||
}
|
||||
|
||||
/* we have failed -> get certificate if possible */
|
||||
Extract_Failed_SSL_Certificate(ssl, &remote_addr);
|
||||
//Extract_Failed_SSL_Certificate(ssl, &remote_addr);
|
||||
|
||||
// other wise delete ssl connection.
|
||||
// kill connection....
|
||||
@ -675,33 +675,17 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem
|
||||
pqioutput(PQL_DEBUG_BASIC, pqissllistenzone, out.str());
|
||||
}
|
||||
|
||||
if (found == false)
|
||||
{
|
||||
if (found == false) {
|
||||
std::ostringstream out;
|
||||
out << "No Matching Certificate/Already Connected";
|
||||
out << "Don't accept connection because friend is not found or (probably) already connected";
|
||||
out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
|
||||
out << std::endl;
|
||||
out << "pqissllistenbase: Will shut it down!" << std::endl;
|
||||
pqioutput(PQL_WARNING, pqissllistenzone, out.str());
|
||||
X509_free(peercert);
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
// /* Certificate consumed! */
|
||||
// bool certKnown = AuthSSL::getAuthSSL()->CheckCertificate(it->first, peercert);
|
||||
//
|
||||
// if (certKnown == false)
|
||||
// {
|
||||
// std::ostringstream out;
|
||||
// out << "Failed Final Check";
|
||||
// out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
|
||||
// out << std::endl;
|
||||
// out << "pqissllistenbase: Will shut it down!" << std::endl;
|
||||
// pqioutput(PQL_WARNING, pqissllistenzone, out.str());
|
||||
// return -1;
|
||||
// }
|
||||
|
||||
pqissl *pqis = it -> second;
|
||||
|
||||
// dont remove from the list of certificates.
|
||||
|
Loading…
Reference in New Issue
Block a user