small update of connct mgr and ssl connection

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2489 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
joss17 2010-03-05 21:27:42 +00:00
parent f57b4c7b64
commit aa7bed984f
5 changed files with 40 additions and 87 deletions

View File

@ -2010,7 +2010,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
{
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not accepted : \n");
fprintf(stderr, "issuer pgpid : ");
fprintf(stderr, "%s\n",pgpid.c_str());
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
@ -2024,7 +2024,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
} else {
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "Failing Normal Certificate!!!\n");
fprintf(stderr, "A normal certificate is probably a security breach attempt. We sould fail it !!!\n");
#endif
preverify_ok = false;
}

View File

@ -39,7 +39,7 @@ using std::ifstream;
#include "serialiser/rsconfigitems.h"
#define CONFIG_DEBUG 1
//#define CONFIG_DEBUG 1
p3ConfigMgr::p3ConfigMgr(std::string dir, std::string fname, std::string signame)
@ -633,7 +633,9 @@ bool p3Config::saveConfiguration()
ofstream ofstrm;
ifstrm.open(fname.c_str(), std::ifstream::binary);
std::cerr << "p3config::saveConfiguration() Is file open: " << ifstrm.is_open();
#ifdef CONFIG_DEBUG
std::cerr << "p3config::saveConfiguration() Is file open: " << ifstrm.is_open() << std::endl;
#endif
// if file does not exist then open temporay file already created
if(!ifstrm.is_open()){

View File

@ -2635,42 +2635,41 @@ bool p3ConnectMgr::setAddressList(std::string id, std::list<IpAddressTimed> I
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::setAddressList() called for id : " << id << std::endl;
#endif
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
/* check if it is our own ip */
if (id == getOwnId()) {
ownState.updateIpAddressList(IpAddressTimedList);
//if we have no ext address from upnp or extAdrFinder, we will use this list for ext ip detection
sockaddr_in extAddr;
if (!getExtFinderExtAddress(extAddr) && !getUpnpExtAddress(extAddr)) { //TODO fix it
IpAddressTimed extractedAddress;
if (peerConnectState::extractExtAddress(IpAddressTimedList, extractedAddress)) {
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::setAddressList() using ip address list to set external addres." << std::endl;
#endif
ownState.currentserveraddr.sin_addr = extractedAddress.ipAddr.sin_addr;
IndicateConfigChanged();
} else {
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::setAddressList() no valuable ext adress found." << std::endl;
#endif
}
}
//useless, already done in network consistency check
// sockaddr_in extAddr;
// if (!getExtFinderExtAddress(extAddr) && !getUpnpExtAddress(extAddr)) { //TODO fix it
// IpAddressTimed extractedAddress;
// if (peerConnectState::extractExtAddress(IpAddressTimedList, extractedAddress)) {
// #ifdef CONN_DEBUG
// std::cerr << "p3ConnectMgr::setAddressList() using ip address list to set external addres." << std::endl;
// #endif
// ownState.currentserveraddr.sin_addr = extractedAddress.ipAddr.sin_addr;
// IndicateConfigChanged();
// } else {
// #ifdef CONN_DEBUG
// std::cerr << "p3ConnectMgr::setAddressList() no valuable ext adress found." << std::endl;
// #endif
// }
// }
return true;
}
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
/* check if it is a friend */
std::map<std::string, peerConnectState>::iterator it;
if (mFriendList.end() == (it = mFriendList.find(id)))
{
if (mOthersList.end() == (it = mOthersList.find(id)))
{
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::setLocalAddress() cannot add addres info : peer id not found in friend list id: " << id << std::endl;
std::cerr << "p3ConnectMgr::setLocalAddress() cannot add addres info : peer id not found in friend list. id: " << id << std::endl;
#endif
return false;
}
}
/* "it" points to peer */
it->second.updateIpAddressList(IpAddressTimedList);

View File

@ -1137,6 +1137,7 @@ int pqissl::Authorise_SSL_Connection()
reset();
return -1;
}
std::string certPeerId;
getX509id(peercert, certPeerId);
if (certPeerId != PeerId()) {
@ -1153,39 +1154,6 @@ int pqissl::Authorise_SSL_Connection()
accept(ssl_connection, sockfd, remote_addr);
return 1;
// save certificate... (and ip locations)
// false for outgoing....
// we actually connected to remote_addr,
// which could be
// (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
// bool certCorrect = false;
// certCorrect = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
//
// // check it's the right one.
// if (certCorrect)
// {
// // then okay...
// std::ostringstream out;
// out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
// rslog(RSL_WARNING, pqisslzone, out.str());
//
// accept(ssl_connection, sockfd, remote_addr);
// return 1;
// }
//
// {
// std::ostringstream out;
// out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
// out << " Shutdown. Peer: " << PeerId();
// rslog(RSL_WARNING, pqisslzone, out.str());
// }
// else shutdown ssl connection.
reset();
return 0;
}
int pqissl::accept(SSL *ssl, int fd, struct sockaddr_in foreign_addr) // initiate incoming connection.

View File

@ -391,7 +391,7 @@ int pqissllistenbase::continueSSL(SSL *ssl, struct sockaddr_in remote_addr, bool
}
/* we have failed -> get certificate if possible */
Extract_Failed_SSL_Certificate(ssl, &remote_addr);
//Extract_Failed_SSL_Certificate(ssl, &remote_addr);
// other wise delete ssl connection.
// kill connection....
@ -675,33 +675,17 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem
pqioutput(PQL_DEBUG_BASIC, pqissllistenzone, out.str());
}
if (found == false)
{
if (found == false) {
std::ostringstream out;
out << "No Matching Certificate/Already Connected";
out << "Don't accept connection because friend is not found or (probably) already connected";
out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
out << std::endl;
out << "pqissllistenbase: Will shut it down!" << std::endl;
pqioutput(PQL_WARNING, pqissllistenzone, out.str());
X509_free(peercert);
return -1;
}
// /* Certificate consumed! */
// bool certKnown = AuthSSL::getAuthSSL()->CheckCertificate(it->first, peercert);
//
// if (certKnown == false)
// {
// std::ostringstream out;
// out << "Failed Final Check";
// out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
// out << std::endl;
// out << "pqissllistenbase: Will shut it down!" << std::endl;
// pqioutput(PQL_WARNING, pqissllistenzone, out.str());
// return -1;
// }
pqissl *pqis = it -> second;
// dont remove from the list of certificates.