diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc index ffa26a75c..62515970a 100644 --- a/libretroshare/src/pqi/authssl.cc +++ b/libretroshare/src/pqi/authssl.cc @@ -1298,7 +1298,15 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx) ev->mSslId = sslId; ev->mSslCn = sslCn; ev->mPgpId = pgpId; - ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::PGP_SIGNATURE_VALIDATION_FAILED; + + switch(auth_diagnostic) + { + case RS_SSL_HANDSHAKE_DIAGNOSTIC_ISSUER_UNKNOWN: ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::NOT_A_FRIEND; break; + case RS_SSL_HANDSHAKE_DIAGNOSTIC_WRONG_SIGNATURE: ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::PGP_SIGNATURE_VALIDATION_FAILED;break; + default: + ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::MISSING_AUTHENTICATION_INFO;break; + } + ev->mErrorMsg = errMsg; rsEvents->postEvent(std::move(ev)); } diff --git a/libretroshare/src/pqi/pqissl.cc b/libretroshare/src/pqi/pqissl.cc index 773c74e50..0506ed8d2 100644 --- a/libretroshare/src/pqi/pqissl.cc +++ b/libretroshare/src/pqi/pqissl.cc @@ -1108,6 +1108,16 @@ int pqissl::SSL_Connection_Complete() return 0; } + if(rsEvents) + { + auto ev = std::make_shared(); + + X509 *x509 = SSL_get_peer_certificate(ssl_connection) ; + + ev->mSslId = RsX509Cert::getCertSslId(*x509); + ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::PEER_REFUSED_CONNECTION; + rsEvents->postEvent(ev); + } std::string out; rs_sprintf(out, "pqissl::SSL_Connection_Complete()\nIssues with SSL Connect(%d)!\n", err); diff --git a/libretroshare/src/retroshare/rsevents.h b/libretroshare/src/retroshare/rsevents.h index 8bf2a6fe2..3c244ab95 100644 --- a/libretroshare/src/retroshare/rsevents.h +++ b/libretroshare/src/retroshare/rsevents.h @@ -193,7 +193,8 @@ struct RsAuthSslConnectionAutenticationEvent : RsEvent NOT_A_FRIEND = 0x05, MISSING_CERTIFICATE = 0x06, IP_IS_BLACKLISTED = 0x07, - UNKNOWN_ERROR = 0x08, + PEER_REFUSED_CONNECTION = 0x08, + UNKNOWN_ERROR = 0x09, }; RsPeerId mSslId; @@ -227,7 +228,6 @@ struct RsConnectionEvent : RsEvent UNKNOWN = 0x00, PEER_CONNECTED = 0x01, PEER_DISCONNECTED = 0x02, - PEER_REFUSED_CONNECTION = 0x03, }; ConnectionType mConnectionType; diff --git a/libretroshare/src/retroshare/rsnotify.h b/libretroshare/src/retroshare/rsnotify.h index 001848439..6f882215f 100644 --- a/libretroshare/src/retroshare/rsnotify.h +++ b/libretroshare/src/retroshare/rsnotify.h @@ -79,9 +79,10 @@ const uint32_t RS_FEED_ITEM_PEER_DISCONNECT = RS_FEED_TYPE_PEER | 0x000 const uint32_t RS_FEED_ITEM_PEER_HELLO = RS_FEED_TYPE_PEER | 0x0003; const uint32_t RS_FEED_ITEM_PEER_NEW = RS_FEED_TYPE_PEER | 0x0004; const uint32_t RS_FEED_ITEM_PEER_OFFSET = RS_FEED_TYPE_PEER | 0x0005; +const uint32_t RS_FEED_ITEM_PEER_DENIES_CONNEXION = RS_FEED_TYPE_PEER | 0x0006; const uint32_t RS_FEED_ITEM_SEC_CONNECT_ATTEMPT = RS_FEED_TYPE_SECURITY | 0x0001; -const uint32_t RS_FEED_ITEM_SEC_AUTH_DENIED = RS_FEED_TYPE_SECURITY | 0x0002; +const uint32_t RS_FEED_ITEM_SEC_AUTH_DENIED = RS_FEED_TYPE_SECURITY | 0x0002; // locally denied connection const uint32_t RS_FEED_ITEM_SEC_UNKNOWN_IN = RS_FEED_TYPE_SECURITY | 0x0003; const uint32_t RS_FEED_ITEM_SEC_UNKNOWN_OUT = RS_FEED_TYPE_SECURITY | 0x0004; const uint32_t RS_FEED_ITEM_SEC_WRONG_SIGNATURE = RS_FEED_TYPE_SECURITY | 0x0005; diff --git a/retroshare-gui/src/gui/NewsFeed.cpp b/retroshare-gui/src/gui/NewsFeed.cpp index c6057c1f2..673177dd3 100644 --- a/retroshare-gui/src/gui/NewsFeed.cpp +++ b/retroshare-gui/src/gui/NewsFeed.cpp @@ -194,7 +194,7 @@ void NewsFeed::handleEvent(std::shared_ptr event) return; } - if(event->mType == RsEventType::PEER_STATE_CHANGED && (flags & RS_FEED_TYPE_PEER)) + if(event->mType == RsEventType::PEER_CONNECTION && (flags & RS_FEED_TYPE_PEER)) { RsQThreadUtils::postToObject( [=]() { handleConnectionEvent(event); }, this ); return; @@ -217,16 +217,6 @@ void NewsFeed::handleConnectionEvent(std::shared_ptr event) break; case RsConnectionEvent::PEER_DISCONNECTED: break;// not handled yet - case RsConnectionEvent::PEER_REFUSED_CONNECTION: - { - RsPeerDetails det; - if(!rsPeers->getPeerDetails(e.mSslId,det)) - return; - - addFeedItemIfUnique(new SecurityItem(this, NEWSFEED_SECLIST, det.gpg_id, e.mSslId, det.location, std::string(), RS_FEED_ITEM_SEC_AUTH_DENIED, false), true ); - } - break; - default: break; } } @@ -243,6 +233,12 @@ void NewsFeed::handleSecurityEvent(std::shared_ptr event) std::cerr << "NotifyQt: handling security event from (" << e.mSslId << "," << e.mPgpId << ") error code: " << e.mErrorCode << std::endl; uint flags = Settings->getNewsFeedFlags(); + if(e.mErrorCode == RsAuthSslConnectionAutenticationEvent::PEER_REFUSED_CONNECTION) + { + addFeedItemIfUnique(new PeerItem(this, NEWSFEED_PEERLIST, e.mSslId, PEER_TYPE_HELLO, false), true ); + return; + } + uint32_t FeedItemType=0; switch(e.mErrorCode) @@ -251,7 +247,7 @@ void NewsFeed::handleSecurityEvent(std::shared_ptr event) case RsAuthSslConnectionAutenticationEvent::MISMATCHED_PGP_ID: // fallthrough case RsAuthSslConnectionAutenticationEvent::MISSING_AUTHENTICATION_INFO: FeedItemType = RS_FEED_ITEM_SEC_BAD_CERTIFICATE; break; case RsAuthSslConnectionAutenticationEvent::PGP_SIGNATURE_VALIDATION_FAILED: FeedItemType = RS_FEED_ITEM_SEC_WRONG_SIGNATURE; break; - case RsAuthSslConnectionAutenticationEvent::NOT_A_FRIEND: FeedItemType = RS_FEED_ITEM_SEC_AUTH_DENIED; break; + case RsAuthSslConnectionAutenticationEvent::NOT_A_FRIEND: FeedItemType = RS_FEED_ITEM_SEC_CONNECT_ATTEMPT; break; case RsAuthSslConnectionAutenticationEvent::IP_IS_BLACKLISTED: FeedItemType = RS_FEED_ITEM_SEC_IP_BLACKLISTED; break; case RsAuthSslConnectionAutenticationEvent::MISSING_CERTIFICATE: FeedItemType = RS_FEED_ITEM_SEC_MISSING_CERTIFICATE; break;