moved refused connect attempt event to RsAuthSslConnectionAuthentication

2025-06-27 23:57:38 -04:00 · 2019-12-05 23:43:38 +01:00 · 2019-12-05 23:43:38 +01:00 · bb10b82c8e
commit bb10b82c8e
parent c48aff44b2
5 changed files with 31 additions and 16 deletions
--- a/libretroshare/src/pqi/authssl.cc
+++ b/libretroshare/src/pqi/authssl.cc
@ -1298,7 +1298,15 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 			ev->mSslId = sslId;
 			ev->mSslCn = sslCn;
 			ev->mPgpId = pgpId;
-			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::PGP_SIGNATURE_VALIDATION_FAILED;
+
+            switch(auth_diagnostic)
+            {
+            case RS_SSL_HANDSHAKE_DIAGNOSTIC_ISSUER_UNKNOWN: ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::NOT_A_FRIEND; break;
+            case RS_SSL_HANDSHAKE_DIAGNOSTIC_WRONG_SIGNATURE: ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::PGP_SIGNATURE_VALIDATION_FAILED;break;
+			default:
+                ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::MISSING_AUTHENTICATION_INFO;break;
+            }
+
 			ev->mErrorMsg = errMsg;
 			rsEvents->postEvent(std::move(ev));
 		}
--- a/libretroshare/src/pqi/pqissl.cc
+++ b/libretroshare/src/pqi/pqissl.cc
@ -1108,6 +1108,16 @@ int pqissl::SSL_Connection_Complete()
 			return 0;
 		}

+        if(rsEvents)
+        {
+			auto ev = std::make_shared<RsAuthSslConnectionAutenticationEvent>();
+
+			X509 *x509 = SSL_get_peer_certificate(ssl_connection) ;
+
+			ev->mSslId = RsX509Cert::getCertSslId(*x509);
+			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::PEER_REFUSED_CONNECTION;
+			rsEvents->postEvent(ev);
+        }

 		std::string out;
 		rs_sprintf(out, "pqissl::SSL_Connection_Complete()\nIssues with SSL Connect(%d)!\n", err);
--- a/libretroshare/src/retroshare/rsevents.h
+++ b/libretroshare/src/retroshare/rsevents.h
@ -193,7 +193,8 @@ struct RsAuthSslConnectionAutenticationEvent : RsEvent
        NOT_A_FRIEND                    = 0x05,
        MISSING_CERTIFICATE             = 0x06,
        IP_IS_BLACKLISTED               = 0x07,
-        UNKNOWN_ERROR                   = 0x08,
+        PEER_REFUSED_CONNECTION         = 0x08,
+        UNKNOWN_ERROR                   = 0x09,
    };

 	RsPeerId mSslId;
@ -227,7 +228,6 @@ struct RsConnectionEvent : RsEvent
        UNKNOWN                 = 0x00,
        PEER_CONNECTED          = 0x01,
        PEER_DISCONNECTED       = 0x02,
-        PEER_REFUSED_CONNECTION = 0x03,
    };

    ConnectionType mConnectionType;
--- a/libretroshare/src/retroshare/rsnotify.h
+++ b/libretroshare/src/retroshare/rsnotify.h
@ -79,9 +79,10 @@ const uint32_t RS_FEED_ITEM_PEER_DISCONNECT         = RS_FEED_TYPE_PEER  | 0x000
 const uint32_t RS_FEED_ITEM_PEER_HELLO              = RS_FEED_TYPE_PEER  | 0x0003;
 const uint32_t RS_FEED_ITEM_PEER_NEW                = RS_FEED_TYPE_PEER  | 0x0004;
 const uint32_t RS_FEED_ITEM_PEER_OFFSET             = RS_FEED_TYPE_PEER  | 0x0005;
+const uint32_t RS_FEED_ITEM_PEER_DENIES_CONNEXION   = RS_FEED_TYPE_PEER  | 0x0006;

 const uint32_t RS_FEED_ITEM_SEC_CONNECT_ATTEMPT     = RS_FEED_TYPE_SECURITY  | 0x0001;
-const uint32_t RS_FEED_ITEM_SEC_AUTH_DENIED         = RS_FEED_TYPE_SECURITY  | 0x0002;
+const uint32_t RS_FEED_ITEM_SEC_AUTH_DENIED         = RS_FEED_TYPE_SECURITY  | 0x0002;	// locally denied connection
 const uint32_t RS_FEED_ITEM_SEC_UNKNOWN_IN          = RS_FEED_TYPE_SECURITY  | 0x0003;
 const uint32_t RS_FEED_ITEM_SEC_UNKNOWN_OUT         = RS_FEED_TYPE_SECURITY  | 0x0004;
 const uint32_t RS_FEED_ITEM_SEC_WRONG_SIGNATURE     = RS_FEED_TYPE_SECURITY  | 0x0005;