removed set/get CurrentConnectionAttemptInfo because it was both prone to error and useless

2025-01-14 00:49:41 -05:00 · 2019-12-05 22:12:36 +01:00 · 2019-12-05 22:12:36 +01:00 · c48aff44b2
commit c48aff44b2
parent 324e7e802e
4 changed files with 35 additions and 46 deletions
--- a/libretroshare/src/pqi/authssl.cc
+++ b/libretroshare/src/pqi/authssl.cc
@ -1219,6 +1219,7 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 		if(rsEvents)
 		{
 			ev->mSslCn = sslCn;
+			ev->mSslId = sslId;
 			ev->mPgpId = pgpId;
 			ev->mErrorMsg = errMsg;
 			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::MISSING_AUTHENTICATION_INFO;
@ -1305,6 +1306,8 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 		return verificationFailed;
 	}

+    std::cerr << "******* VerifyX509Callback cert: " << std::hex << ctx->cert <<std::dec << std::endl;
+
 	if ( !isSslOnlyFriend && pgpId != AuthGPG::getAuthGPG()->getGPGOwnId() && !AuthGPG::getAuthGPG()->isGPGAccepted(pgpId) )
 	{
 		std::string errMsg = "Connection attempt signed by PGP key id: " +
@ -1326,7 +1329,7 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 		return verificationFailed;
 	}

-	setCurrentConnectionAttemptInfo(pgpId, sslId, sslCn);
+	//setCurrentConnectionAttemptInfo(pgpId, sslId, sslCn);
 	LocalStoreCert(x509Cert);

 	RsInfo() << __PRETTY_FUNCTION__ << " authentication successfull for "
@ -1590,24 +1593,24 @@ bool    AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
 /********************************************************************************/
 /********************************************************************************/

-void AuthSSLimpl::setCurrentConnectionAttemptInfo(const RsPgpId& gpg_id,const RsPeerId& ssl_id,const std::string& ssl_cn)
-{
-#ifdef AUTHSSL_DEBUG
-	std::cerr << "AuthSSL: registering connection attempt from:" << std::endl;
-	std::cerr << "    GPG id: " << gpg_id << std::endl;
-	std::cerr << "    SSL id: " << ssl_id << std::endl;
-	std::cerr << "    SSL cn: " << ssl_cn << std::endl;
-#endif
-	_last_gpgid_to_connect = gpg_id ;
-	_last_sslid_to_connect = ssl_id ;
-	_last_sslcn_to_connect = ssl_cn ;
-}
-void AuthSSLimpl::getCurrentConnectionAttemptInfo(RsPgpId& gpg_id,RsPeerId& ssl_id,std::string& ssl_cn)
-{
-	gpg_id = _last_gpgid_to_connect ;
-	ssl_id = _last_sslid_to_connect ;
-	ssl_cn = _last_sslcn_to_connect ;
-}
+// void AuthSSLimpl::setCurrentConnectionAttemptInfo(const RsPgpId& gpg_id,const RsPeerId& ssl_id,const std::string& ssl_cn)
+// {
+// #ifdef AUTHSSL_DEBUG
+// 	std::cerr << "AuthSSL: registering connection attempt from:" << std::endl;
+// 	std::cerr << "    GPG id: " << gpg_id << std::endl;
+// 	std::cerr << "    SSL id: " << ssl_id << std::endl;
+// 	std::cerr << "    SSL cn: " << ssl_cn << std::endl;
+// #endif
+// 	_last_gpgid_to_connect = gpg_id ;
+// 	_last_sslid_to_connect = ssl_id ;
+// 	_last_sslcn_to_connect = ssl_cn ;
+// }
+// void AuthSSLimpl::getCurrentConnectionAttemptInfo(RsPgpId& gpg_id,RsPeerId& ssl_id,std::string& ssl_cn)
+// {
+// 	gpg_id = _last_gpgid_to_connect ;
+// 	ssl_id = _last_sslid_to_connect ;
+// 	ssl_cn = _last_sslcn_to_connect ;
+// }

 /* Locked search -> internal help function */
 bool AuthSSLimpl::locked_FindCert(const RsPeerId& id, X509** cert)
--- a/libretroshare/src/pqi/authssl.h
+++ b/libretroshare/src/pqi/authssl.h
@ -137,11 +137,11 @@ public:
 	/// SSL specific functions used in pqissl/pqissllistener
 	virtual SSL_CTX* getCTX() = 0;

-	virtual void setCurrentConnectionAttemptInfo(
-	        const RsPgpId& gpg_id, const RsPeerId& ssl_id,
-	        const std::string& ssl_cn ) = 0;
-	virtual void getCurrentConnectionAttemptInfo(
-	        RsPgpId& gpg_id, RsPeerId& ssl_id, std::string& ssl_cn ) = 0;
+//	virtual void setCurrentConnectionAttemptInfo(
+//	        const RsPgpId& gpg_id, const RsPeerId& ssl_id,
+//	        const std::string& ssl_cn ) = 0;
+//	virtual void getCurrentConnectionAttemptInfo(
+//	        RsPgpId& gpg_id, RsPeerId& ssl_id, std::string& ssl_cn ) = 0;


 	/**
@ -231,11 +231,11 @@ public:
 	SSL_CTX* getCTX() override;

 	/* Restored these functions: */
-	void setCurrentConnectionAttemptInfo(
-	        const RsPgpId& gpg_id, const RsPeerId& ssl_id,
-	        const std::string& ssl_cn ) override;
-	void getCurrentConnectionAttemptInfo(
-	        RsPgpId& gpg_id, RsPeerId& ssl_id, std::string& ssl_cn ) override;
+//	void setCurrentConnectionAttemptInfo(
+//	        const RsPgpId& gpg_id, const RsPeerId& ssl_id,
+//	        const std::string& ssl_cn ) override;
+//	void getCurrentConnectionAttemptInfo(
+//	        RsPgpId& gpg_id, RsPeerId& ssl_id, std::string& ssl_cn ) override;


 private:
--- a/libretroshare/src/pqi/pqissllistener.cc
+++ b/libretroshare/src/pqi/pqissllistener.cc
@ -424,23 +424,8 @@ int	pqissllistenbase::continueSSL(IncomingSSLInfo& incoming_connexion_info, bool
 {
 	// attempt the accept again.
    int fd =  SSL_get_fd(incoming_connexion_info.ssl);
-
-    AuthSSL::getAuthSSL()->setCurrentConnectionAttemptInfo(RsPgpId(),RsPeerId(),std::string()) ;
    int err = SSL_accept(incoming_connexion_info.ssl);

-    // Now grab the connection info that was filled in by the callback.
-    // In the case the callback did not succeed the SSL certificate will not be accessible
-    // from SSL_get_peer_certificate, so we need to get it from the callback system.
-    //
-    AuthSSL::getAuthSSL()->getCurrentConnectionAttemptInfo(incoming_connexion_info.gpgid,incoming_connexion_info.sslid,incoming_connexion_info.sslcn) ;
-
-#ifdef DEBUG_LISTENNER
-    std::cerr << "Info from callback: " << std::endl;
-        std::cerr << "  Got PGP Id = " << incoming_connexion_info.gpgid << std::endl;
-        std::cerr << "  Got SSL Id = " << incoming_connexion_info.sslid << std::endl;
-        std::cerr << "  Got SSL CN = " << incoming_connexion_info.sslcn << std::endl;
-#endif
-
    if (err <= 0)
 	{
 		int ssl_err = SSL_get_error(incoming_connexion_info.ssl, err);
@ -519,7 +504,8 @@ int	pqissllistenbase::continueSSL(IncomingSSLInfo& incoming_connexion_info, bool
 		incoming_connexion_info.sslcn = RsX509Cert::getCertName(*x509);
 		incoming_connexion_info.sslid = RsX509Cert::getCertSslId(*x509);

-#ifdef DEBUG_LISTENNER
+#ifndef DEBUG_LISTENNER
+        std::cerr << "ContinueSSL:" << std::endl;
        std::cerr << "  Got PGP Id = " << incoming_connexion_info.gpgid << std::endl;
        std::cerr << "  Got SSL Id = " << incoming_connexion_info.sslid << std::endl;
        std::cerr << "  Got SSL CN = " << incoming_connexion_info.sslcn << std::endl;
--- a/retroshare-gui/src/gui/NewsFeed.cpp
+++ b/retroshare-gui/src/gui/NewsFeed.cpp
@ -262,7 +262,7 @@ void NewsFeed::handleSecurityEvent(std::shared_ptr<const RsEvent> event)
    RsPeerDetails det;
 	rsPeers->getPeerDetails(e.mSslId,det) || rsPeers->getGPGDetails(e.mPgpId,det);

-	addFeedItemIfUnique(new SecurityItem(this, NEWSFEED_SECLIST, det.gpg_id, det.id, det.location, e.mLocator.toString(), FeedItemType, false), true );
+	addFeedItemIfUnique(new SecurityItem(this, NEWSFEED_SECLIST, e.mPgpId, e.mSslId, det.location, e.mLocator.toString(), FeedItemType, false), true );

 	if (Settings->getMessageFlags() & RS_MESSAGE_CONNECT_ATTEMPT)
 		MessageComposer::addConnectAttemptMsg(e.mPgpId, e.mSslId, QString::fromStdString(det.name + "(" + det.location + ")"));