Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-06-19 11:54:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

make it work without exchanging keys in p3disc

Browse source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2005 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
joss17 2010-01-13 21:02:39 +00:00
parent 7d0854fd90
commit d2a1084c27
2 changed files with 90 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

184
libretroshare/src/pqi/authssl.cc
View file

@ -49,8 +49,6 @@
/********************************************************************************/ /********************************************************************************/
/********************************************************************************/ /********************************************************************************/
static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx);
sslcert::sslcert(X509 *x509, std::string pid) sslcert::sslcert(X509 *x509, std::string pid)
{ {
certificate = x509; certificate = x509;
@ -414,7 +412,17 @@ bool AuthSSL::active()
// args: server cert, server private key, trusted certificates. // args: server cert, server private key, trusted certificates.
int AuthSSL::InitAuth(const char *cert_file, const char *priv_key_file, static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
#ifdef AUTHSSL_DEBUG
std::cerr << "static verify_x509_callback called.";
std::cerr << std::endl;
#endif
return AuthSSL::getAuthSSL()->VerifyX509Callback(preverify_ok, ctx);
}
int AuthSSL::InitAuth(const char *cert_file, const char *priv_key_file,
const char *passwd) const char *passwd)
{ {
#ifdef AUTHSSL_DEBUG #ifdef AUTHSSL_DEBUG
@ -476,11 +484,8 @@ static int initLib = 0;
if (x509 == NULL) if (x509 == NULL)
{ {
std::cerr << "AuthSSL::InitAuth() PEM_read_X509() Failed"; std::cerr << "AuthSSL::InitAuth() PEM_read_X509() Failed";
std::cerr << std::endl; std::cerr << std::endl;
#ifdef AUTHSSL_DEBUG
#endif
return -1; return -1;
} }
SSL_CTX_use_certificate(sslctx, x509); SSL_CTX_use_certificate(sslctx, x509);
@ -499,10 +504,8 @@ static int initLib = 0;
if (pkey == NULL) if (pkey == NULL)
{ {
std::cerr << "AuthSSL::InitAuth() PEM_read_PrivateKey() Failed"; std::cerr << "AuthSSL::InitAuth() PEM_read_PrivateKey() Failed";
std::cerr << std::endl; std::cerr << std::endl;
#ifdef AUTHSSL_DEBUG
#endif
return -1; return -1;
} }
SSL_CTX_use_PrivateKey(sslctx, pkey); SSL_CTX_use_PrivateKey(sslctx, pkey);
@ -1986,7 +1989,7 @@ bool AuthSSL::AuthX509(X509 *x509)
int sigoutl=0,sigoutll=0; int sigoutl=0,sigoutll=0;
X509_ALGOR *a; X509_ALGOR *a;
fprintf(stderr, "GPGAuthMgr::AuthX509()\n"); fprintf(stderr, "AuthSSL::AuthX509()\n");
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
@ -2005,13 +2008,12 @@ bool AuthSSL::AuthX509(X509 *x509)
std::cerr << " SigOut: " << sigoutl; std::cerr << " SigOut: " << sigoutl;
std::cerr << std::endl; std::cerr << std::endl;
if ((buf_in == NULL) || (buf_hashout == NULL) || (buf_sigout == NULL)) if ((buf_in == NULL) || (buf_hashout == NULL) || (buf_sigout == NULL)) {
{
hashoutl=0; hashoutl=0;
sigoutl=0; sigoutl=0;
fprintf(stderr, "GPGAuthMgr::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n"); fprintf(stderr, "AuthSSL::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n");
goto err; goto err;
} }
p=buf_in; p=buf_in;
std::cerr << "Buffers Allocated" << std::endl; std::cerr << "Buffers Allocated" << std::endl;
@ -2024,7 +2026,7 @@ bool AuthSSL::AuthX509(X509 *x509)
(unsigned int *)&hashoutl)) (unsigned int *)&hashoutl))
{ {
hashoutl=0; hashoutl=0;
fprintf(stderr, "GPGAuthMgr::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB)\n"); fprintf(stderr, "AuthSSL::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB)\n");
goto err; goto err;
} }
@ -2035,8 +2037,7 @@ bool AuthSSL::AuthX509(X509 *x509)
memmove(buf_sigout, signature->data, sigoutl); memmove(buf_sigout, signature->data, sigoutl);
/* NOW Sign via GPG Functions */ /* NOW Sign via GPG Functions */
if (!AuthGPG::getAuthGPG()->VerifySignBin(buf_hashout, hashoutl, buf_sigout, (unsigned int) sigoutl)) if (!AuthGPG::getAuthGPG()->VerifySignBin(buf_hashout, hashoutl, buf_sigout, (unsigned int) sigoutl)) {
{
sigoutl = 0; sigoutl = 0;
goto err; goto err;
} }
@ -2152,94 +2153,87 @@ int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
return(strlen(buf)); return(strlen(buf));
} }
static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
return AuthSSL::getAuthSSL()->VerifyX509Callback(preverify_ok, ctx);
}
int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx) int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
{ {
char buf[256]; char buf[256];
X509 *err_cert; X509 *err_cert;
int err, depth; int err, depth;
//SSL *ssl;
//mydata_t *mydata;
err_cert = X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
#ifdef AUTHSSL_DEBUG err_cert = X509_STORE_CTX_get_current_cert(ctx);
std::cerr << "AuthSSL::VerifyX509Callback(preverify_ok: " << preverify_ok err = X509_STORE_CTX_get_error(ctx);
<< " Err: " << err << " Depth: " << depth; depth = X509_STORE_CTX_get_error_depth(ctx);
std::cerr << std::endl;
#endif std::cerr << "AuthSSL::VerifyX509Callback(preverify_ok: " << preverify_ok
<< " Err: " << err << " Depth: " << depth;
/* std::cerr << std::endl;
* Retrieve the pointer to the SSL of the connection currently treated
* and the application specific data stored into the SSL object. /*
*/ * Retrieve the pointer to the SSL of the connection currently treated
//ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); * and the application specific data stored into the SSL object.
//mydata = SSL_get_ex_data(ssl, mydata_index); */
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
std::cerr << "AuthSSL::VerifyX509Callback: depth: " << depth << ":" << buf; std::cerr << "AuthSSL::VerifyX509Callback: depth: " << depth << ":" << buf;
std::cerr << std::endl; std::cerr << std::endl;
// X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT if (!preverify_ok) {
// X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN fprintf(stderr, "Verify error:num=%d:%s:depth=%d:%s\n", err,
// X509_verify_cert_error_string(err), depth, buf);
// We accept self signed certificates. }
if (!preverify_ok && (depth == 0) && (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT))
{
std::cerr << "AuthSSL::VerifyX509Callback() Accepting SELF_SIGNED_CERT";
std::cerr << std::endl;
preverify_ok = 1;
}
if (!preverify_ok) { /*
fprintf(stderr, "Verify error:num=%d:%s:depth=%d:%s\n", err, * At this point, err contains the last verification error. We can use
X509_verify_cert_error_string(err), depth, buf); * it for something special
} */
#if 0 if (!preverify_ok)
else if (mydata->verbose_mode) {
{ if ((err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
printf("depth=%d:%s\n", depth, buf); (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY))
} {
#endif X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
printf("issuer= %s\n", buf);
/*
* At this point, err contains the last verification error. We can use
* it for something special
*/
if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
{
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
printf("issuer= %s\n", buf);
}
#if 0
if (mydata->always_continue)
return 1;
else
return preverify_ok;
#endif
return preverify_ok;
fprintf(stderr, "Doing REAL PGP Certificates\n");
/* do the REAL Authentication */
if (!AuthX509(X509_STORE_CTX_get_current_cert(ctx)))
{
return false;
}
std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
if (!AuthGPG::getAuthGPG()->isPGPAuthenticated(pgpid))
{
return false;
}
preverify_ok = true;
}
else if ((err == X509_V_ERR_CERT_UNTRUSTED) ||
(err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
{
std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
if (!AuthGPG::getAuthGPG()->isPGPAuthenticated(pgpid))
{
return false;
}
preverify_ok = true;
}
}
else
{
fprintf(stderr, "Failing Normal Certificate!!!\n");
preverify_ok = false;
}
if (preverify_ok) {
fprintf(stderr, "AuthSSL::VerifyX509Callback returned true.\n");
} else {
fprintf(stderr, "AuthSSL::VerifyX509Callback returned false.\n");
}
return preverify_ok;
} }
// Not dependent on sslroot. load, and detroys the X509 memory. // Not dependent on sslroot. load, and detroys the X509 memory.
int LoadCheckX509andGetName(const char *cert_file, std::string &userName, std::string &userId) int LoadCheckX509andGetName(const char *cert_file, std::string &userName, std::string &userId)

6
libretroshare/src/services/p3disc.cc
View file

@ -292,11 +292,7 @@ void p3disc::respondToPeer(std::string id)
/* send issuer certs ... only do this for friends at initial connections, /* send issuer certs ... only do this for friends at initial connections,
no need to do with onlineId list. no need to do with onlineId list.
*/ */
#ifdef RS_USE_PGPSSL
sendPeerIssuer(id, *it); sendPeerIssuer(id, *it);
#endif
sendPeerDetails(id, *it); /* (dest (to), source (cert)) */ sendPeerDetails(id, *it); /* (dest (to), source (cert)) */
} }
} }
@ -804,7 +800,7 @@ void p3disc::recvPeerIssuerMsg(RsDiscIssuer *item)
/* load certificate */ /* load certificate */
std::string peerId; std::string peerId;
bool loaded = AuthSSL::getAuthSSL()->LoadCertificateFromString(item->issuerCert, peerId); //bool loaded = AuthSSL::getAuthSSL()->LoadCertificateFromString(item->issuerCert, peerId);
/* cleanup (handled by caller) */ /* cleanup (handled by caller) */