mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-24 15:09:33 -05:00
restrain ip list exchange in an attempt for bug solving
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2490 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
aa7bed984f
commit
da095482db
@ -2031,13 +2031,13 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
|||||||
|
|
||||||
if (preverify_ok) {
|
if (preverify_ok) {
|
||||||
|
|
||||||
|
|
||||||
//sslcert *cert = NULL;
|
//sslcert *cert = NULL;
|
||||||
std::string certId;
|
std::string certId;
|
||||||
getX509id(X509_STORE_CTX_get_current_cert(ctx), certId);
|
getX509id(X509_STORE_CTX_get_current_cert(ctx), certId);
|
||||||
if (!mConnMgr->isFriend(certId)) {
|
if (!mConnMgr->isFriend(certId)) {
|
||||||
//we've got a new ssl id
|
//we've got a new ssl id
|
||||||
preverify_ok = false;
|
preverify_ok = false;
|
||||||
|
mConnMgr->addFriend(certId, getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer));
|
||||||
}
|
}
|
||||||
|
|
||||||
//is the connection was initiated by us, then it was for a specific peer id wich is stored is in the context
|
//is the connection was initiated by us, then it was for a specific peer id wich is stored is in the context
|
||||||
@ -2046,7 +2046,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
|||||||
if (SSL_get_ex_data(ssl, AuthSSL::ex_data_ctx_index)) {
|
if (SSL_get_ex_data(ssl, AuthSSL::ex_data_ctx_index)) {
|
||||||
char *peer_id_in_context = (char*) SSL_get_ex_data(ssl, AuthSSL::ex_data_ctx_index);
|
char *peer_id_in_context = (char*) SSL_get_ex_data(ssl, AuthSSL::ex_data_ctx_index);
|
||||||
if (std::string(certId.c_str()) != std::string(peer_id_in_context)) {
|
if (std::string(certId.c_str()) != std::string(peer_id_in_context)) {
|
||||||
//the connection was asked for a given peer and get connected top another peer
|
//the connection was asked for a given peer and get connected to another peer
|
||||||
#ifdef AUTHSSL_DEBUG
|
#ifdef AUTHSSL_DEBUG
|
||||||
fprintf(stderr, "AuthSSL::VerifyX509Callback peer id in context not the same as cert, aborting connection.\n");
|
fprintf(stderr, "AuthSSL::VerifyX509Callback peer id in context not the same as cert, aborting connection.\n");
|
||||||
#endif
|
#endif
|
||||||
@ -2055,8 +2055,10 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
|||||||
//tranfer the ip address to the new peer
|
//tranfer the ip address to the new peer
|
||||||
peerConnectState detail;
|
peerConnectState detail;
|
||||||
if (mConnMgr->getFriendNetStatus(peer_id_in_context, detail)) {
|
if (mConnMgr->getFriendNetStatus(peer_id_in_context, detail)) {
|
||||||
mConnMgr->addFriend(certId, getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer));
|
//transfer ips only if the two peers got the same gpg key
|
||||||
mConnMgr->setAddressList(certId, detail.getIpAddressList());
|
if (detail.gpg_id == getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer)) {
|
||||||
|
mConnMgr->setAddressList(certId, detail.getIpAddressList());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
#ifdef AUTHSSL_DEBUG
|
#ifdef AUTHSSL_DEBUG
|
||||||
@ -2065,9 +2067,6 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//just to be sure
|
|
||||||
mConnMgr->addFriend(certId, getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer));
|
|
||||||
|
|
||||||
//set location
|
//set location
|
||||||
mConnMgr->setLocation(certId, getX509LocString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->subject));
|
mConnMgr->setLocation(certId, getX509LocString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->subject));
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user