restrain ip list exchange in an attempt for bug solving

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2490 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
joss17 2010-03-06 17:34:04 +00:00
parent aa7bed984f
commit da095482db

View File

@ -2031,13 +2031,13 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
if (preverify_ok) { if (preverify_ok) {
//sslcert *cert = NULL; //sslcert *cert = NULL;
std::string certId; std::string certId;
getX509id(X509_STORE_CTX_get_current_cert(ctx), certId); getX509id(X509_STORE_CTX_get_current_cert(ctx), certId);
if (!mConnMgr->isFriend(certId)) { if (!mConnMgr->isFriend(certId)) {
//we've got a new ssl id //we've got a new ssl id
preverify_ok = false; preverify_ok = false;
mConnMgr->addFriend(certId, getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer));
} }
//is the connection was initiated by us, then it was for a specific peer id wich is stored is in the context //is the connection was initiated by us, then it was for a specific peer id wich is stored is in the context
@ -2046,7 +2046,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
if (SSL_get_ex_data(ssl, AuthSSL::ex_data_ctx_index)) { if (SSL_get_ex_data(ssl, AuthSSL::ex_data_ctx_index)) {
char *peer_id_in_context = (char*) SSL_get_ex_data(ssl, AuthSSL::ex_data_ctx_index); char *peer_id_in_context = (char*) SSL_get_ex_data(ssl, AuthSSL::ex_data_ctx_index);
if (std::string(certId.c_str()) != std::string(peer_id_in_context)) { if (std::string(certId.c_str()) != std::string(peer_id_in_context)) {
//the connection was asked for a given peer and get connected top another peer //the connection was asked for a given peer and get connected to another peer
#ifdef AUTHSSL_DEBUG #ifdef AUTHSSL_DEBUG
fprintf(stderr, "AuthSSL::VerifyX509Callback peer id in context not the same as cert, aborting connection.\n"); fprintf(stderr, "AuthSSL::VerifyX509Callback peer id in context not the same as cert, aborting connection.\n");
#endif #endif
@ -2055,8 +2055,10 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
//tranfer the ip address to the new peer //tranfer the ip address to the new peer
peerConnectState detail; peerConnectState detail;
if (mConnMgr->getFriendNetStatus(peer_id_in_context, detail)) { if (mConnMgr->getFriendNetStatus(peer_id_in_context, detail)) {
mConnMgr->addFriend(certId, getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer)); //transfer ips only if the two peers got the same gpg key
mConnMgr->setAddressList(certId, detail.getIpAddressList()); if (detail.gpg_id == getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer)) {
mConnMgr->setAddressList(certId, detail.getIpAddressList());
}
} }
} else { } else {
#ifdef AUTHSSL_DEBUG #ifdef AUTHSSL_DEBUG
@ -2065,9 +2067,6 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
} }
} }
//just to be sure
mConnMgr->addFriend(certId, getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer));
//set location //set location
mConnMgr->setLocation(certId, getX509LocString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->subject)); mConnMgr->setLocation(certId, getX509LocString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->subject));