diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc index fad4342e6..dee185381 100644 --- a/libretroshare/src/pqi/authssl.cc +++ b/libretroshare/src/pqi/authssl.cc @@ -2320,6 +2320,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx) if (mConnMgr->getFriendNetStatus(certId, detail)) { if (detail.state & RS_PEER_CONNECTED && !(detail.connecttype & RS_NET_CONN_TUNNEL)) { fprintf(stderr, "AuthSSL::VerifyX509Callback this peer is already connected, refuse a new connection."); + preverify_ok = false; } } diff --git a/libretroshare/src/pqi/pqissl.cc b/libretroshare/src/pqi/pqissl.cc index 7615ff2de..5809081f2 100644 --- a/libretroshare/src/pqi/pqissl.cc +++ b/libretroshare/src/pqi/pqissl.cc @@ -1124,6 +1124,16 @@ int pqissl::Authorise_SSL_Connection() reset(); return -1; } + std::string certPeerId; + getX509id(peercert, certPeerId); + if (certPeerId != PeerId()) { + rslog(RSL_WARNING, pqisslzone, + "pqissl::Authorise_SSL_Connection() the cert Id doesn't match the Peer id we're trying to connect to."); + + // Failed completely + reset(); + return -1; + } rslog(RSL_DEBUG_BASIC, pqisslzone, "pqissl::Authorise_SSL_Connection() Have Peer Cert"); diff --git a/libretroshare/src/pqi/pqissllistener.cc b/libretroshare/src/pqi/pqissllistener.cc index 0e4b0da1d..523bcd532 100644 --- a/libretroshare/src/pqi/pqissllistener.cc +++ b/libretroshare/src/pqi/pqissllistener.cc @@ -659,7 +659,14 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem if (it -> first == newPeerId) { out << "\t\tMatch!"; - found = true; + //check if peer is not already connected + peerConnectState pcs; + if (mConnMgr->getFriendNetStatus(newPeerId, pcs) && (pcs.state & RS_PEER_CONNECTED && !(pcs.connecttype & RS_NET_CONN_TUNNEL))) { + out << "\t\tPeer is already connected !"; + break; + } else { + found = true; + } } else {