aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2003-10-19 00:47:03 +0000
committerNick Mathewson <nickm@torproject.org>2003-10-19 00:47:03 +0000
commit0142a568d30034088cabb67849e9c8828fb18318 (patch)
treeb5897618b9fafcf135b3520045a636c2b32ba278
parent0ec2a34a1d4ebbe8d3a3f7cc47402471f26d63d4 (diff)
downloadtor-0142a568d30034088cabb67849e9c8828fb18318.tar
tor-0142a568d30034088cabb67849e9c8828fb18318.tar.gz
Example code to get nickname from cert
svn:r628
-rw-r--r--src/or/connection_or.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index d3fd118e0..bdaf16e23 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -180,6 +180,7 @@ int connection_tls_continue_handshake(connection_t *conn) {
static int connection_tls_finish_handshake(connection_t *conn) {
crypto_pk_env_t *pk;
routerinfo_t *router;
+ char nickname[255];
conn->state = OR_CONN_STATE_OPEN;
directory_set_dirty();
@@ -187,6 +188,12 @@ static int connection_tls_finish_handshake(connection_t *conn) {
log_fn(LOG_DEBUG,"tls handshake done. verifying.");
if(options.OnionRouter) { /* I'm an OR */
if(tor_tls_peer_has_cert(conn->tls)) { /* it's another OR */
+ if (tor_tls_get_peer_cert_nickname(conn->tls, nickname, 256)) {
+ log_fn(LOG_WARN,"Other side (%s:%d) has a cert without a valid nickname. Closing.",
+ conn->address, conn->port);
+ return -1;
+ }
+ log_fn(LOG_DEBUG,"Other side claims to be \"%s\"",nickname);
pk = tor_tls_verify(conn->tls);
if(!pk) {
log_fn(LOG_WARN,"Other side (%s:%d) has a cert but it's invalid. Closing.",