diff options
| author | Nick Mathewson <nickm@torproject.org> | 2004-04-24 22:17:50 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2004-04-24 22:17:50 +0000 |
| commit | c44016e86ec8dfd9147b2ca58e5277cb03a92561 (patch) | |
| tree | 98002278cf00e6c9373e96deb245e6661f890b8d /src/or/connection_or.c | |
| parent | 83081f5ad6fd3fd4450ce4f5a84c2873f5c4123b (diff) | |
| download | tor-c44016e86ec8dfd9147b2ca58e5277cb03a92561.tar tor-c44016e86ec8dfd9147b2ca58e5277cb03a92561.tar.gz | |
Merge flagday into main branch.
svn:r1683
Diffstat (limited to 'src/or/connection_or.c')
| -rw-r--r-- | src/or/connection_or.c | 40 |
1 files changed, 15 insertions, 25 deletions
diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 5e122c848..a68c87042 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -84,7 +84,6 @@ void connection_or_init_conn_from_router(connection_t *conn, routerinfo_t *route conn->port = router->or_port; conn->receiver_bucket = conn->bandwidth = router->bandwidthburst; conn->onion_pkey = crypto_pk_dup_key(router->onion_pkey); - conn->link_pkey = crypto_pk_dup_key(router->link_pkey); conn->identity_pkey = crypto_pk_dup_key(router->identity_pkey); conn->nickname = tor_strdup(router->nickname); tor_free(conn->address); @@ -178,7 +177,6 @@ int connection_tls_continue_handshake(connection_t *conn) { } static int connection_tls_finish_handshake(connection_t *conn) { - crypto_pk_env_t *pk; routerinfo_t *router; char nickname[MAX_NICKNAME_LEN+1]; connection_t *c; @@ -203,42 +201,34 @@ static int connection_tls_finish_handshake(connection_t *conn) { return -1; } log_fn(LOG_DEBUG, "Other side claims to be '%s'", nickname); - pk = tor_tls_verify(conn->tls); - if(!pk) { - log_fn(LOG_WARN,"Other side '%s' (%s:%d) has a cert but it's invalid. Closing.", - nickname, conn->address, conn->port); + router = router_get_by_nickname(nickname); + if (!router) { + log_fn(LOG_INFO, "Unrecognized router with nickname '%s'", nickname); return -1; } - router = router_get_by_link_pk(pk); - if (!router) { - log_fn(LOG_INFO,"Unrecognized public key from peer '%s' (%s:%d). Closing.", + if(tor_tls_verify(conn->tls, router->identity_pkey)<0) { + log_fn(LOG_WARN,"Other side '%s' (%s:%d) has a cert but it's invalid. Closing.", nickname, conn->address, conn->port); - crypto_free_pk_env(pk); return -1; } - if(conn->link_pkey) { /* I initiated this connection. */ - if(crypto_pk_cmp_keys(conn->link_pkey, pk)) { - log_fn(LOG_WARN,"We connected to '%s' (%s:%d) but he gave us a different key. Closing.", - nickname, conn->address, conn->port); - crypto_free_pk_env(pk); + log_fn(LOG_DEBUG,"The router's cert is valid."); + + if (conn->nickname) { + /* I initiated this connection. */ + if (strcmp(conn->nickname, nickname)) { + log_fn(options.DirPort ? LOG_WARN : LOG_INFO, + "Other side is '%s', but we tried to connect to '%s'", + nickname, conn->nickname); return -1; } - log_fn(LOG_DEBUG,"The router's pk matches the one we meant to connect to. Good."); } else { if((c=connection_exact_get_by_addr_port(router->addr,router->or_port))) { log_fn(LOG_INFO,"Router %s is already connected on fd %d. Dropping fd %d.", router->nickname, c->s, conn->s); - crypto_free_pk_env(pk); return -1; } - connection_or_init_conn_from_router(conn, router); - } - crypto_free_pk_env(pk); - if (strcmp(conn->nickname, nickname)) { - log_fn(options.DirPort ? LOG_WARN : LOG_INFO, - "Other side claims to be '%s', but we expected '%s'", - nickname, conn->nickname); - return -1; + connection_or_init_conn_from_router(conn,router); } + if (!options.ORPort) { /* If I'm an OP... */ conn->receiver_bucket = conn->bandwidth = DEFAULT_BANDWIDTH_OP; } |