aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/connection.c48
-rw-r--r--src/or/connection_or.c4
-rw-r--r--src/or/or.h1
3 files changed, 41 insertions, 12 deletions
diff --git a/src/or/connection.c b/src/or/connection.c
index 35f742180..825409de1 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -69,6 +69,8 @@ char *conn_state_to_string[][15] = {
/********* END VARIABLES ************/
static int connection_init_accepted_conn(connection_t *conn);
+static int connection_tls_continue_handshake(connection_t *conn);
+static int connection_tls_finish_handshake(connection_t *conn);
/**************************************************************/
@@ -282,20 +284,14 @@ int connection_tls_start_handshake(connection_t *conn) {
return 0;
}
-int connection_tls_continue_handshake(connection_t *conn) {
+static int connection_tls_continue_handshake(connection_t *conn) {
switch(tor_tls_handshake(conn->tls)) {
case TOR_TLS_ERROR:
case TOR_TLS_CLOSE:
log_fn(LOG_DEBUG,"tls error. breaking.");
return -1;
case TOR_TLS_DONE:
- conn->state = OR_CONN_STATE_OPEN;
- directory_set_dirty();
- connection_watch_events(conn, POLLIN);
- if(!options.OnionRouter)
- circuit_n_conn_open(conn); /* send the pending create */
- log_fn(LOG_DEBUG,"tls handshake done, now open.");
- return 0;
+ return connection_tls_finish_handshake(conn);
case TOR_TLS_WANTWRITE:
connection_start_writing(conn);
return 0;
@@ -304,6 +300,38 @@ int connection_tls_continue_handshake(connection_t *conn) {
}
return 0;
}
+
+static int connection_tls_finish_handshake(connection_t *conn) {
+ crypto_pk_env_t *pk;
+ routerinfo_t *router;
+
+ conn->state = OR_CONN_STATE_OPEN;
+ directory_set_dirty();
+ connection_watch_events(conn, POLLIN);
+ if(options.OnionRouter) { /* I'm an OR */
+ if(tor_tls_peer_has_cert(conn->tls)) { /* it's another OR */
+ pk = tor_tls_verify(conn->tls);
+ if(!pk) {
+ log_fn(LOG_INFO,"Other side has a cert but it's bad. Closing.");
+ return -1;
+ }
+ router = look up which router I just connected to. /* XXX */
+ conn->bandwidth = router->bandwidth;
+ conn->addr = router->addr, conn->port = router->or_port;
+ conn->pkey = crypto_pk_dup_key(router->pkey);
+ if(conn->address)
+ free(conn->address);
+ conn->address = strdup(router->address);
+ } else { /* it's an OP */
+ conn->bandwidth = DEFAULT_BANDWIDTH_OP;
+ }
+ } else { /* I'm a client */
+ conn->bandwidth = DEFAULT_BANDWIDTH_OP;
+ circuit_n_conn_open(conn); /* send the pending create */
+ }
+ log_fn(LOG_DEBUG,"tls handshake done, now open.");
+ return 0;
+}
#endif
/* start all connections that should be up but aren't */
@@ -481,8 +509,10 @@ int connection_handle_write(connection_t *conn) {
#ifdef USE_TLS
if(connection_speaks_cells(conn) && conn->state != OR_CONN_STATE_CONNECTING) {
- if(conn->state == OR_CONN_STATE_HANDSHAKING)
+ if(conn->state == OR_CONN_STATE_HANDSHAKING) {
+ connection_stop_writing(conn);
return connection_tls_continue_handshake(conn);
+ }
/* else open, or closing */
switch(flush_buf_tls(conn->tls, &conn->outbuf, &conn->outbuflen,
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 6250eba9a..231a62ac9 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -237,7 +237,7 @@ or_handshake_op_send_keys(connection_t *conn) {
assert(conn && conn->type == CONN_TYPE_OR);
- conn->bandwidth = DEFAULT_BANDWIDTH_OP; /* XXX USE_TLS */
+ conn->bandwidth = DEFAULT_BANDWIDTH_OP;
/* generate random keys */
if(crypto_cipher_generate_key(conn->f_crypto) ||
@@ -520,7 +520,7 @@ or_handshake_server_process_auth(connection_t *conn) {
crypto_cipher_set_key(conn->b_crypto,buf+14);
crypto_cipher_set_key(conn->f_crypto,buf+30);
- conn->bandwidth = router->bandwidth; /* XXX USE_TLS and below */
+ conn->bandwidth = router->bandwidth;
/* copy all relevant info to conn */
conn->addr = router->addr, conn->port = router->or_port;
diff --git a/src/or/or.h b/src/or/or.h
index 67bd0032e..0363cdff7 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -581,7 +581,6 @@ int connection_create_listener(struct sockaddr_in *bindaddr, int type);
int connection_handle_listener_read(connection_t *conn, int new_type);
int connection_tls_start_handshake(connection_t *conn);
-int connection_tls_continue_handshake(connection_t *conn);
/* start all connections that should be up but aren't */
int retry_all_connections(uint16_t or_listenport, uint16_t ap_listenport, uint16_t dir_listenport);