[or-cvs] fix our tls handshake chain cert bug
Roger Dingledine
arma at seul.org
Wed Jul 21 22:11:13 UTC 2004
Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/common
Modified Files:
tortls.c
Log Message:
fix our tls handshake chain cert bug
Index: tortls.c
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.c,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -d -r1.61 -r1.62
--- tortls.c 21 Jul 2004 17:59:24 -0000 1.61
+++ tortls.c 21 Jul 2004 22:11:11 -0000 1.62
@@ -277,8 +277,8 @@
* should be NULL. Return -1 if failure, else 0.
*
* You can call this function multiple times. Each time you call it,
- * it generates new certificates; all new connections will be begin
- * with the new SSL context.
+ * it generates new certificates; all new connections will use
+ * the new SSL context.
*/
int
tor_tls_context_new(crypto_pk_env_t *identity,
@@ -652,6 +652,7 @@
STACK_OF(X509) *chain = NULL;
EVP_PKEY *id_pkey = NULL;
RSA *rsa;
+ int num_in_chain;
time_t now, t;
int r = -1, i;
@@ -661,12 +662,18 @@
goto done;
if (!(chain = SSL_get_peer_cert_chain(tls->ssl)))
goto done;
- if (sk_X509_num(chain) != 2) {
+ num_in_chain = sk_X509_num(chain);
+ log_fn(LOG_DEBUG,"Number of certs in chain: %d", num_in_chain);
+ /* 1 means we're receiving (server-side), and it's just the id_cert.
+ * 2 means we're connecting (client-side), and it's both the link
+ * cert and the id_cert.
+ */
+ if (num_in_chain < 1) {
log_fn(LOG_WARN,"Unexpected number of certificates in chain (%d)",
- sk_X509_num(chain));
+ num_in_chain);
goto done;
}
- for (i=0; i<2; ++i) {
+ for (i=0; i<num_in_chain; ++i) {
id_cert = sk_X509_value(chain, i);
if (X509_cmp(id_cert, cert) != 0)
break;
More information about the tor-commits
mailing list