[or-cvs] if we"re a server and some peer has a broken tls certificat...
arma at seul.org
arma at seul.org
Fri May 26 16:32:16 UTC 2006
Update of /home2/or/cvsroot/tor/src/common
In directory moria:/home/arma/work/onion/cvs/tor/src/common
Modified Files:
tortls.c tortls.h
Log Message:
if we're a server and some peer has a broken tls certificate, don't
shout about it unless we want to hear about protocol violations.
Index: tortls.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/common/tortls.c,v
retrieving revision 1.119
retrieving revision 1.120
diff -u -p -d -r1.119 -r1.120
--- tortls.c 24 May 2006 00:21:55 -0000 1.119
+++ tortls.c 26 May 2006 16:32:14 -0000 1.120
@@ -648,7 +648,8 @@ tor_tls_peer_has_cert(tor_tls_t *tls)
* NUL-terminate. Return 0 on success, -1 on failure.
*/
int
-tor_tls_get_peer_cert_nickname(tor_tls_t *tls, char *buf, size_t buflen)
+tor_tls_get_peer_cert_nickname(int severity, tor_tls_t *tls,
+ char *buf, size_t buflen)
{
X509 *cert = NULL;
X509_NAME *name = NULL;
@@ -657,11 +658,11 @@ tor_tls_get_peer_cert_nickname(tor_tls_t
int r = -1;
if (!(cert = SSL_get_peer_certificate(tls->ssl))) {
- log_warn(LD_PROTOCOL, "Peer has no certificate");
+ log_fn(severity, LD_PROTOCOL, "Peer has no certificate");
goto error;
}
if (!(name = X509_get_subject_name(cert))) {
- log_warn(LD_PROTOCOL, "Peer certificate has no subject name");
+ log_fn(severity, LD_PROTOCOL, "Peer certificate has no subject name");
goto error;
}
if ((nid = OBJ_txt2nid("commonName")) == NID_undef)
@@ -671,12 +672,13 @@ tor_tls_get_peer_cert_nickname(tor_tls_t
if (lenout == -1)
goto error;
if (((int)strspn(buf, LEGAL_NICKNAME_CHARACTERS)) < lenout) {
- log_warn(LD_PROTOCOL,
- "Peer certificate nickname %s has illegal characters.",
- escaped(buf));
+ log_fn(severity, LD_PROTOCOL,
+ "Peer certificate nickname %s has illegal characters.",
+ escaped(buf));
if (strchr(buf, '.'))
- log_warn(LD_PROTOCOL, " (Maybe it is not really running Tor at its "
- "advertised OR port.)");
+ log_fn(severity, LD_PROTOCOL,
+ " (Maybe it is not really running Tor at its "
+ "advertised OR port.)");
goto error;
}
@@ -686,7 +688,7 @@ tor_tls_get_peer_cert_nickname(tor_tls_t
if (cert)
X509_free(cert);
- tls_log_errors(LOG_WARN, "getting peer certificate nickname");
+ tls_log_errors(severity, "getting peer certificate nickname");
return r;
}
Index: tortls.h
===================================================================
RCS file: /home2/or/cvsroot/tor/src/common/tortls.h,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -p -d -r1.33 -r1.34
--- tortls.h 9 Feb 2006 05:46:48 -0000 1.33
+++ tortls.h 26 May 2006 16:32:14 -0000 1.34
@@ -32,7 +32,8 @@ tor_tls_t *tor_tls_new(int sock, int is_
int tor_tls_is_server(tor_tls_t *tls);
void tor_tls_free(tor_tls_t *tls);
int tor_tls_peer_has_cert(tor_tls_t *tls);
-int tor_tls_get_peer_cert_nickname(tor_tls_t *tls, char *buf, size_t buflen);
+int tor_tls_get_peer_cert_nickname(int severity, tor_tls_t *tls,
+ char *buf, size_t buflen);
int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_env_t **identity);
int tor_tls_check_lifetime(tor_tls_t *tls, int tolerance);
int tor_tls_read(tor_tls_t *tls, char *cp, size_t len);
More information about the tor-commits
mailing list