diff options
| author | Nick Mathewson <nickm@torproject.org> | 2004-11-10 20:14:37 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2004-11-10 20:14:37 +0000 |
| commit | 954570486f6d468e9e88415d728965daae62094b (patch) | |
| tree | 2d222365301f020c6874694e2e77b8393c0f5578 /src/or/connection_or.c | |
| parent | 35d0d3c050f3ce1290792f1a2906b8b29941c66d (diff) | |
| download | tor-954570486f6d468e9e88415d728965daae62094b.tar.gz tor-954570486f6d468e9e88415d728965daae62094b.zip | |
Resolve a FIXME: use identity comparison, not nickname comparison, to
choose circuit ID types. This is important because our view of "the
nickname of the router on the other side of this connection" is
skewed, and depends on whether we think the other rotuer is
verified--and there's no way to know whether another router thinks you
are verified.
For backward compatibility, we notice when the other router chooses
the same circuit ID type as us (because it's running an old version),
and switch our type to be polite.
svn:r2797
Diffstat (limited to 'src/or/connection_or.c')
| -rw-r--r-- | src/or/connection_or.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 98dc8803bc..1b419e5570 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -339,7 +339,7 @@ connection_tls_finish_handshake(connection_t *conn) { conn->state = OR_CONN_STATE_OPEN; connection_watch_events(conn, POLLIN); log_fn(LOG_DEBUG,"tls handshake done. verifying."); - if (! tor_tls_peer_has_cert(conn->tls)) { /* It's an OP. */ + if (! tor_tls_peer_has_cert(conn->tls)) { /* It's an old OP. */ if (server_mode(options)) { /* I'm an OR; good. */ conn->receiver_bucket = conn->bandwidth = DEFAULT_BANDWIDTH_OP; return 0; @@ -348,7 +348,7 @@ connection_tls_finish_handshake(connection_t *conn) { return -1; } } - /* Okay; the other side is an OR. */ + /* Okay; the other side is an OR or a post-0.0.8 OP (with a cert). */ if (tor_tls_get_peer_cert_nickname(conn->tls, nickname, MAX_NICKNAME_LEN)) { log_fn(LOG_WARN,"Other side (%s:%d) has a cert without a valid nickname. Closing.", conn->address, conn->port); @@ -366,6 +366,12 @@ connection_tls_finish_handshake(connection_t *conn) { crypto_pk_get_digest(identity_rcvd, digest_rcvd); crypto_free_pk_env(identity_rcvd); + if (crypto_pk_cmp_keys(get_identity_key(), identity_rcvd)<0) { + conn->circ_id_type = CIRC_ID_TYPE_LOWER; + } else { + conn->circ_id_type = CIRC_ID_TYPE_HIGHER; + } + router = router_get_by_nickname(nickname); if(router && /* we know this nickname */ router->is_verified && /* make sure it's the right guy */ @@ -394,6 +400,7 @@ connection_tls_finish_handshake(connection_t *conn) { if (!server_mode(options)) { /* If I'm an OP... */ conn->receiver_bucket = conn->bandwidth = DEFAULT_BANDWIDTH_OP; } + directory_set_dirty(); circuit_n_conn_done(conn, 1); /* send the pending creates, if any. */ /* Note the success */ |