summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-02-06 21:53:13 +0000
committerNick Mathewson <nickm@torproject.org>2008-02-06 21:53:13 +0000
commit46b1a21dc49c83e57e7d8e6a90968fc908e739f8 (patch)
tree16207dc36f00b6394187cfd2cdd1129f6fa41518 /src/or
parent46532d8111b9842aee8f0b600a1d1abd0ae53a9f (diff)
downloadtor-46b1a21dc49c83e57e7d8e6a90968fc908e739f8.tar.gz
tor-46b1a21dc49c83e57e7d8e6a90968fc908e739f8.zip
r17955@catbus: nickm | 2008-02-06 16:53:07 -0500
The SSL portion of the revised handshake now seems to work: I just finally got a client and a server to negotiate versions. Now to make sure certificate verification is really happening, connections are getting opened, etc. svn:r13409
Diffstat (limited to 'src/or')
-rw-r--r--src/or/command.c2
-rw-r--r--src/or/connection_or.c14
2 files changed, 13 insertions, 3 deletions
diff --git a/src/or/command.c b/src/or/command.c
index 6dae387a6f..5765431d77 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -476,6 +476,8 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
conn->link_proto = highest_supported_version;
conn->handshake_state->received_versions = 1;
+ // log_notice(LD_OR, "Negotiated version %d", highest_supported_version);
+
if (highest_supported_version >= 2) {
if (connection_or_send_netinfo(conn) < 0) {
connection_mark_for_close(TO_CONN(conn));
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index b8f16a6466..3f547a8fc1 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -588,6 +588,7 @@ connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn)
if (connection_tls_finish_handshake(conn) < 0) {
/* XXXX_TLS double-check that it's ok to do this from inside read. */
+ /* XXXX_TLS double-check that this verifies certificates. */
connection_mark_for_close(TO_CONN(conn));
}
@@ -609,11 +610,15 @@ connection_tls_continue_handshake(or_connection_t *conn)
int result;
check_no_tls_errors();
again:
- if (conn->_base.state == OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING)
+ if (conn->_base.state == OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING) {
+ // log_notice(LD_OR, "Renegotiate with %p", conn->tls);
result = tor_tls_renegotiate(conn->tls);
- else {
+ // log_notice(LD_OR, "Result: %d", result);
+ } else {
tor_assert(conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING);
+ // log_notice(LD_OR, "Continue handshake with %p", conn->tls);
result = tor_tls_handshake(conn->tls);
+ // log_notice(LD_OR, "Result: %d", result);
}
switch (result) {
CASE_TOR_TLS_ERROR_ANY:
@@ -624,9 +629,11 @@ connection_tls_continue_handshake(or_connection_t *conn)
if (! tor_tls_used_v1_handshake(conn->tls)) {
if (!tor_tls_is_server(conn->tls)) {
if (conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING) {
+ // log_notice(LD_OR,"Done. state was TLS_HANDSHAKING.");
conn->_base.state = OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING;
goto again;
}
+ // log_notice(LD_OR,"Done. state was %d.", conn->_base.state);
} else {
/* improved handshake, but not a client. */
tor_tls_set_renegotiate_callback(conn->tls,
@@ -835,7 +842,8 @@ connection_tls_finish_handshake(or_connection_t *conn)
char digest_rcvd[DIGEST_LEN];
int started_here = connection_or_nonopen_was_started_here(conn);
- log_debug(LD_OR,"tls handshake done. verifying.");
+ log_debug(LD_OR,"tls handshake with %s done. verifying.",
+ conn->_base.address);
directory_set_dirty();