diff options
author | Nick Mathewson <nickm@torproject.org> | 2008-02-06 21:53:13 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2008-02-06 21:53:13 +0000 |
commit | 46b1a21dc49c83e57e7d8e6a90968fc908e739f8 (patch) | |
tree | 16207dc36f00b6394187cfd2cdd1129f6fa41518 /src/or | |
parent | 46532d8111b9842aee8f0b600a1d1abd0ae53a9f (diff) | |
download | tor-46b1a21dc49c83e57e7d8e6a90968fc908e739f8.tar.gz tor-46b1a21dc49c83e57e7d8e6a90968fc908e739f8.zip |
r17955@catbus: nickm | 2008-02-06 16:53:07 -0500
The SSL portion of the revised handshake now seems to work: I just finally got a client and a server to negotiate versions. Now to make sure certificate verification is really happening, connections are getting opened, etc.
svn:r13409
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/command.c | 2 | ||||
-rw-r--r-- | src/or/connection_or.c | 14 |
2 files changed, 13 insertions, 3 deletions
diff --git a/src/or/command.c b/src/or/command.c index 6dae387a6f..5765431d77 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -476,6 +476,8 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn) conn->link_proto = highest_supported_version; conn->handshake_state->received_versions = 1; + // log_notice(LD_OR, "Negotiated version %d", highest_supported_version); + if (highest_supported_version >= 2) { if (connection_or_send_netinfo(conn) < 0) { connection_mark_for_close(TO_CONN(conn)); diff --git a/src/or/connection_or.c b/src/or/connection_or.c index b8f16a6466..3f547a8fc1 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -588,6 +588,7 @@ connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn) if (connection_tls_finish_handshake(conn) < 0) { /* XXXX_TLS double-check that it's ok to do this from inside read. */ + /* XXXX_TLS double-check that this verifies certificates. */ connection_mark_for_close(TO_CONN(conn)); } @@ -609,11 +610,15 @@ connection_tls_continue_handshake(or_connection_t *conn) int result; check_no_tls_errors(); again: - if (conn->_base.state == OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING) + if (conn->_base.state == OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING) { + // log_notice(LD_OR, "Renegotiate with %p", conn->tls); result = tor_tls_renegotiate(conn->tls); - else { + // log_notice(LD_OR, "Result: %d", result); + } else { tor_assert(conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING); + // log_notice(LD_OR, "Continue handshake with %p", conn->tls); result = tor_tls_handshake(conn->tls); + // log_notice(LD_OR, "Result: %d", result); } switch (result) { CASE_TOR_TLS_ERROR_ANY: @@ -624,9 +629,11 @@ connection_tls_continue_handshake(or_connection_t *conn) if (! tor_tls_used_v1_handshake(conn->tls)) { if (!tor_tls_is_server(conn->tls)) { if (conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING) { + // log_notice(LD_OR,"Done. state was TLS_HANDSHAKING."); conn->_base.state = OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING; goto again; } + // log_notice(LD_OR,"Done. state was %d.", conn->_base.state); } else { /* improved handshake, but not a client. */ tor_tls_set_renegotiate_callback(conn->tls, @@ -835,7 +842,8 @@ connection_tls_finish_handshake(or_connection_t *conn) char digest_rcvd[DIGEST_LEN]; int started_here = connection_or_nonopen_was_started_here(conn); - log_debug(LD_OR,"tls handshake done. verifying."); + log_debug(LD_OR,"tls handshake with %s done. verifying.", + conn->_base.address); directory_set_dirty(); |