diff options
author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-06-28 14:12:18 +1000 |
---|---|---|
committer | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-06-28 14:12:18 +1000 |
commit | 14b1c7a66e6d186a40da99da773a692ef48b603c (patch) | |
tree | 9292f0947c4f5cc65e82d4c3f4dac324be316be5 /src/or | |
parent | 87134db57cc7cbbd801e5992ce6ca6a71e2ebfc8 (diff) | |
download | tor-14b1c7a66e6d186a40da99da773a692ef48b603c.tar.gz tor-14b1c7a66e6d186a40da99da773a692ef48b603c.zip |
Refactor connection_or_client_learned_peer_id for bug18812
No behavioural change.
Also clarify some comments.
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/connection_or.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/or/connection_or.c b/src/or/connection_or.c index ea49bdba77..19a171820e 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1698,9 +1698,14 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn, * or renegotiation. For v3 handshakes, this is right after we get a * certificate chain in a CERTS cell. * - * If we want any particular ID before, record the one we got. + * If we did not know the ID before, record the one we got. * - * If we wanted an ID, but we didn't get it, log a warning and return -1. + * If we wanted an ID, but we didn't get the one we expected, log a message + * and return -1. + * On relays: + * - log a protocol warning whenever the fingerprints don't match; + * On clients: + * - if a relay's fingerprint doesn't match, log a warning; * * If we're testing reachability, remember what we learned. * @@ -1711,7 +1716,6 @@ connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *peer_id) { const or_options_t *options = get_options(); - int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN; if (tor_digest_is_zero(conn->identity_digest)) { connection_or_set_identity_digest(conn, (const char*)peer_id); @@ -1736,6 +1740,15 @@ connection_or_client_learned_peer_id(or_connection_t *conn, base16_encode(seen, sizeof(seen), (const char*)peer_id, DIGEST_LEN); base16_encode(expected, sizeof(expected), conn->identity_digest, DIGEST_LEN); + int severity; + + if (server_mode(options)) { + severity = LOG_PROTOCOL_WARN; + } else { + /* a relay has changed its fingerprint from the one in the consensus */ + severity = LOG_WARN; + } + log_fn(severity, LD_HANDSHAKE, "Tried connecting to router at %s:%d, but identity key was not " "as expected: wanted %s but got %s.", |